Internet Acceptance at Orbital Healthcare - Essay Example

Orbital Health Care Name Institution Name Date Acceptable Use of Internet Access Manual: Acceptable Use of Internet Access Section: Information Technology Subject: Acceptable Use of Information System Policy POLICY This policy is applicable to temporaries, consultants, contractors, employees at other employees at Orbital Health Care, which includes personnel affiliated with third parties. This policy is applicable to the equipment either purchased by Orbital Health Care and also equipments leased by Orbital Health Care. PURPOSE Intranet, Internet and other related systems that include but not limited to storage media, operating systems, software and computer equipments (Hrdinová, Helbig & Peters, 2010). Others include worldwide web browsing, network accounts that provide electronic mail and file transfer are Orbital Health Care property. These systems are used with the aim of serving the interests and business purposes of the Orbital Health Care and the customers and clients of the normal operations course. Effective security is crucial with the support of team effort that involves the support and participation of every Orbital Health Care affiliate and employee who uses or deals with information systems or information. Therefore, every computer user has the responsibility of knowing these guidelines and to be in a position to conduct their respective activities accordingly (Hrdinová, Helbig & Peters, 2010). Rationale The purpose of this policy has been created to provide a framework for Orbital Health Care Information Technology systems, data, information and services contained therein. It is a technology based system that is crucial to the success of Orbital Health Care business, support and clinical operations. The systems and other ICT related systems and services (that includes data maintained and produced within), it is important to ensure the systems are acquired, used in a safe manner, maintained, installed, secured and utilized in an appropriate manner. Objectives The objectives of this paper are: The policy framework is assisted the management of Orbital Health Care To protect Orbital Health Care data and assets that are found in the IT systems (Hrdinová, Helbig & Peters, 2010) The policy aims to address: Availability – the systems should be accessible to authorized persons and the data be easily retrieved. Availability should not be limited, but the availability should ensure the operations of the organization continue to operate effectively. Data should not be lost due to technological and related challenges. Integrity – the protection of data, validation of data and the appropriate maintenance and protection of systems that includes protection of deletion, corruption and unauthorized amendment of information Distribution – the distribution for the use of different devices is managed and determined by the authorized bodies. The resources should not be abused, and this can be achieved through managing the distribution process effectively and allocating resources based on the expected outcomes (Hrdinová, Helbig & Peters, 2010) Confidentiality of both patient and business – any information within the Orbital Health Care should be protected from unauthorized persons, and the authorized persons should not abuse permissions granted. General Use and Ownership 1. While the Orbital Health Care IT Department understand and desires to provide privacy, users should understand that the corporate systems generate information remains the property of the Orbital Health Care (Aboujaoude, 2010). 2. The employees within Orbital Health Care should exercise and use good judgment when it comes to reasonableness of use of corporate systems. If there are areas that are not clear regarding personal use, the employee should result for directive from the IT department management or a designee (Hrdinová, Helbig & Peters, 2010) 3. The IT department advices that any data presumed to be vulnerable or sensitive should be password protected or encrypted 4. Orbital Health Care reserves the right to do auditing of the systems and networks on a periodic basis without prior communication with the purpose of ensuring adherence to the policy (Hrdinová, Helbig & Peters, 2010) 5. For network maintenance and security purposes, only authorized persons within the Orbital Health Care may monitor network traffic, systems and equipment at ant time (Pan & Jordan-Marsh, 2010) Security and Property Information 1. Employees should take caution when opening email with attachments that are received from unknown persons since it may contain email bombs, viruses, and other software that can change the setting of the corporate systems (Valcke et al., 2010) 2. The hosts that are used by any worker within the hospital and connected to the Intranet, Internet whether the hospital owns it or the employees, the hosts will have to run update virus software that uses the current database 3. When the employees from Orbital Health Care email to media outlets, the email should contain a disclaimer that states that the information contained is personal information and should not reflect the views of Orbital Health Care, unless approved by relevant supervisors or departments (Ho & Lin, 2010) 4. The information that is stored on portable devices and competitors are usually vulnerable, it is expected persons with possession of such devices should exercise addition care (Li, Zhang & Sarathy, 2010). All flash disks, flash drives, laptop hard drives, and other portable devices should be encrypted with the purpose of the event of a security issue; the information does not get into vulnerable hands (Hrdinová, Helbig & Peters, 2010). 5. The Information Technology Department’s Acceptable Encryption Use Policy is crucial and should be used in those instances that require information to be encrypted (Smyth et al., 2010) 6. All workstations, laptops, PCs should be secured through the use of the screensaver that is password protected, which automatically activates self after 15 minutes or less by logging off when the stations are unattended. This will prevent unscrupulous persons from the use the host without permission 7. Employees should not share accounts and secure the systems through passwords. Any authorized employees are responsible for their accounts and passwords security. The user passwords and system level passwords should be changed periodically such as within 90 days (Motiwalla & Thompson, 2012). 8. The information contained on Intranet, Internet, and other systems related devices should be viewed as confidential information. Some of the confidential information includes research data, customer lists, corporate strategies, and patient related information. The employees within Orbital Health Care should take care of this information and prevent unauthorized persons from accessing the information (Hrdinová, Helbig & Peters, 2010) Protection of Transfer of Information 1. Each employee should encrypt data with the prescribed encryption application 2. All removable media should be checked for viruses through the use of antivirus software. The employees are advised not change any preinstalled configurations (Park, 2010) 3. Any request to transfer the information in terms of transfer of data and information should be approved by the following persons: Vice President/CIO, Director of It or immediate supervisor. 4. No employee should save, transfer, copy, or download information from the network and use of removable media without permission from authorized persons 5. The IT Department has the right to manage the corporate systems, and no device is should download or transfer information from the network without approval from the Compliance Officer and Director of IT. This will be premised on unannounced audit and monthly check. Unacceptable Use The following are prohibited activities (Hrdinová, Helbig & Peters, 2010). The employees are sometimes exempted from some these restrictions during the course of their job responsibilities accomplishment; for example, disabling one of the hosts on the network when the host disrupts production of services. Employees of Orbital Health Care under no circumstances should they engage in any activity that is viewed as illegal under international, federal, state and local law while utilization of hospital owned resources. The employees should adhere to the different legislations and laws in ensuring the Orbital Health Operate effectively (Hrdinová, Helbig & Peters, 2010). The following list is not exhaustive but does not attempt to provide a framework for any action, which fall in unacceptable use category. The list is just the guideline and proposals on how things should be done and accomplished. System and Network Activities These activities are prohibited without any exceptions: 1. Any employee should not provide information about Orbital Health Care to unauthorized parties. The information ranges from employee's records, strategies of the hospital to other operational requirements of the health care facility (Hrdinová, Helbig & Peters, 2010). 2. Using any command, script, program or sending messages for the purposes of interfering with, a user’s host session or disable via any means the Intranet or Internet 3. Denying service or interfering with service (i.e. denial of service attack) to any authorized user. Each employ should have access to information based on job description and approaches that are used to deny services should be avoided (Hrdinová, Helbig & Peters, 2010). 4. Circumvention of security of host or user authentication, account or network. The employees should use corporate resources based on their security clearance and circumventing the system is not applicable and may result in disciplinary and criminal actions. 5. Execution of any network monitoring that is aimed at intercepting data that is not intended for any employee’s host, unless the individual performing this task is within their job description or duty (Hrdinová, Helbig & Peters, 2010) 6. Security scanning or port scanning is prohibited unless advanced notification to the relevant (IT) department is approved. This is aimed to avoid abuse of security measures because some employees may use it as a guise to compromise the system. 7. Network communication disruptions and security breaches. Security breaches include unauthorized access of data, logging or receiving information from account or server that the employee is not authorized to access unless the information is based on regular duties. The disruptions, based on the current policy, include forged routing information, denial of service, packet spoofing, pinged floods and network sniffing (Hrdinová, Helbig & Peters, 2010). 8. Invoking statements on warranty, implied or expressly unless it is associated with normal job obligations. 9. Utilizing hospital account to make fraudulent offers of services, items and products 10. Utilization of the hospital computing devices to engage in transmitting or procuring material that is viewed in terms of sexual harassment or activities that are viewed as hostile within the workplace and also contravenes legislations within the user’s jurisdiction 11. Allowing other users to use your account or showing passwords of your account. This includes household members, family, and other persons especially on those assignments been completed at home (Hrdinová, Helbig & Peters, 2010). 12. Introducing of malicious programs into the server or the network. The malicious programs include and not limited to email bombs, Trojan horse, worms, virus, and spam messages (Hrdinová, Helbig & Peters, 2010) 13. Exporting encryption technology, software technology, technical information and software in violation of regional and international laws, is illegal. Permission should be sought before any material is exported, and the permission should be sought from relevant bodies 14. Unauthorized copying is prohibited. Copyrighted music, copyrighted sources and books, distribution and digitization of photographs from the magazines, and other data that does not have an active license. In general, copyrighted information should not be within the hospital settings or environment 15. The company and persons should protect any intellectual property, patent, trade secret and copyrighted information or similar regulations or laws that includes the distribution or installation of software that is viewed as “pirated” that is not licensed the Orbital Health Care Communication and Email Activities 1. Forging or use of unauthorized email header information is not allowed. Each header should be used for the organizational requirements, and also it should have direct advice from relevant supervisor or manager. The Email header remains the property of Orbital Health Care and any information on the email should adhere to the directions of the health facility. 2. Email solicitation for any other email address with the purpose to collect or respond is seen as illegal activity according to the company requirements. Solicitation should receive a direct directive to ensure the information posted is authentic and reflects the requirements of the organization. 3. Forwarding or creating schemes that may be viewed as “pyramid”, Ponzi, and “chain letters” of any type are unacceptable. 4. Posting of messages that are unrelated to business activities should not be allowed. The communication process and any postings should be approved by relevant persons within the Information Technology Department. New Users and Termination of Users The allocation of Passwords and Usernames for the information systems shall be based on the following conditions. All the existing and prospective users of these systems understand the stated regulations and must abide by the laws and regulations that govern the highlighted systems. Application for any authorization should be made to the IT Department The applications should provide appropriate identification within the healthcare facility, and the applicant should fill a form. The applicant should state categorical job descriptions, duration access and these should be confirmed by the supervisor. The applicant should provide all documents including the date and signing the document. The response will be based on a written reply from the IT Department The signed card informing on the use of corporate systems will be stored by the IT Department until a time directive is provided for revocation During the termination of users, the Human Resource Department provides notification to the IT Depart requesting removal and disabling accounts associated with the user from all systems (Beresford et al., 2011). The email accounts shall disable, and aliases will be provided that will last for four weeks. In those network accounts, the information stored will be assigned to the head of the department who will be responsible for distributing to other relevant members. The codes and passwords that initially were used by the staffs who have been terminated will be changed (Fokum & Frost, 2010). The codes and passwords, which are relevant to the computer associated hardware, buildings with computers, networking equipment and others that may result in additional complications or threats to privacy of the information. The employee whose employment has been terminated should return any information based devices, which are the property of Orbital Health Care to the IT Department. The management at the IT Department should check the devices based on the rooster and other documentation provided during assigning. The employee should not keep any information and utilize the information in a personal perspective because it contravenes other termination legislative and rules. Enforcement Any employee who is guilty of any highlighted offense is subject to disciplinary action and may result in: Suspension from the employment – depending on the reasons and circumstances, an employee is suspended for a given period to seek clarification on the highlighted issues. Termination of employment – the employment is terminated to those instances when the contravention is clear, and there are shortcomings that have been done References Aboujaoude, E. (2010). Problematic Internet use: an overview. World Psychiatry, 9(2), 85-90. Beresford, A. R., Rice, A., Skehin, N., & Sohan, R. (2011, March). MockDroid: trading privacy for application functionality on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications (pp. 49-54). ACM. Fokum, D. T., & Frost, V. S. (2010). A survey on methods for broadband Internet access to trains. Communications Surveys & Tutorials, IEEE, 12(2), 171-185. Ho, C. T. B., & Lin, W. C. (2010). Measuring the service quality of internet banking: scale development and validation. European Business Review, 22(1), 5-24. Hrdinová, J., Helbig, N., & Peters, C. S. (2010). Designing social media policy for government: Eight essential elements. Center for Technology in Government, University at Albany. Li, H., Zhang, J., & Sarathy, R. (2010). Understanding compliance with internet use policy from the perspective of rational choice theory. Decision Support Systems, 48(4), 635-645. Motiwalla, L. F., & Thompson, J. (2012). Enterprise systems for management. Pearson Education. Pan, S., & Jordan-Marsh, M. (2010). Internet use intention and adoption among Chinese older adults: From the expanded technology acceptance model perspective. Computers in Human Behavior, 26(5), 1111-1119. Pan, S., & Jordan-Marsh, M. (2010). Internet use intention and adoption among Chinese older adults: From the expanded technology acceptance model perspective. Computers in Human Behavior, 26(5), 1111-1119. Park, N. (2010). Adoption and Use of Computer‐Based Voice Over Internet Protocol Phone Service: Toward an Integrated Model. Journal of Communication, 60(1), 40-72. Smyth, J. D., Dillman, D. A., Christian, L. M., & O'Neill, A. C. (2010). Using the Internet to survey small towns and communities: Limitations and possibilities in the early 21st century. American Behavioral Scientist, 53(9), 1423-1448. Valcke, M., Bonte, S., De Wever, B., & Rots, I. (2010). Internet parenting styles and the impact on Internet use of primary school children. Computers & Education, 55(2), 454-464. Read More