Information Classification of the Human Implantable Device in Company BioMed Devices - Case Study Example

Information Classification Name Institution Information Classification Background BioMed Devices is a tiny company specialized in technology that makes the human implantable device. These devices are of medical origin. The devices manufactured by the company need specialized knowledge and skill in order to come up with the required and desired shapes and materials. The truth is that several people want different kinds of human implants. These include breasts, buttocks, and skin parts. A survey by John Hopkins Hospital in 2013 indicated that there is a sharp increase in using artificial parts on the body. The increase placed at 60% rose from 45% the year before. There are several reasons as to why people want implants. Some of the reasons do with beauty and shape of the body. Other reasons are in line with the way people want look in public. More so, some people who want to replace bad body parts with manufactures ones are okay. There are samples of people who have gone through surgeries in order to get an artificial part in them. For example, there are people who have had breast plants in their chest. These implants manufactured to the required size and shape of the person interested in them exists. There are implants such as body mass transferred from one body part to another. These collective body parts may have in them some artificial elements placed in them in order to suit the interests of the patient. The other point is that there are specifications that need to be in place before having such implants placed in the body of someone. There is a need for technology to help in the manufacturing of the products in the best way that is possible. For example, there are circumstances in which there will be a need to draw representatives of the desired shape and size. For example, most of the medics in this area of specialization will have to have a picture of the implant that a person wants to have in their body. The specialization performed by the physician should be so professional in order to get the desired specification of he required an implant. The truth is that technology matters. The technology works in the planning, drawing, and making of the body implants. In the past, there were situations in which a medic would ask the person interested in having an implant the specifications that they wanted. Having got a clear picture of the shape and size of the required implant, the medic advises s the patient the advantages and disadvantages of such implant chosen. The physician would go ahead to explain to the person the design specification of how the implants work. Not all these ideas can happen unless there is right technology in place to help in the manufacture of such as good speech and hearing devices. The company specializes in the making of speech and hearing devices. In the past five years, BioMed registered success. The reason is that of the cutting edge in the competitive world. There are increasing people who are losing the ability to listen and speak. The evidence of young and old people who are in a position in which they cannot completely speak and hear is on the rise. For example, there are several people aging. These people are present in the home of the elderly. They cannot either speak or hear. The company has found a market over the years from these kinds of people. The company has to be in the lead in the competitive world if there are to overcome other challenges in the way. There is need of technology would make a good gesture. For example, the companies competing with BioMed will beat it if the company does not improve its technology department. The company has time and resources all dedicated to the improvement of the implants. For example, the processing speed to make speech and hearing implants is on the rise in the demand for the implants are on the rise. There are situations in which the material made for these implants have had several changes in order to get the most efficient of all the present ones. Sophisticated programs resources and materials are in the pipeline with some already on the ground. All the incoming and existing technologies are for the simplification of the production of speech and hearing devices. Take into aspect the new software that can quickly design the required implant for a person. The design software has areas into which one puts the sex, and specification hat a person has. The software interprets the unfilled data pertaining to a person and then processes that out concerning the speech and hearing implants of the person. Among the several issues that one should fill in are the diagnosis from the physician, the hindrance, and type of condition that the person has. The equipment placed in the body of the person in a special way is there. The software return data fast concerning the specifications of the implants that need making. Therefore, the security manager deals with the safety of the implants in all areas where they are. For example, there needs to be surveillance cameras that show the movement of the implants in case there is a bulk movement of these items. The cameras should have a high quality in order to get every detail of the activities concerning the safety of the implants in the company. It should come to mind that need to be other helpers to sit and watch the operation pertaining to the safety of the implants. Security is so important to the company that the implants need to be in the right place at the right time for picking with ease. Management should provide several points, and most sought after information on the safety of the implants. There will be a need to be a report that gives information concerning the number, sale, and the existence of implants. Record keeping is essential as it gives a clue to the organization of the company. All the required information concerning the classification of the implants will be available. The starting point could be to group the workers that handle the implants. Then the manager should know the types of implants available which are two. These are speech and hearing implants. Each of the implants should have a serial number to mark it as different from other in the case it gets lost. BioMed Devices designed a new electronic implantable that is a communication product. There were several rumours in the public all directed to the company that it is on the verge of a unique technological release with the help of their novice tool. There are no declarations so far by the company in public concerning the rumours. However, consumers who buy the company’s products, media, and counterparts in business are all guessing the next move of the company. Most these people are inspired to get the finest details of the development plan for Bio MEd’s products. There is concern about GSM phones in terms of vulnerability by the Chief Executive Officer of BioMed, Rachel James. The other consideration at stake is that should a third party have access to the development plan of the company, and there will be a financial loss to the company. The company has a contract to create products of brain phone. The ability of the company to hold onto the contract depends on the safety of the development t plan. When safe, the development should be in the hand of the company without going out. The risk should the company lose the event, the contract goes. The contract is having too much money attached to it of which the company is in need. Real channels protect information. The Careless mention of crucial fact may lead to other people going to tell the third party intentionally or unintentionally. The flow of information should be such that not all people should know the development plan by the company. In this case, classified information should remain reserved for the CEO and other chief departmental bosses. The corporate managers are the financial, secretary, and security areas. Information Protection Information, which most people consider as, classified needs protection from predators who want to use it for the benefit of themselves. It is imperative that companies take into consideration the fact leaked information would make them prey to self-seekers. Therefore, one has to take into high consideration protection of information at whatever cost. Among other factors as to the need of security are; 1. Contracts demand safety and protection of information. 2. Oaths such as medical oaths require protection for some types of information 3. There are legal and statutory laws that demand that some information is not of public type. 4. It is ethical and confidential. 5. Business demands the only release of needed information but not all. 6. Organized companies protect information that is personal There are several restrictions attached to the protecting information such as; 1. A high cost to maintain information in its right place and not to let it out. Most companies go as far as having a separate budget for keeping information under guard. The process involves the sidelining of money to avoid the release of vital information into the public. For example, the purchase of safety box is a common idea. In these safety boxes, the necessary information exists. The box has separate hard to reach the area within home or office. It is true that a few people. A safe box costs several prices. For example, a 200-dollar case is not as strong and reliable as that of millions. The modern safety boxes are expensive. The tables use sophisticated technology such as lasers to sense and strike any intruders wanting to access information in them. Other have identified for particular body parts like eyes and fingerprints. Once a thief puts his or her eye into the sensor of the safe box, it will not recognize them and would make an alarm. The same way of operation works for sensors of fingerprints. Once the alarm is on, the security team can come and arrest the intruder. In capturing the thief, the company would in possession of the information that 2. There should be the constant education of several experts and trainees in the development of ideas and technology to protect information. A budget for information security lessons must exist. Managers tell the worker to behave in a certain way that depicts that they are conscious of their work and most of all information regarding the security of the company. One can have up to a cost of $500 in educating people on issues that pertain to security. There are sessions on how information should flow from the top boss to the least worker at the bottom of the organization. There are instances in which a worker has to explain to the new person in the company that a system path needs following to protect some information. Take into consideration a situation in which all workers have access to information about the company. Some people will go out and tell the information to outsiders. The reason as why companies classify some information is precisely on safety issues. Once a company classifies certain information no one can have access to the information if they are not part of the exclusive group of people allowed to see it. It is a good measure to control the undesirable circumstance of spreading classified information. The information not having access to all workers in a company has a placed where it is safe that is an indexed file. 3. There is a collision of interests for security and conveniences. The argument is that once information scatters quickly, issues arise. Some of these issues are in the areas of safety and comfort. For example as many people would not want to have their secrets exposed to the public for others to see, the same apply to companies. The problem of today media is that they need to sell copies of an eye-catching story. So as a security manager, one would balance the two sides. The balancing should be tactical. For example, a manager can allow access to the financial standing of the company. The financial status can show all the sales of BioMed Devices. However, the manager should not allow the public to see the tactics that push and propel the company forward. Business Information Base The information security department of BioMed will have to make a set of operations and activities that run the protection of information. Procedures The department will need procedures that show the rank of how information flows. Vital information will flow from the top to the least person in the company. A lack of the system leads to the disorganization of people in the company. Take into consideration that if the workers know information. Let the information about the company that the boss does not know, the workers may misbehave likelihood. The operator with vital information will scatter the information unknowingly to the public. The workers may not know which information is relevant. They may scatter it. The procedure should have a systematic way of operation. For example, information about the phone implantable product on the CEO’s phone needs access after the recommendation from the VPN Software Company. The VPN Company has the right feature and ideas to protect the phone of the CEO from access by intruders. The point here is that when the phone of the CEO needs repair, then VPN company should be the first party to address the problem. After VPN finishes sending the CEO’s, then the CEO can take it back. The point here is to avoid the slightest chance that an intruder would have to get information from the CEO’s phone about information concerning the company. There should be meetings concerning the future release of information into the public. The meetings will explicitly check that no uncalled for and vital information goes into the public. The operation will be through the work of the secretary who will write the minutes of the meeting. The minute will then need reading before all concerned member of the company. The members of the organization present at that specific meeting will then analyse the whole set of minutes at the end of every meeting and then decide on what to do. The work of each member will have to contribute to the meeting. However, when all concerned member know the minutes, then a systematic strategy on how to release the information proceeds. For the case of BioMed, there will be a team of five people to analyse in detail the minutes. They will wait for approval from the CEO. One the CEO approves, then the Information Security Manager will then authorize the release of any information to the public. The information published will be okay for the sake of the public. All incoming emails to the CEO’s mail on the phone will need classification. The duty will be that of VPN Company. The Security Information Manager will talk to VPN to develop suitable software supposed to detect incoming hackers into the servers of the company and CEO’s phone. The information security manager will be the one responsible to attend the company’s incoming emails, from competitors, to check out for hackers from other companies and to block them. The manager will work closely with VPN to ensure that there are no compliances. There will be constant update by VPN to check the emails the CEO receives and sends to avoid any unforeseen invaders on cyberspace in collaboration with the Information Manager. The server of the company gets old with time, and so it is imperative that the information manager checks on them. In case there is a big problem to handle, he should refer to the specification as provided by VPN. In simple terms, the information manager should have specifications concerning them the operation of the software in the company. There is also how to operate them. The event in which the information manager has no solution, the VPN should come and help. The corrective measures that VPN users to fix the problem should remain with few people. Among these people are the information manager and CEO. The other important issue is that there should regular meeting between the information manager and CEO. In these meetings, the CEO gets to know the operation of the technology. The technology has to grow in secret for some time. Information classification There are several steps in classifying information. The Information security manager will put up penalties to penalize any person found to let out information that should not go public. These penalties include salary reduction and to the extreme indefinite suspension. The degree of information released will determine the level of punishment. Among the many methods, there are; • Details of a customer • Statistics of customers • Business plans • Studies on marketing • Banking records • Strategies for politics • Financial growth of the company • Company’s research There are several steps in classifying information. There are; 1. Determine the element of the Business Information base. 2. Assessing threats and risks: The assessment of risks will involve the answering of question such as who will have an interest in the information. Why would a person pick interest in a given in a topic? What are the effects of a particular person knowing the information? 3. Determining the value of the information that needs classification 4. Get the best classification methods basing on the contents of the classified information? 5. Provide a security detail for every part of the detailed information according to the threat, value, and level of criticality. 6. Give a review of the classified information and take on a reclassification process to fine tune the information Classification models In designing classification models for the BioMed Company, several factors need consideration such as; 1. Mission statement of the Company: To be the leading company in human implants. 2. The mission should disallow worker from performing their duties in connection with core principles of the company. US classification models These models have information concerning top secrets that are confidential, unclassified and classified in terms of concerned authorities in the United States. Western Australia The information in these models has protection and is, confidential and public in accordance with the Australian laws. Public documents • Health Brochures • News/media papers • Internet web content • Job adverts • Public health information • Pamphlets Confidential documents • Health records • Culprit investigations Protected documents • Shared calendars • Business continuity plans • Policies/Procedures When taking a decision on whether to classify certain information or not is both subjective and objective. In the individual method, information undergoes classification by the owner and each part of it has a time assigned to it for thinking. In the objective method, classification is by policies and up to individual level. Hardware classification In this kind of classification, information undergoes sealing in certain materials that are hard to access. The materials are of different types. The objective is to keep away certain critical information from intruders. The materials are files and safe boxes. Information ownership Information has to have a source. Most Information security departments are the custodians of information. They have the right to publish what they feel like at their own time. Document protection Several documents have protection in different ways such as number of pages and copies and signatures for all documents used Data loss For safety reasons, the information security department should have a data backup to address arising issues that data could disappear. All computers in the company should have a data backup package. RSA - DLP Network In this system, a person sends mail, and the network DLP sense the sensitive message. The DLP will prevent copying and blocking of information and encryption. Work Plan All processes involved in the protection of information need a review to ascertain the information is safe from unnecessary exposure. Table 1: 3 Week work plan No. Week Activity Description 1. 1 Collection of Data 1. Get all needed data. 2. Get the amount of data. 3. Gathering all required resources and labour. 4. Giving roles to each person in the Information Security department 2. 2 In depth analysis of Information 1. Knowing the effects of data exposure. 2. Planning the ways of securing data. 3. Getting way of protecting information. 3. 3 Classifying data 1. Classifying data 1. Use both Objective and Subjective methods. 2. Selecting the method of keeping data that are safety boxes and files or computers. 3. Review of the classified information. 4. Telling all members in the company the new rules and procedures to use in protecting information. Make policies and procedures to protect information. Reference Aksoy, P., & Denardis, L. (2008). Introduction to information technology in theory. Boston, Mass: Thomson Course Technology Smith, R. E. (2013). Elementary information security. Burlington, MA: Jones & Bartlett Learning. Read More