Development of the Framework and Organizational Security Strategy for the St Johns Hospital - Case Study Example

Security and Privacy Table of Contends Abstract 1 Background 3 Information security risk 3 Possible effects 4 Proposed Model 4 Multi-dimensional information security model 5 Multi-dimensional information security areas 5 Protection Strategies 6 Security Policies, Procedures, and Standards 7 Information Security Policy 7 Information Security Procedures 8 Information Security Standards 8 Education 9 Accountability 10 Audit and Validation 10 Conclusion 11 References 11 Abstract Client information security and privacy is the leading concern in any organization. This paper discusses the preservation of the client information and other confidential information of St. John’s Hospital. Here the basic aim is to develop the better information and client data security and privacy policy. This security policy will serve as a framework and organizational security strategy for the St. John’s Hospital. This paper provides the development of the framework and organizational security strategy for the St. John’s Hospital. This paper will analyze the potential hazards of client’s information outflow to non-authenticated persons. By information we indicate data that have been produced into the structure that is consequential and useful to the human beings (Kenneth, 1999). Modern technology poses innovative confronts to the protection of individual privacy which existing (Kenneth, 1999). Background This section will provide the basic insight in to the problem situation that leads to development of this information policy. It is observed on numerous occasions, personnel working late observed the cleaning staff reading discarded printouts. This is really wrong client information exploitation. The administration at St. John’s Hospital takes pride in its sound policies and procedures for the protection of confidential client information. In fact, it serves as a model for other institutions in the area. There is need for the protection of the information and development of the effective information policy. Information security risk Privacy is the declaration of individuals to be theft alone, free from observation or intrusion from other individuals of organizations as well as the state. Declarations to privacy are also caught up at the place of work. Information technology and system pressure individual declarations to privacy by making the incursion of privacy inexpensive, cost-effective, and efficient (Kenneth, 1999). The information security risk can be defined as the concentration of affect on organization processes (encompassing operational tasks, illustrations, or status), organization possessions, or individuals ensuing from the procedure of an business information arrangement offers the possible influence of a hazard and the probability of that intimidation occurring (Rebecca, 2007). Investment risk: business hazards linked by the feasible incapability to attain all-purpose program aims inside distinct price, timetable, and technological limitations. Possible effects In the above section the possible hazard situations are presented. Such situations can lead us towards lot of possible information exploitation cases. For instance, several workers can take information regarding any patient and blackmail him for any reason. It will turn out bad image of the hospital information management. Lot of patients will hesitate to provide their information or even do no come to our hospital. This will be a serious business problem. Proposed Model Executing and systematizing information security within the organizational perimeter is a great deal more intricate than immediately running the safety/security of the organizational perimeter only. This proposal is intelligent when we deem what is disturbed by running business perimeter protection. Big businesses have need of an innovative client’s information security model. Nowadays the frequently used layered information security models are based on a "black list” that is beneath terrific stress because of the scaling troubles plus working/operational operating cost. A Trusted Enterprise Model foundational on confidentiality, trusted relationships, unique and integrity of the client information and data (Rebecca, 2007). Here we need to implement the Multi-dimensional security model that can manage all the potential problems regarding the organizational information security. Multi-dimensional information security model Multi dimensional information security takes on defending the information resources as well as related resources surrounded by every region of a business plus in accomplishment by the intact policy regulatory, in addition contractual necessities. It sets security not basically at the information storage area but as well as everywhere information goes, developed, or conveyed. Multi-dimensional security engages other than immediately expertise or technology way out; it as well employs administrative, operational as well as human outline of protection to facilitate and decrease hazards of information theft or exploitation. Multi-dimensional information security areas This section outlines the areas where the Multi-dimensional information security model will be applied and managed the hospital patient’s confidential information. Our purposed Multi-dimensional information security model will comprise the following given areas that will be addressed for the safety and production of Hospital data and information (Rebecca, 2007). For development of protection strategies Accomplishment of Security procedures, standards and policies justification and Audit Simplifying complexity Multi-dimensional security model diminishes the hazard of safety violations, protect data flows all through the broadcast mode; diminish the influence and expenditure of implementation reviews, guard beside insider assaults, in addition to reveal suitable carefulness. The way of doing 'rip and replace' organizational present arrangement, huge businesses would be able to construct a conviction organizational model in excess of time through affecting expertise’s to facilitate hold up information security standards. In this method, organizational executives would be able to acquire a grassroots move toward, tackle high-risk regions on a strategic foundations, and map for a deliberate design that include the whole1. Protection Strategies There is no magical resolution that has the ability to protect the entire organizational information resources moreover systems in fulfillment by the entire contractual and officially permitted necessities. Many information safety policies have to be employed to the majority successfully diminish and administer the hazard that be present inside today’s extremely decentralized as well as extensively associated arrangements (Rebecca, 2007). As an initial position, the policies are able to be envisioned as a blend of shielding association positions in addition to handing out and storage places also refining the individuals who employ them. All these mechanisms are then carrying out and managing information inside the necessities drawn round inside plans, actions, and values, authoritarian and legal necessities, education, plus below the observe of review and legalization. Security Policies, Procedures, and Standards Organizational information security strategies, measures, as well as standards are entirely significant reflections. Organization has to appropriately file and put into practice to have a successful information safety plan. Every category of such information safety serves a diverse function (Kenneth, 1999). Information Security Policy Organizational information security strategies establish the configuration inside which the company regulations plus policies for management information with plummeting risk are explained. Proficient strategies are fashioned to help out the business into fulfillment by appropriate rules and policies also to tackle how to protect the company information dispensation situations inside the business. Administration must place a obvious strategy track in line by means of company aims and apparently reveal hold up for, and promise to, information safety (Rebecca, 2007). In St. John’s Hospital we have to develop a visible information security policy that has the capability to tackle the overall organizational information and data handling events. Here we have to define the policies regarding the information transportation, access criteria and unnecessary documents handling. Information Security Procedures Information security procedures demonstrate how to put into practice the strategy. Actions articulate the gradually wide-ranging events which are essential to effectively fulfill a job that chains the strategy. Procedures or actions proffer employees the information essential to done a job and offer guarantee to administration that the jobs are being done in a consistent and standard way. Procedures boost efficiencies in worker jobs plus help in the avoidance of exploitation and scam (Christine, 2000). For instance, a strategy possibly will need all information that plants the business to be encrypted. The equivalent process would describe the methods and tools for encrypting business information that we will transfer, like that entails the utilization of a VPN which is also acknowledged as virtual private network, next to by means of aspects regarding every stair to obtain to put into practice the hardware and software essential to employ the VPN in a method that is satisfactory to the business (Rebecca, 2007). In the St. John’s Hospital we will implement the VPN that will facilitate in the effective organizational working and information security. Here the administrator will define the rights for each client. No un-authenticated user will have the permission to enter the organizational database. Information Security Standards This section will discuss about the information security standard that is a comprehensive arrangement for human, hardware and software events to hold up the information safety strategy. Standards are accepted for an extensive assortment of matters, from the hardware to software that have to be employed to the isolated entry protocols that should be executed to recitation who is accountable for producing information safety approvals. Principles offer a recognized method of making sure that agendas as well as arrangements will effort in cooperation. By setting up values, the business confines the likelihood of scoundrel use of hardware, platforms, systems or else software. There is fewer time used in sustaining non-standard actions yields. In conclusion, principles describe cost-savings procedures that hold up the well-organized management of the organization (Christine, 2000). In the St. John’s Hospital we will implement the ISO issued standard for the information security and risk free management of the organization. For doing this we have to incorporate the ISO specified system and security levels for the ensuring the business security. Education It is very essential for an organization to guide its workers about the information security and privacy issues. If our workers will not be familiar with, or will not recognize how to uphold privacy of our business information, or how to protect it properly, we can not risk simply containing one of our the majority precious company assets (that is our business information) mismanaged, inappropriately employed, or gained by means of illegal persons however as well being in disobedience of a rising amount of rules and policies that necessitate definite kinds of information safety and isolation responsiveness and preparation actions. We too risk hurtful one more of our precious possessions that is the business standing (Rebecca, 2007). In the St. John’s Hospital we will educate the workers regarding the information security and its values for our business. We have to educate them in a way that they could be able to understand the critical nature of people personal information. There will also need for the awareness regarding the disproof of the information that is accessible to cleaning staff. Accountability The majority workers make out that if they are being premeditated for influenced proceedings, they have need of being accountable for those proceedings for the reason that those events can be influenced their job by means of the firm in a number of ways. If an association information security fulfillment and attaches it by employ’s performance, workers distinguish additional visibility to their accountability and are still additional probable to obey the rules (Christine, 2000). Audit and Validation Information Security reviews along with fulfillment justification evaluations proffer an in-depth measurement of an association’s safety policies, personnel, communications and events. When carried out productively and productively, they will make out regions of flaws inside the communications. The reviewer or examiner is able to then offer suggestion for suitable events to tackle the faults and decrease the supplementary risks (Oltsik, 2009). Conclusion In this paper we have discovered that how we can implement the organizational information security policy. In this paper it is shown that how it is possible to incorporate the client information security policy in the on the whole organizational security policy. Here a multi-dimensional model is purposed for the St. John’s Hospital. It is probable that this policy will work effectively. References 1. Christine Hagn, Wemhard H. Markwitz, 2000, Mobile Teleworking: Some Solutions and Information Security Aspects, Siemens AG, Information and Communication Products, Information Security, p- 322-325 2. Kenneth. C. Laudon. (1999). Management Information System. (Fifth Edition), New Jersey, Prentice-Hall. 3. Rebecca Herold, 2007, Security Inside the Perimeter, source: realtimepublishers.com, retrieved on 23-03-2009 4. Jon Oltsik, Trusted Enterprise Security, Source; https://www.trustedcomputinggroup.org/news/Industry_Data/ESG_White_Paper.pdf, retrieved on 23-03-2009 5. Flow of Strategic Information, http://iwenchangchien.blogspot.com/, retrieved on 23-3-2009. Read More