Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Security Access Policy Plan and Risk Assessment for Healthcare Organization and Facebook

Verified

Added on 2022/11/14

AI Summary

This document presents system security management policies for a healthcare organization and risk assessment for Facebook organization. It also documents the policy management strategies and risk mitigation actions.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: ASSESSMENT 2 1
Assessment Item 2
Student
Tutor
Institutional Affiliations
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

ASSESSMENT 2 2
Table of Contents
Table of Contents.......................................................................................................................................2
Introduction...............................................................................................................................................3
The security access policy plan.................................................................................................................3
System access security policy....................................................................................................................4
System administrator............................................................................................................................5
Policy rationale......................................................................................................................................5
Definitions..............................................................................................................................................5
Policy provisions....................................................................................................................................5
Responsibilities......................................................................................................................................5
Doctors...................................................................................................................................................5
Policy rationale......................................................................................................................................6
Definitions..............................................................................................................................................6
Policy provisions....................................................................................................................................6
Responsibilities......................................................................................................................................6
Nurses.....................................................................................................................................................6
Policy rationale......................................................................................................................................6
Definitions..............................................................................................................................................6
Policy provisions....................................................................................................................................7
Responsibilities......................................................................................................................................7
Managing the system security policy........................................................................................................7
Risk assessment..........................................................................................................................................8
Security risks in Facebook........................................................................................................................8
Consequences of the risks.........................................................................................................................9
Inherent risk assessment.......................................................................................................................9
The risk mitigations...............................................................................................................................9
Residual risk..........................................................................................................................................9
Risk register.........................................................................................................................................10
Conclusion................................................................................................................................................10

ASSESSMENT 2 3
PART ONE
Introduction
Every industry have information that have to be prevented from unauthorized access. And the
information is protected using policies and controls. These security policies are applied by
employees of an organization they work for and they are formulated for the organization’s
information system. The employees are therefore tasked with protecting the organizations data
by ensuring all policies and standards are adhered to. The policies are used by the company’s
employees to safeguard the organization’s data (Peltier, 2016). They define the organization’s
management intent for controlling the behavior of personnel in relation to its information system.
In this document we seek to plan, develop and manage pertinent security policies that will be
used to protect the “My Health Data” records that the Commonwealth Government of Australia
seek to launch for healthcare organizations.
The security access policy plan
This security policy plan baselines the requirements to come up with a robust security
management system for the “My Health Records” system. This plan documents the type of
organization where the policy will be applied as well as the specific individual the policies are
meant for and their responsibilities (Flowerday & Tuyikeze, 2016). It also describe the system
architecture demonstrating how the information will flow in the system.
The policy will ensure that the organization’s information system is not only accessed by the
right individuals, but it will also ensure that the system is accessed in a proper manner as per the
Commonwealth Government of Australia’s expectation concerning the use of the “My Health
Records” system. This is to make sure that the patients’ data in my health records are free from
any unauthorized access and handled by the selected individuals in an ethical and professional
manner (Soomro, Shah & Ahmed, 2016; Hassan & Ismail, 2016).
The policies are designed for a healthcare organization and it is meant to control the behavior of
system administrators, doctors and nurses in relation to the organization’s information system.
The system administrators will have a role of adding and modifying the data in “My Health
Records database, receiving reports and motoring data and opening accounts for other users. The
doctors on the other hand will have a role of monitoring the patient records and retrieving patient

ASSESSMENT 2 4
reports, the nurse, working with the doctor will also be monitoring the patient data as shown in
the diagram below. For every individual mentioned above, we will outline the purpose, scope,
definitions and role for the policy.
Figure 1: system architecture
System access security policy
For the organization to keep its customers health records from individuals with bad intentions, a
well-articulated security management policy has to be formulated (Ahmad, Maynard & Shanks,
2015; Goodman, Straub & Baskerville, 2016). In this rationale, this section of the articles outline
the policies that are required for the three aforementioned personnel in relation to the
organizations information system. We first start with the system administrator, followed by
doctor then nurse.
System administrator
The system administrator is an organization’s employee who will be performing administrative
duties for the organization’s system. They will be governed by the following policies.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

ASSESSMENT 2 5
Policy rationale
This policy is purposed to define who may access the “My Health Records” system, how the
system information should be handled. It is also meant to describe the logical as well as physical
conditions to the system.
Definitions
User accounts: are accounts through which only authorized individuals access the system.
Administrator account: is a user account with privileges for full control over the system.
Scope: The policy applies to healthcare organization’s employees who are granted with privilege
of full access into the organization’s system.
Policy provisions
1.1. An individual is granted access to the organization administrator’s account when he or
she has become an authorized user that is the organization’s employee. This process shows
that the person has the current relationship in the organization.
1.2. Account details for a system administrator account must be secured according to the
Information and Communication Technology ICT System Password procedures
requirements.
Responsibilities
a. Manages the organization system
b. Have control over user accounts
c. Monitors the performance of the system
d. Solve issues regarding usernames and passwords
Doctors
The doctors are the organization’s employees who are tasked with providing medical care to
patients. They are provided with user accounts.
Policy rationale
The policy here is intended to govern doctors operation in the organization in relation to the
organizations system as per Commonwealth of Australian Government’s expectations.

ASSESSMENT 2 6
Definitions
Users: are system administrators, doctors and nurses.
User accounts: are accounts through which only authorized individuals access the system.
Scope: The policy applies to doctors who are granted with privilege of access into the
organization’s user accounts.
Policy provisions
1.4. Doctors’ accounts are opened by the system administrator upon order from the
organization managers.
1.5. Doctors who are granted access to the organization’s user accounts are responsible for
their actions while using these accounts.
Responsibilities
e. Monitors patient data
f. Process medical reports
Nurses
They are employees of the organization who takes care of patients in a healthcare organization.
Nurses work with doctors to care for patients. Their operation with the organization system is
guided by the following policies.
Policy rationale
The rationale for this policy is to ensure that the organization’s sensitive information is prevented
from unauthorized access and ensure that the patient data is handled in a professional and ethical
manner.
Definitions
Users: are system administrators, doctors and nurses.
User accounts: are accounts through which only authorized individuals access the system.
Scope: The policy applies to nurses who are granted with privilege of access into the
organization’s user accounts.

ASSESSMENT 2 7
Policy provisions
1.6. Whenever possible, the users account shall be offered minimum privileges required to
execute their duties and must not be used in accessing the system database.
1.7. Nurses authorized to access the “My Health Records” are responsible for ethics and
professional requirements while handling the patients’ data.
Responsibilities
g. Monitors patient data
h. Provide assistance to doctors where possible.
Managing the system security policy
Policy management is an integral component of every policy and have to be applied in the
information system policy. It can improve the compliance among the organization employees
(Safa, Von Solms & Furnell, 2016). This section presents the policy management strategies for
the healthcare organization’s information system.
The policies shall be monitored to ensure compliance. This will be achieved through routine
provision of information. The organization management will be tasked with routine provision of
information regarding policy for assessment through reports. The data from the reports shall be
used in making amendments where appropriate. Successful implementation of these policies
shall lead to a system that is free from any unauthorized access. This means that the chances that
hackers can penetrate the system are minimal. When the system is free from cybercriminals, the
organization’s assets including “My Health Records” would be safe. This can improve trust on
the organization’s thus success. In order to ensure the relevance of the policy, it will need to be
updated every time. This can be achieved upon agreement by stakeholders after which
amendments are done to enhance the system security.
PART TWO
Risk assessment
There is no usable 100% secure information system (Ab Rahman & Choo, 2015). As such, risk
assessment is an integral part of any information system. The main objective of the risk
assessment is to find out the risks, understand their vulnerability as well as the likelihood of its
occurrence. This section will present a risk assessment for Facebook organization pertaining to

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

ASSESSMENT 2 8
its information system. Moreover, this article seek to document the risk management strategies
that can be implemented by the organization to reduce the risks.
Facebook is one of the most known social media platforms. The platform got launched in the
year 2004 by Mark Zuckerberg and it is now used by over 3 million people from all over the
world. Besides providing a platform from which people can get connected, Facebook also offer
many tools that can be exploited by businesses to improve their productivity. The platform has
many registered users which is the reason which many organizations use it for marketing
purposes.
Security risks in Facebook
With the quantity of data held by Facebook, providing security to the organization’s system
would be the most important initiative. There is no doubt Facebook has made it easier to connect
of the internet. This will be good in most occasions, however, the connections make the platform
more vulnerable for data breach; the connections would lead to unprecedented access to
organizations’ and people’s sensitive data (Rathore et al. 2017; Mohamed, Ibrahim & Nilashi,
2015). And this can be worse when scammers and hackers are involved. This is exemplified by
the Facebook analytica scandal that occurred in early 2018, one of the major political ever
recorded political scandal. As reported by the New York Times, Cambridge analytica, a British
political organization had harvested Facebook data for over 8 million US citizens (Granville,
2018) which is said to have been used in favoring a political party in the country. The incident
pose questions like how such action took place.
Additionally, Facebook holds data for more than 3 million individuals. With the massive
population of users, the organization could be tempted into scam activities. Chances are that this
platform can expose people’s personal data beyond friends. Besides, the main economic driver of
the organization is adverts and not Facebook users. Due to the fact that advertisers always need
to access as many people as possible. Chances are that the organization could be tempted into
sharing its users’ personal information with the advertisers which would further lead to privacy
breach.

ASSESSMENT 2 9
Consequences of the risks
The above risks may pose various ramifications to Facebook and its users. For the organization,
the chances for data breach could result in loss of the organization’s reputations. This also
attributed to the fact that the organization’s users are likely to loss trust. As such, people may
start keeping off. And when people keep off, advertisers will start losing interest as the targeted
population will be no more which consequently lead to loss of reputation to Facebook (Weedon,
Nuland & Stamos, 2017). Regarding the use of audience information the wrong way, on the off
chance that the organization are tempted to expose their users data to advertisers or other
individuals, users information could leak and this could cost the organization a great deal. It
could lead to serious decline in Facebook revenue and this is elucidated in the Facebook-
Cambridge analytica scandal. CNBC reports that the Cambridge analytica posed considerable
impacts to Facebook’s revenue. According to the news reporter, Facebook’s revenue declined by
almost 40% following Facebook-Cambridge analytica scandal (Rodriguez, 2018). Thus
suggesting how dangerous such risks are to the organization.
Inherent risk assessment
Facebook holds a large population which every advertiser would last for. As the advertisement is
the main economic driver of the organization, it is inherent that some advertisers will always
have an intention to access users’ data without Facebook’s conscience which they can do by all
means. Hence the leakage of user’s information becomes an inherent risk in the organization
information system.
The risk mitigations
The risks can be reduced in various ways. First, concerning the exposure of the consumers’ data
to advertisers, the organization can reduce this risk by formulating a solid information security
policies and comply with them. This way, the employees operation in relation to the
organization’s information system will be controlled hence avoiding the temptations like
exposing users’ data beyond friend zone.
Residual risk
As stated in the previous section of the document, there is no 100 percent secure information
system. Even in the face of a well-articulated security management policies, there are chances
that security breach could still be experienced. This is in the sense that the policies are made for

ASSESSMENT 2
10
human beings and human beings are the weakest link when it comes to system security. Hence
users may still face privacy breach.
Risk register
Threat
description
Vulnerabilit
y
Assets Likelihood Impacts Risk Mitigation
actions
Data
leakage
employees data Medium Lose users Decline in
revenue
Formulate
security
policies
Exposure of
users data
Employees data High Loss of
trust
Loss of
reputation
Formulate
security
policies
Conclusion
At a glance, this document has presented system security management policies for a healthcare
organization. The article has also documented the policy management strategies. We also
conducted a risk assessment for Facebook organization. As far as the analysis is concerned, it is
important to note that security management policy is an integral part of every data driven
corporate.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

ASSESSMENT 2
11
References
Ab Rahman, N. H., & Choo, K. K. R. (2015). A survey of information security incident handling
in the cloud. computers & security, 49, 45-69.
Ahmad, A., Maynard, S. B., & Shanks, G. (2015). A case analysis of information systems and
security incident responses. International Journal of Information Management, 35(6),
717-723.
Flowerday, S. V., & Tuyikeze, T. (2016). Information security policy development and
implementation: The what, how and who. computers & security, 61, 169-183.
Goodman, S., Straub, D. W., & Baskerville, R. (2016). Information security: policy, processes,
and practices. Routledge.
Granville K. (2018). “Fcabook and Cmbridge analytica: What you need to know as fallout
widens.” Retrieved on 12th September 2019 from: <
https://www.nytimes.com/2018/03/19/technology/facebook-cambridge-analytica-
explained.html>
Hassan, N. H., & Ismail, Z. (2016). Information security culture in healthcare informatics: a
preliminary investigation. Journal of Theoretical & Applied Information
Technology, 88(2).

ASSESSMENT 2
12
Mohamed, A. A., Ibrahim, O., & Nilashi, M. (2015). The Security Awareness Framework for
Social Network Sites Facebook: Case Study in Universiti Teknologi Malaysia. Journal of
Soft Computing and Decision Support Systems, 2(3), 1-8.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Rathore, S., Sharma, P. K., Loia, V., Jeong, Y. S., & Park, J. H. (2017). Social network security:
Issues, challenges, threats, and solutions. Information sciences, 421, 43-69.
Rodriguez S. (2018). “Here are the scandals and other incidents that have sent Facebook’s share
price tanking in 2018.” Retrieved on 12th September 2019 from: <
https://www.cnbc.com/2018/11/20/facebooks-scandals-in-2018-effect-on-stock.html>
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model
in organizations. computers & security, 56, 70-82.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more
holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.
Weedon, J., Nuland, W., & Stamos, A. (2017). Information operations and Facebook. Retrieved
from Facebook: https://fbnewsroomus. files. wordpress. com/2017/04/facebook-and-
information-operations-v1. pdf.

1 out of 12

+13062052269

info@desklib.com

Security Access Policy Plan and Risk Assessment for Healthcare Organization and Facebook

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Developing System Access Security Policies for Healthcare Organizations

Report on IT Risk Management

Plan, Develop and Manage a Security Policy and Risk Assessment

Security Policy and Risk Management

IT Risk Management

Risk Assessment in Commonwealth Bank of Australia