Security Access Policy Plan and Risk Assessment for Healthcare Organization and Facebook
Added on 2022-11-14
12 Pages2961 Words377 Views
Running head: ASSESSMENT 2 1
Assessment Item 2
Student
Tutor
Institutional Affiliations
Date
Assessment Item 2
Student
Tutor
Institutional Affiliations
Date
ASSESSMENT 2 2
Table of Contents
Table of Contents........................................................................................................... 2
Introduction.................................................................................................................. 3
The security access policy plan.......................................................................................... 3
System access security policy............................................................................................ 4
System administrator................................................................................................... 5
Policy rationale........................................................................................................... 5
Definitions................................................................................................................. 5
Policy provisions......................................................................................................... 5
Responsibilities........................................................................................................... 5
Doctors..................................................................................................................... 5
Policy rationale........................................................................................................... 6
Definitions................................................................................................................. 6
Policy provisions......................................................................................................... 6
Responsibilities........................................................................................................... 6
Nurses....................................................................................................................... 6
Policy rationale........................................................................................................... 6
Definitions................................................................................................................. 6
Policy provisions......................................................................................................... 7
Responsibilities........................................................................................................... 7
Managing the system security policy.................................................................................. 7
Risk assessment.............................................................................................................. 8
Security risks in Facebook................................................................................................ 8
Consequences of the risks................................................................................................. 9
Inherent risk assessment............................................................................................... 9
The risk mitigations..................................................................................................... 9
Residual risk.............................................................................................................. 9
Risk register............................................................................................................. 10
Conclusion.................................................................................................................. 10
Table of Contents
Table of Contents........................................................................................................... 2
Introduction.................................................................................................................. 3
The security access policy plan.......................................................................................... 3
System access security policy............................................................................................ 4
System administrator................................................................................................... 5
Policy rationale........................................................................................................... 5
Definitions................................................................................................................. 5
Policy provisions......................................................................................................... 5
Responsibilities........................................................................................................... 5
Doctors..................................................................................................................... 5
Policy rationale........................................................................................................... 6
Definitions................................................................................................................. 6
Policy provisions......................................................................................................... 6
Responsibilities........................................................................................................... 6
Nurses....................................................................................................................... 6
Policy rationale........................................................................................................... 6
Definitions................................................................................................................. 6
Policy provisions......................................................................................................... 7
Responsibilities........................................................................................................... 7
Managing the system security policy.................................................................................. 7
Risk assessment.............................................................................................................. 8
Security risks in Facebook................................................................................................ 8
Consequences of the risks................................................................................................. 9
Inherent risk assessment............................................................................................... 9
The risk mitigations..................................................................................................... 9
Residual risk.............................................................................................................. 9
Risk register............................................................................................................. 10
Conclusion.................................................................................................................. 10
ASSESSMENT 2 3
PART ONE
Introduction
Every industry have information that have to be prevented from unauthorized access. And the
information is protected using policies and controls. These security policies are applied by
employees of an organization they work for and they are formulated for the organization’s
information system. The employees are therefore tasked with protecting the organizations data
by ensuring all policies and standards are adhered to. The policies are used by the company’s
employees to safeguard the organization’s data (Peltier, 2016). They define the organization’s
management intent for controlling the behavior of personnel in relation to its information system.
In this document we seek to plan, develop and manage pertinent security policies that will be
used to protect the “My Health Data” records that the Commonwealth Government of Australia
seek to launch for healthcare organizations.
The security access policy plan
This security policy plan baselines the requirements to come up with a robust security
management system for the “My Health Records” system. This plan documents the type of
organization where the policy will be applied as well as the specific individual the policies are
meant for and their responsibilities (Flowerday & Tuyikeze, 2016). It also describe the system
architecture demonstrating how the information will flow in the system.
The policy will ensure that the organization’s information system is not only accessed by the
right individuals, but it will also ensure that the system is accessed in a proper manner as per the
Commonwealth Government of Australia’s expectation concerning the use of the “My Health
Records” system. This is to make sure that the patients’ data in my health records are free from
any unauthorized access and handled by the selected individuals in an ethical and professional
manner (Soomro, Shah & Ahmed, 2016; Hassan & Ismail, 2016).
The policies are designed for a healthcare organization and it is meant to control the behavior of
system administrators, doctors and nurses in relation to the organization’s information system.
The system administrators will have a role of adding and modifying the data in “My Health
Records database, receiving reports and motoring data and opening accounts for other users. The
doctors on the other hand will have a role of monitoring the patient records and retrieving patient
PART ONE
Introduction
Every industry have information that have to be prevented from unauthorized access. And the
information is protected using policies and controls. These security policies are applied by
employees of an organization they work for and they are formulated for the organization’s
information system. The employees are therefore tasked with protecting the organizations data
by ensuring all policies and standards are adhered to. The policies are used by the company’s
employees to safeguard the organization’s data (Peltier, 2016). They define the organization’s
management intent for controlling the behavior of personnel in relation to its information system.
In this document we seek to plan, develop and manage pertinent security policies that will be
used to protect the “My Health Data” records that the Commonwealth Government of Australia
seek to launch for healthcare organizations.
The security access policy plan
This security policy plan baselines the requirements to come up with a robust security
management system for the “My Health Records” system. This plan documents the type of
organization where the policy will be applied as well as the specific individual the policies are
meant for and their responsibilities (Flowerday & Tuyikeze, 2016). It also describe the system
architecture demonstrating how the information will flow in the system.
The policy will ensure that the organization’s information system is not only accessed by the
right individuals, but it will also ensure that the system is accessed in a proper manner as per the
Commonwealth Government of Australia’s expectation concerning the use of the “My Health
Records” system. This is to make sure that the patients’ data in my health records are free from
any unauthorized access and handled by the selected individuals in an ethical and professional
manner (Soomro, Shah & Ahmed, 2016; Hassan & Ismail, 2016).
The policies are designed for a healthcare organization and it is meant to control the behavior of
system administrators, doctors and nurses in relation to the organization’s information system.
The system administrators will have a role of adding and modifying the data in “My Health
Records database, receiving reports and motoring data and opening accounts for other users. The
doctors on the other hand will have a role of monitoring the patient records and retrieving patient
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Developing System Access Security Policies for Healthcare Organizationslg...
|13
|3040
|271
Report on IT Risk Managementlg...
|9
|2558
|296
Plan, Develop and Manage a Security Policy and Risk Assessmentlg...
|8
|2011
|467
Security Policy and Risk Managementlg...
|14
|2587
|388
IT Risk Managementlg...
|15
|2761
|207
ITC 596 IT Risk Management Assessmentlg...
|8
|2207
|231