Introduction to Information Security Management System in Gosford Hospital
VerifiedAdded on 2023/01/10
|16
|5300
|81
AI Summary
This report provides an introduction to the Information Security Management System (ISMS) in Gosford Hospital, highlighting the principles and importance of ISMS for the organization. It also discusses the organization's risk management strategy and digital forensics policy.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Postgraduate Extended
Diploma in Business
Management
Diploma in Business
Management
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
INTRODUCTION...........................................................................................................................3
TASK 1A.........................................................................................................................................3
1. Introduction of the Chosen Organization is required. The student must then highlight
principles of Information Security Management System that they think are most important to
the current organization..........................................................................................................3
2. Review of the Information Security Management System(ISMS) in the current
organization, student must elaborate on how Information Security policy is aligned to goals of
current organization (both long term and short term goals....................................................5
3. Explain the organizations risk management strategy.........................................................6
4. List the digital forensics policy of the organization...........................................................7
5. Explain the organizations Ethical behavior policy with regards to information security.. 9
TASK 1B.........................................................................................................................................9
Information Security Management System in your organization...........................................9
Articulate how organizational goals are aligned with ISMS .................................................9
Discuss Risk management policy of the organization..........................................................10
Discuss organizations ethical behavior policy with regards to information security...........10
TASK 2 .........................................................................................................................................10
Current Information Security policy for the asset or process...............................................10
Proposed new policy for the said asset or process...............................................................10
Project assumptions..............................................................................................................11
Impact on the overall strategic business objective...............................................................11
Other areas can be discussed................................................................................................12
CONCLUSION..............................................................................................................................12
REFERENCES..............................................................................................................................14
INTRODUCTION...........................................................................................................................3
TASK 1A.........................................................................................................................................3
1. Introduction of the Chosen Organization is required. The student must then highlight
principles of Information Security Management System that they think are most important to
the current organization..........................................................................................................3
2. Review of the Information Security Management System(ISMS) in the current
organization, student must elaborate on how Information Security policy is aligned to goals of
current organization (both long term and short term goals....................................................5
3. Explain the organizations risk management strategy.........................................................6
4. List the digital forensics policy of the organization...........................................................7
5. Explain the organizations Ethical behavior policy with regards to information security.. 9
TASK 1B.........................................................................................................................................9
Information Security Management System in your organization...........................................9
Articulate how organizational goals are aligned with ISMS .................................................9
Discuss Risk management policy of the organization..........................................................10
Discuss organizations ethical behavior policy with regards to information security...........10
TASK 2 .........................................................................................................................................10
Current Information Security policy for the asset or process...............................................10
Proposed new policy for the said asset or process...............................................................10
Project assumptions..............................................................................................................11
Impact on the overall strategic business objective...............................................................11
Other areas can be discussed................................................................................................12
CONCLUSION..............................................................................................................................12
REFERENCES..............................................................................................................................14
INTRODUCTION
Business management is activities which related with running an organisation like
controlling, leading, monitoring, organizing as well as planning (Raut and et. al., 2019). With the
assistance of proper business management an organisation will be able to accomplish their goals
and objectives. This report is based on Gosford hospital which is located at Gosford, Central
Coast, NSW, Australia. Respective organisation is providing several services such as range of
medicines, surgical and maternity services to Central coast region of New South Wales. In
relation of healthcare organization, it is important to manage their patient information and data in
effective manner. Thus, for them it is important to implement information Security system
because it help them in approaching to information security (Hoffmann, Kiedrowicz and Stanik,
2016). In simple term it can be said that, by designing, implementing, managing as well as
maintaining an ISMS an business firm will be able to protect their personal and sensitive data
from getting leaked, damaged and so on.
This report is divided within two task out of which first will going to discuss introduction
of company and principles of ISMS and their importance for company. Along with this, policies
related to ISMS will discuss which are related to organisational goals. Furthermore several things
also discuss such as risk management strategies, digital forensics policy and Ethical behaviour
policy with regards to information security. Apart from this, in second part of this report risk
management related topic will going to be cover.
TASK 1A
1. Introduction of the Chosen Organization is required. The student must then highlight
principles of Information Security Management System that they think are most important
to the current organization.
Gosford hospital which is located at Gosford, Central Coast, NSW, Australia. Respective
organisation is providing several services such as range of medicines, surgical and maternity
services to Central coast region of New South Wales. In addition to this, hospital's emergency
division is third busiest within state as well as library of respective hospital have large collection
of medical related texts.
Information security management system is framework of policies as well as controls
which manage security and risk in systematic manner across the enterprise information security.
Business management is activities which related with running an organisation like
controlling, leading, monitoring, organizing as well as planning (Raut and et. al., 2019). With the
assistance of proper business management an organisation will be able to accomplish their goals
and objectives. This report is based on Gosford hospital which is located at Gosford, Central
Coast, NSW, Australia. Respective organisation is providing several services such as range of
medicines, surgical and maternity services to Central coast region of New South Wales. In
relation of healthcare organization, it is important to manage their patient information and data in
effective manner. Thus, for them it is important to implement information Security system
because it help them in approaching to information security (Hoffmann, Kiedrowicz and Stanik,
2016). In simple term it can be said that, by designing, implementing, managing as well as
maintaining an ISMS an business firm will be able to protect their personal and sensitive data
from getting leaked, damaged and so on.
This report is divided within two task out of which first will going to discuss introduction
of company and principles of ISMS and their importance for company. Along with this, policies
related to ISMS will discuss which are related to organisational goals. Furthermore several things
also discuss such as risk management strategies, digital forensics policy and Ethical behaviour
policy with regards to information security. Apart from this, in second part of this report risk
management related topic will going to be cover.
TASK 1A
1. Introduction of the Chosen Organization is required. The student must then highlight
principles of Information Security Management System that they think are most important
to the current organization.
Gosford hospital which is located at Gosford, Central Coast, NSW, Australia. Respective
organisation is providing several services such as range of medicines, surgical and maternity
services to Central coast region of New South Wales. In addition to this, hospital's emergency
division is third busiest within state as well as library of respective hospital have large collection
of medical related texts.
Information security management system is framework of policies as well as controls
which manage security and risk in systematic manner across the enterprise information security.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Thus, for them it is important to implement information Security system because it help them in
approaching to information security (Soomro, Shah and Ahmed, 2016). In simple term it can be
said that, by designing, implementing, managing as well as maintaining an ISMS an business
firm will be able to protect their personal and sensitive data from getting leaked, damaged and so
on. Along with this, ISMS generally focus on risk management as well as risk assessment.
Moreover, business firms who are operating within tightly regulated sector verticals like
healthcare or national defence may need wide scope of security activities as well as risk
mitigation strategies. It is important for Gosford hospital to implement Information Security
Management system within their working for securing information and data related to their
customers in effective manner. In addition to this, there are some basic principles of Information
Security management system explanation of these in relation of Gosford hospital are as
follows :-
Confidentiality – it is important for health care organisation to secure information and
data of their customers within effective manner (Tu and et. al., 2018). Along with this,
confidentiality is one of the important principle of ISMS and it play important role in
working of Gosford Hospital. Moreover, data will be confidential only when those people
who are authorised to access can do so for ensuring confidentiality of their patient
information. Most important is that information have to identify who is trying to access
data as well as block attempt by those people who are not authorised. Passwords,
authentication, encryption and defense against penetration attacks are designed in
technical term for ensuring confidentiality of data.
Integrity – According to this principle respective organisation have to maintain data
within correct state and prevent it from being modified improperly which can be either by
accident or maliciously (Achmadi, Suryanto and Ramli, 2018). In addition to this, several
other techniques that make sure confidentiality will protect data integrity after that hacker
will not able to change data as well as can't access. But there are several other tools which
provide assistance in defense of integrity in depth as checksums assist company in
verifying data integrity. Thus, integrity include concepts related to non-repudiation in
which Gosford Hospital able to prove that they are maintaining integrity of data mainly
within legal contexts.
approaching to information security (Soomro, Shah and Ahmed, 2016). In simple term it can be
said that, by designing, implementing, managing as well as maintaining an ISMS an business
firm will be able to protect their personal and sensitive data from getting leaked, damaged and so
on. Along with this, ISMS generally focus on risk management as well as risk assessment.
Moreover, business firms who are operating within tightly regulated sector verticals like
healthcare or national defence may need wide scope of security activities as well as risk
mitigation strategies. It is important for Gosford hospital to implement Information Security
Management system within their working for securing information and data related to their
customers in effective manner. In addition to this, there are some basic principles of Information
Security management system explanation of these in relation of Gosford hospital are as
follows :-
Confidentiality – it is important for health care organisation to secure information and
data of their customers within effective manner (Tu and et. al., 2018). Along with this,
confidentiality is one of the important principle of ISMS and it play important role in
working of Gosford Hospital. Moreover, data will be confidential only when those people
who are authorised to access can do so for ensuring confidentiality of their patient
information. Most important is that information have to identify who is trying to access
data as well as block attempt by those people who are not authorised. Passwords,
authentication, encryption and defense against penetration attacks are designed in
technical term for ensuring confidentiality of data.
Integrity – According to this principle respective organisation have to maintain data
within correct state and prevent it from being modified improperly which can be either by
accident or maliciously (Achmadi, Suryanto and Ramli, 2018). In addition to this, several
other techniques that make sure confidentiality will protect data integrity after that hacker
will not able to change data as well as can't access. But there are several other tools which
provide assistance in defense of integrity in depth as checksums assist company in
verifying data integrity. Thus, integrity include concepts related to non-repudiation in
which Gosford Hospital able to prove that they are maintaining integrity of data mainly
within legal contexts.
Availability – In simple term it can be said that availability is mirror image of
confidentiality in which Gosford Hospital have to ensure that data should not be accessed
through unauthorised users. As they make to make sure that information of patient will be
accessed by people in hospital who have proper permission (Haqaf and Koyuncu, 2018).
Moreover, for ensuring data availability means matching network as well as computing
resources to volume of data access which company expect as well as implement backup
policy in relation of disaster recovery purpose.
Thus, by implementation of these Information Security Management System in effective manner
Gosford Hospital will be able to secure data and information of customers within effective
manner (White, Hewitt and Kruck, 2019). Thus, respective hospital storing sensitive medical
information as they have to focus on confidentiality. Because sharing personal data of customer
will not be legal practices as they have to keep their patients data confidential.
2. Review of the Information Security Management System(ISMS) in the current organization,
student must elaborate on how Information Security policy is aligned to goals of current
organization (both long term and short term goals.
Information security management system is approach which consist of processes,
technology as well as people which provide assistance to company in protecting and managing
information with the assistance of effective risk management. There are three major key aspects
of ISMS in relation of Gosford Hospital which they have to consider within their working for
security of data and information in better manner. Explanation of these are as follows :-
Confidentiality – it is important for health care organisation to secure information and
data of their customers within effective manner (Paliszkiewicz, 2019). Along with this,
confidentiality is one of the important principle of ISMS and it play important role in
working of Gosford Hospital.
Integrity – According to this principle respective organisation have to maintain data
within correct state and prevent it from being modified improperly which can be either by
accident or maliciously.
Availability – In simple term it can be said that availability is mirror image of
confidentiality in which Gosford Hospital have to ensure that data should not be accessed
through unauthorised users. As they make to make sure that information of patient will be
accessed by people in hospital who have proper permission.
confidentiality in which Gosford Hospital have to ensure that data should not be accessed
through unauthorised users. As they make to make sure that information of patient will be
accessed by people in hospital who have proper permission (Haqaf and Koyuncu, 2018).
Moreover, for ensuring data availability means matching network as well as computing
resources to volume of data access which company expect as well as implement backup
policy in relation of disaster recovery purpose.
Thus, by implementation of these Information Security Management System in effective manner
Gosford Hospital will be able to secure data and information of customers within effective
manner (White, Hewitt and Kruck, 2019). Thus, respective hospital storing sensitive medical
information as they have to focus on confidentiality. Because sharing personal data of customer
will not be legal practices as they have to keep their patients data confidential.
2. Review of the Information Security Management System(ISMS) in the current organization,
student must elaborate on how Information Security policy is aligned to goals of current
organization (both long term and short term goals.
Information security management system is approach which consist of processes,
technology as well as people which provide assistance to company in protecting and managing
information with the assistance of effective risk management. There are three major key aspects
of ISMS in relation of Gosford Hospital which they have to consider within their working for
security of data and information in better manner. Explanation of these are as follows :-
Confidentiality – it is important for health care organisation to secure information and
data of their customers within effective manner (Paliszkiewicz, 2019). Along with this,
confidentiality is one of the important principle of ISMS and it play important role in
working of Gosford Hospital.
Integrity – According to this principle respective organisation have to maintain data
within correct state and prevent it from being modified improperly which can be either by
accident or maliciously.
Availability – In simple term it can be said that availability is mirror image of
confidentiality in which Gosford Hospital have to ensure that data should not be accessed
through unauthorised users. As they make to make sure that information of patient will be
accessed by people in hospital who have proper permission.
Apart from this, information security management system help an organisation in
accomplishing their long term as well as short term goals in better manner. In relation Gosford
Hospital it is important to secure information of patients in proper manner as their will be no
chances of an information loss (Jeong, Lee and Lim, 2019). In simple term it can be said that, it
secure information and data of company as well as that will access by only those people who
have authority. Thus, it will help in security and management of information in better manner. In
hospitals there is more requirement of making data safe and secure because it include personal
information of patient which they don't want to share with anyone else. In that situation
information security management system provide assistance in more effective manner for
making secure their patient data. In addition to this, there are several other information also
which required to be secure as well as it is long term and short term goal of an organisation to
manage their information in better and secure manner for accomplishing goals in better manner.
3. Explain the organizations risk management strategy
Risk management strategy provide structure as well as coherent approach for identifying,
assessing and managing risk. It builds in a process for regularly updating and reviewing the
assessment based on new developments or actions taken. A risk management strategy can be
developed and implemented by even the smallest of groups or projects or built into a complex
strategy for a multi-site international organisation. Although, the procedure of identifying as well
as reviewing risk which company facing is known as risk assessment (Miloslavskaya and
Tolstoy, 2019). For Gosford Hospital it is important to manage risk in effective manner so they
will be able to serve their customers in better manner and accomplish goals as well as objectives
without facing any risk. There are several risk management strategies which Gosford Hospital
can implement within their working. Explanation of these are as follows :-
Avoid it – In some situation risk is this much serious that company want to eliminate it.
For instance, through avoiding activities altogether as well as by utilisation of different
approaches. Thus, if specific kind of trading is highly risky then manager of Gosford
Hospital will decide that it will worth the potential reward and abandon it. Although, it is
effective way of dealing with risk as well as through stopping those activities which
cause problem respective hospital will be able to eliminate chances of incurring losses.
But in this there is disadvantage also that company can lose out any type of benefits also.
accomplishing their long term as well as short term goals in better manner. In relation Gosford
Hospital it is important to secure information of patients in proper manner as their will be no
chances of an information loss (Jeong, Lee and Lim, 2019). In simple term it can be said that, it
secure information and data of company as well as that will access by only those people who
have authority. Thus, it will help in security and management of information in better manner. In
hospitals there is more requirement of making data safe and secure because it include personal
information of patient which they don't want to share with anyone else. In that situation
information security management system provide assistance in more effective manner for
making secure their patient data. In addition to this, there are several other information also
which required to be secure as well as it is long term and short term goal of an organisation to
manage their information in better and secure manner for accomplishing goals in better manner.
3. Explain the organizations risk management strategy
Risk management strategy provide structure as well as coherent approach for identifying,
assessing and managing risk. It builds in a process for regularly updating and reviewing the
assessment based on new developments or actions taken. A risk management strategy can be
developed and implemented by even the smallest of groups or projects or built into a complex
strategy for a multi-site international organisation. Although, the procedure of identifying as well
as reviewing risk which company facing is known as risk assessment (Miloslavskaya and
Tolstoy, 2019). For Gosford Hospital it is important to manage risk in effective manner so they
will be able to serve their customers in better manner and accomplish goals as well as objectives
without facing any risk. There are several risk management strategies which Gosford Hospital
can implement within their working. Explanation of these are as follows :-
Avoid it – In some situation risk is this much serious that company want to eliminate it.
For instance, through avoiding activities altogether as well as by utilisation of different
approaches. Thus, if specific kind of trading is highly risky then manager of Gosford
Hospital will decide that it will worth the potential reward and abandon it. Although, it is
effective way of dealing with risk as well as through stopping those activities which
cause problem respective hospital will be able to eliminate chances of incurring losses.
But in this there is disadvantage also that company can lose out any type of benefits also.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Avoiding risk can be use as last resort when company already tried other strategies and
found that risk level is still high.
Reduce the risk – If company don't want to abandon the activity altogether then common
approach will be implement which is related to reducing risk level related with it (Guhr,
Lebek and Breitner, 2019) . Along with this, manager of Gosford Hospital have to take
step for making negative results less likely to occur as well as for minimising its impact
when it will occur. In addition to this, reducing risk is most common strategy as well as it
is suitable for different risks. Reducing risk will let company continue their activities with
measures in place for making it less dangerous.
Risk transfer – this strategy of avoiding risk simply mean getting another party to accept
risk. Because risk can be transferred by contracts in relation of hospital several risk take
place on daily basis while providing healthcare services to patients. Thus, it is
responsibility of doctors to consult with patients and their family member if their will be
any type of risk in particular case.
4. List the digital forensics policy of the organization
Digital Forensics is explained as the process of identification, preservation, extraction as
well as documentation of computer evidence that can be utilise through court of law. In addition
to this, Digital Forensics is science related to finding evidence from digital marketing such as
mobile phone, computer, server, network and many more (Kim and Choi, 2020). If any case
related to digital take place in Gosford Hospital then forensic team will use digital forensic for
resolving issues in better manner. In simple term, digital forensics provide assistance to
respective team in analysing, identifying, inspect as well as preserve the digital evidence which
is residing on several kind of electronic devices. There are numerous policies of Digital
Forensics which Gosford Hospital have to implement in their working for securing data and
information of their patient in better manner. As manager of Gosford Hospital it is their
responsibility to secure their patients personal information through taking some major steps as
those who have authority to excess information can only open that. If anyone else without
authority checking information then some notification will blink on screen of authority. In
addition to this, there are several type of digital forensics which Gosford Hospital can
implement. Explanation of these are as follows :-
found that risk level is still high.
Reduce the risk – If company don't want to abandon the activity altogether then common
approach will be implement which is related to reducing risk level related with it (Guhr,
Lebek and Breitner, 2019) . Along with this, manager of Gosford Hospital have to take
step for making negative results less likely to occur as well as for minimising its impact
when it will occur. In addition to this, reducing risk is most common strategy as well as it
is suitable for different risks. Reducing risk will let company continue their activities with
measures in place for making it less dangerous.
Risk transfer – this strategy of avoiding risk simply mean getting another party to accept
risk. Because risk can be transferred by contracts in relation of hospital several risk take
place on daily basis while providing healthcare services to patients. Thus, it is
responsibility of doctors to consult with patients and their family member if their will be
any type of risk in particular case.
4. List the digital forensics policy of the organization
Digital Forensics is explained as the process of identification, preservation, extraction as
well as documentation of computer evidence that can be utilise through court of law. In addition
to this, Digital Forensics is science related to finding evidence from digital marketing such as
mobile phone, computer, server, network and many more (Kim and Choi, 2020). If any case
related to digital take place in Gosford Hospital then forensic team will use digital forensic for
resolving issues in better manner. In simple term, digital forensics provide assistance to
respective team in analysing, identifying, inspect as well as preserve the digital evidence which
is residing on several kind of electronic devices. There are numerous policies of Digital
Forensics which Gosford Hospital have to implement in their working for securing data and
information of their patient in better manner. As manager of Gosford Hospital it is their
responsibility to secure their patients personal information through taking some major steps as
those who have authority to excess information can only open that. If anyone else without
authority checking information then some notification will blink on screen of authority. In
addition to this, there are several type of digital forensics which Gosford Hospital can
implement. Explanation of these are as follows :-
Disk Forensics – It deal with extracting data and information from media storage through
searching active, deleted files as well as modified.
Network Forensics – this is also type of Digital Forensics as well as network forensics in
sub branch of digital Forensics. It is related with monitoring as well as analysing network
traffic related to computer for gathering information and legal evidence (Boiko, Shendryk
and Boiko, 2019).
Wireless Forensics – It is division of network forensics as well as wireless forensics aim
is to offer tools which are required for collecting and analysing data from wireless
network traffic.
Database Forensics – This is type of digital Forensics as well as database Forensic is
branch related to the examination and study of database and related to their metadata.
Malware Forensics – This branch of digital forensic deal with identification of malicious
code for studying their viruses, payload, worms and many more.
Email Forensics – it mainly deals with analysis as well as recovery of emails that include
calenders, deleted emails, contacts and many more.
Memory Forensics – This digital forensics mainly deal with gathering data or information
from system memory i.e., system registers, RAM, Cache in raw form as well as carving
data through Raw dump.
Mobile Phone Forensics – This deal with examination and analysis of mobile devices as
well as mobile phone Forensics provide assistance in retrieve SIM contacts and phone,
call logs, incoming and outgoing SMS, videos, audio and many more.
Thus, by implementation of digital forensics Gosford Hospital will be able to manage
information and data related to their customers in better manner (Ak and Gul, 2019). Along with
this, these type of digital forensics will provide assistance to Gosford Hospital in building good
brand image within market area as they safe and secure their patients information. In addition to
this, Digital forensics will provide assistance to managing as well as securing information and
data of Gosford Hospital and their patients in better manner. Moreover, it is important for
respective hospital to implement Digital Forensics for conducting their work in better manner
and it also help in accomplishing goals and objectives which can be short or long term.
searching active, deleted files as well as modified.
Network Forensics – this is also type of Digital Forensics as well as network forensics in
sub branch of digital Forensics. It is related with monitoring as well as analysing network
traffic related to computer for gathering information and legal evidence (Boiko, Shendryk
and Boiko, 2019).
Wireless Forensics – It is division of network forensics as well as wireless forensics aim
is to offer tools which are required for collecting and analysing data from wireless
network traffic.
Database Forensics – This is type of digital Forensics as well as database Forensic is
branch related to the examination and study of database and related to their metadata.
Malware Forensics – This branch of digital forensic deal with identification of malicious
code for studying their viruses, payload, worms and many more.
Email Forensics – it mainly deals with analysis as well as recovery of emails that include
calenders, deleted emails, contacts and many more.
Memory Forensics – This digital forensics mainly deal with gathering data or information
from system memory i.e., system registers, RAM, Cache in raw form as well as carving
data through Raw dump.
Mobile Phone Forensics – This deal with examination and analysis of mobile devices as
well as mobile phone Forensics provide assistance in retrieve SIM contacts and phone,
call logs, incoming and outgoing SMS, videos, audio and many more.
Thus, by implementation of digital forensics Gosford Hospital will be able to manage
information and data related to their customers in better manner (Ak and Gul, 2019). Along with
this, these type of digital forensics will provide assistance to Gosford Hospital in building good
brand image within market area as they safe and secure their patients information. In addition to
this, Digital forensics will provide assistance to managing as well as securing information and
data of Gosford Hospital and their patients in better manner. Moreover, it is important for
respective hospital to implement Digital Forensics for conducting their work in better manner
and it also help in accomplishing goals and objectives which can be short or long term.
5. Explain the organizations Ethical behavior policy with regards to information security.
Ethical behaviour is related to how an business firm make sure that all the decision,
actions as well as stakeholders interaction conform organisational moral and professional
principles. In addition to this, workplace ethics are simply set of values, moral principles as well
as standards which required to be followed by employers and employees both in organisation.
Ethical behaviour includes rules and regulation which required to be followed by staff members
while working in an organisation. Apart from this, ethical behaviour is also related with
information security as it is important to manage as well as secure information in ethical manner.
Because it will ensure that no miss of data will take place (Tariq, 2019). There are several
policies of ethical behaviour in relation of information security explanation of these in term of
Gosford Hospital.
Confidentiality – It is policy of organisation ethics behaviour in relation of information
security. Thus, manager and leader of Gosford Hospital have to ensure that their
information will not disclose in front of other and have to be confidential. Thus,
confidential policy of organisation ethics behaviour play important role in information
security in better manner.
Professional behaviour – it is important to make sure that individual have professional
behaviour in relation of information security so that no unethical practices will take place
(Yoon, Hwang and Kim, 2019). If individual behave in professional manner then they
will be responsible that data or information will be access by only those person who have
authority.
Thus, by implementing organisation ethical policies Gosford Hospital will be able to attain goals
relation to information security in better manner. In simple term it can be said that, information
security and organisation ethical policies both are align with each other.
TASK 1B
Information Security Management System in your organization
Covered in PPT
Articulate how organizational goals are aligned with ISMS
Covered in PPT
Ethical behaviour is related to how an business firm make sure that all the decision,
actions as well as stakeholders interaction conform organisational moral and professional
principles. In addition to this, workplace ethics are simply set of values, moral principles as well
as standards which required to be followed by employers and employees both in organisation.
Ethical behaviour includes rules and regulation which required to be followed by staff members
while working in an organisation. Apart from this, ethical behaviour is also related with
information security as it is important to manage as well as secure information in ethical manner.
Because it will ensure that no miss of data will take place (Tariq, 2019). There are several
policies of ethical behaviour in relation of information security explanation of these in term of
Gosford Hospital.
Confidentiality – It is policy of organisation ethics behaviour in relation of information
security. Thus, manager and leader of Gosford Hospital have to ensure that their
information will not disclose in front of other and have to be confidential. Thus,
confidential policy of organisation ethics behaviour play important role in information
security in better manner.
Professional behaviour – it is important to make sure that individual have professional
behaviour in relation of information security so that no unethical practices will take place
(Yoon, Hwang and Kim, 2019). If individual behave in professional manner then they
will be responsible that data or information will be access by only those person who have
authority.
Thus, by implementing organisation ethical policies Gosford Hospital will be able to attain goals
relation to information security in better manner. In simple term it can be said that, information
security and organisation ethical policies both are align with each other.
TASK 1B
Information Security Management System in your organization
Covered in PPT
Articulate how organizational goals are aligned with ISMS
Covered in PPT
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Discuss Risk management policy of the organization.
Covered in PPT
Discuss organizations ethical behavior policy with regards to information security
Covered in PPT
TASK 2
Current Information Security policy for the asset or process
Information security is designed for protecting integrity, confidentiality as well as
availability of computer system data from those with malicious intention. In addition to this,
availability, confidentiality and integrity is related to CIA Triad of information security.
Moreover, with the assistance of information security an business firm will be able to handle risk
management (DuHadway, Carnovale and Hazen, 2019). Information security is not related with
securing information from unauthorized access but it is also practice of preventing unauthorised
use, disclosure, disruption, access, inspection, modification, recording as well as destruction of
information. In relation of Gosford Hospital, their present policy related to information security
is that data and information will be access by each and every member of organisation which
sometimes create missuses, data theft and many more. For healthcare organisations it is
important to secure information and data of their customers in better manner because no patient
want to share their personal information with others.
In other words it can be said that, Gosford Hospital have to apply proper information
security in their working so that missuses and theft of data will get reduce. For healthcare sector
organisations it is important to take major steps so that chances of theft get reduce and goals of
company will accomplished in better manner (Rampini, Viswanathan and Vuillemey, 2020). In
addition to better information security policy will provide assistance in risk management also
related to data security. Procedure and policies related to information security include digital as
well as physical security measures for protecting data through destruction, replication
unauthorized access or uses.
Proposed new policy for the said asset or process
Existing policy of Gosford Hospital related to information security is that data and
information will be access by each and every member of organisation which sometimes create
missuses, data theft and many more. For healthcare organisations it is important to secure
Covered in PPT
Discuss organizations ethical behavior policy with regards to information security
Covered in PPT
TASK 2
Current Information Security policy for the asset or process
Information security is designed for protecting integrity, confidentiality as well as
availability of computer system data from those with malicious intention. In addition to this,
availability, confidentiality and integrity is related to CIA Triad of information security.
Moreover, with the assistance of information security an business firm will be able to handle risk
management (DuHadway, Carnovale and Hazen, 2019). Information security is not related with
securing information from unauthorized access but it is also practice of preventing unauthorised
use, disclosure, disruption, access, inspection, modification, recording as well as destruction of
information. In relation of Gosford Hospital, their present policy related to information security
is that data and information will be access by each and every member of organisation which
sometimes create missuses, data theft and many more. For healthcare organisations it is
important to secure information and data of their customers in better manner because no patient
want to share their personal information with others.
In other words it can be said that, Gosford Hospital have to apply proper information
security in their working so that missuses and theft of data will get reduce. For healthcare sector
organisations it is important to take major steps so that chances of theft get reduce and goals of
company will accomplished in better manner (Rampini, Viswanathan and Vuillemey, 2020). In
addition to better information security policy will provide assistance in risk management also
related to data security. Procedure and policies related to information security include digital as
well as physical security measures for protecting data through destruction, replication
unauthorized access or uses.
Proposed new policy for the said asset or process
Existing policy of Gosford Hospital related to information security is that data and
information will be access by each and every member of organisation which sometimes create
missuses, data theft and many more. For healthcare organisations it is important to secure
information and data of their customers in better manner because no patient want to share their
personal information with others. This policy is not effective as it result in several missuses and
theft of data as well as information. Thus, to overcome with such issues it is important for
Gosford Hospital to implement effective strategy in their working so they will be able to
overcome with such issues in better manner (Baryannis and et. al., 2019). Thus, they will
implement such information security system in that information and data will be access by only
authorised people so that missuses and theft chances will get reduce. If limited people will access
to data then things will manage in better manner and no such situation will occur in which data
theft will take place.
Limited authority and access to information will help Gosford Hospital in better safety as
well as security of data. If any unauthorised person will access information then notification will
blink in system of authorised person. This will provide assistance to respective hospital in
maintaining safety and security of their patient information in better manner.
Project assumptions
In Gosford Hospital there are several strategies related to information security out of
which one is latest i.e., limited access as it will provide assistance to company in reducing
chances of data missuses, theft and many more (Bodnar and et. al., 2019). In addition to this,
limited access help in making data confidential as well as no other will use that. If any
unauthorised person will use information then notification will blink on system of authorised
person. Although, with the assistance of such practices an organisation will be able to manage
information in better manner and reduce chances of any theft in relation of information.
Impact on the overall strategic business objective
Strategy which Gosford Hospital will implement is Limited authority and access to
information will help respective Hospital in better safety as well as security of data. If any
unauthorised person will access information then notification will blink in system of authorised
person. This will provide assistance to respective hospital in maintaining safety and security of
their patient information in better manner. This will have wide impact on Gosford Hospital and
help in conducting work within more effective manner by securing information and data.
Explanation of its impact in relation of Gosford Hospital are as follows :-
Confidentiality – When limited people will access information then it will remain
confidential and have positive impact on organisation (Manab and Aziz, 2019). Along
personal information with others. This policy is not effective as it result in several missuses and
theft of data as well as information. Thus, to overcome with such issues it is important for
Gosford Hospital to implement effective strategy in their working so they will be able to
overcome with such issues in better manner (Baryannis and et. al., 2019). Thus, they will
implement such information security system in that information and data will be access by only
authorised people so that missuses and theft chances will get reduce. If limited people will access
to data then things will manage in better manner and no such situation will occur in which data
theft will take place.
Limited authority and access to information will help Gosford Hospital in better safety as
well as security of data. If any unauthorised person will access information then notification will
blink in system of authorised person. This will provide assistance to respective hospital in
maintaining safety and security of their patient information in better manner.
Project assumptions
In Gosford Hospital there are several strategies related to information security out of
which one is latest i.e., limited access as it will provide assistance to company in reducing
chances of data missuses, theft and many more (Bodnar and et. al., 2019). In addition to this,
limited access help in making data confidential as well as no other will use that. If any
unauthorised person will use information then notification will blink on system of authorised
person. Although, with the assistance of such practices an organisation will be able to manage
information in better manner and reduce chances of any theft in relation of information.
Impact on the overall strategic business objective
Strategy which Gosford Hospital will implement is Limited authority and access to
information will help respective Hospital in better safety as well as security of data. If any
unauthorised person will access information then notification will blink in system of authorised
person. This will provide assistance to respective hospital in maintaining safety and security of
their patient information in better manner. This will have wide impact on Gosford Hospital and
help in conducting work within more effective manner by securing information and data.
Explanation of its impact in relation of Gosford Hospital are as follows :-
Confidentiality – When limited people will access information then it will remain
confidential and have positive impact on organisation (Manab and Aziz, 2019). Along
with this, information will remain secure and no chances of missuses and theft will take
place.
Limited access – When authority will be give to 2 and more than that people their will be
limited access to information. In that situation chances of theft in relation of data will get
reduce.
Safety and security – With the assistance of implementing limited access to data and
information will be secure. Because if any unauthorised person will access then
notification will blink on the screen of authorised person.
Thus, it can be said that present strategy of Gosford Hospital in relation of information security
play important role (Elamer, Ntim and Abdou, 2020). Because with the assistance of this access
on data will be of limited people as it result in reducing chances of information theft. In simple
term it can be said that, limited access on information have positive impact on working of
respective hospital.
Other areas can be discussed
In an organisation there are several area which required to be protect in effective manner
(Shojaei and Haeri, 2019). along with information security it is important for Gosford Hospital
to ensure that they will provide better quality services to their customers in effective manner.
Because better services will provide assistance in making people loyal towards specific brand
and accomplishing predetermined goals and objectives.
CONCLUSION
After going through overall discussion it has been summarised that, information security
management system as well as risk management both important part of an organisation. Thus,
with the assistance ISMS an business firm will be able to manage information and data in
effective manner. In addition to this, there are several policies related to the same which hospital
have to implement in their working because they have personal data of patients sharing that is
not allowed. In simple term it can be said that, it is important for an enterprise to implement
information security management system in their working. Apart from this, risk management is
also important for company because business environment is dynamic in nature and there are
several risk which may take place for company. So it is essential to manage risk in better manner
and accomplish goals and objectives within required way. Along with this, it is essential for
place.
Limited access – When authority will be give to 2 and more than that people their will be
limited access to information. In that situation chances of theft in relation of data will get
reduce.
Safety and security – With the assistance of implementing limited access to data and
information will be secure. Because if any unauthorised person will access then
notification will blink on the screen of authorised person.
Thus, it can be said that present strategy of Gosford Hospital in relation of information security
play important role (Elamer, Ntim and Abdou, 2020). Because with the assistance of this access
on data will be of limited people as it result in reducing chances of information theft. In simple
term it can be said that, limited access on information have positive impact on working of
respective hospital.
Other areas can be discussed
In an organisation there are several area which required to be protect in effective manner
(Shojaei and Haeri, 2019). along with information security it is important for Gosford Hospital
to ensure that they will provide better quality services to their customers in effective manner.
Because better services will provide assistance in making people loyal towards specific brand
and accomplishing predetermined goals and objectives.
CONCLUSION
After going through overall discussion it has been summarised that, information security
management system as well as risk management both important part of an organisation. Thus,
with the assistance ISMS an business firm will be able to manage information and data in
effective manner. In addition to this, there are several policies related to the same which hospital
have to implement in their working because they have personal data of patients sharing that is
not allowed. In simple term it can be said that, it is important for an enterprise to implement
information security management system in their working. Apart from this, risk management is
also important for company because business environment is dynamic in nature and there are
several risk which may take place for company. So it is essential to manage risk in better manner
and accomplish goals and objectives within required way. Along with this, it is essential for
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
company to analyse their current information security policy in better manner and then identify
which area require. So that, things will manage in better manner as well as result in gaining
effective outcomes.
which area require. So that, things will manage in better manner as well as result in gaining
effective outcomes.
REFERENCES
Books and Journals
Raut, R. D. and et. al., 2019. Linking big data analytics and operational sustainability practices
for sustainable business management. Journal of cleaner production. 224, pp.10-24.
Hoffmann, R., Kiedrowicz, M. and Stanik, J., 2016. Risk management system as the basic
paradigm of the information security management system in an organization. In MATEC
Web of Conferences (Vol. 76, p. 04010). EDP Sciences.
Soomro, Z. A., Shah, M. H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information
Management. 36(2), pp.215-225.
Tu, C. Z. and et. al., 2018. Strategic value alignment for information security management: A
critical success factor analysis. Information & Computer Security.
Achmadi, D., Suryanto, Y. and Ramli, K., 2018, May. On developing information security
management system (isms) framework for iso 27001-based data center. In 2018
International Workshop on Big Data and Information Security (IWBIS) (pp. 149-157).
IEEE.
Haqaf, H. and Koyuncu, M., 2018. Understanding key skills for information security managers.
International Journal of Information Management. 43, pp.165-172.
White, G. L., Hewitt, B. and Kruck, S. E., 2019. Incorporating global information security and
assurance in IS education. Journal of Information Systems Education, 24(1), p.1.
Paliszkiewicz, J., 2019. Information security policy compliance: Leadership and trust. Journal of
Computer Information Systems, 59(3), pp.211-217.
Jeong, C. Y., Lee, S. Y. T. and Lim, J. H., 2019. Information security breaches and IT security
investments: Impacts on competitors. Information & Management, 56(5), pp.681-695.
Miloslavskaya, N. and Tolstoy, A., 2019. Internet of Things: information security challenges and
solutions. Cluster Computing, 22(1), pp.103-119.
Guhr, N., Lebek, B. and Breitner, M. H., 2019. The impact of leadership on employees' intended
information security behaviour: An examination of the full‐range leadership
theory. Information Systems Journal, 29(2), pp.340-362.
Kim, S. and Choi, M., 2020. Educational requirement analysis for information security
professionals in Korea. Journal of Information Systems Education, 13(3), p.11.
Boiko, A., Shendryk, V. and Boiko, O., 2019. Information systems for supply chain
management: uncertainties, risks and cyber security. Procedia computer science, 149,
pp.65-70.
Ak, M. F. and Gul, M., 2019. AHP–TOPSIS integration extended with Pythagorean fuzzy sets
for information security risk analysis. Complex & Intelligent Systems, 5(2), pp.113-126.
Tariq, M. I., 2019. Agent Based Information Security Framework for Hybrid Cloud
Computing. KSII Transactions on Internet & Information Systems, 13(1).
Yoon, C., Hwang, J. W. and Kim, R., 2019. Exploring factors that influence students’ behaviors
in information security. Journal of information systems education, 23(4), p.7.
DuHadway, S., Carnovale, S. and Hazen, B., 2019. Understanding risk management for
intentional supply chain disruptions: Risk detection, risk mitigation, and risk
recovery. Annals of Operations Research, 283(1), pp.179-198.
Books and Journals
Raut, R. D. and et. al., 2019. Linking big data analytics and operational sustainability practices
for sustainable business management. Journal of cleaner production. 224, pp.10-24.
Hoffmann, R., Kiedrowicz, M. and Stanik, J., 2016. Risk management system as the basic
paradigm of the information security management system in an organization. In MATEC
Web of Conferences (Vol. 76, p. 04010). EDP Sciences.
Soomro, Z. A., Shah, M. H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information
Management. 36(2), pp.215-225.
Tu, C. Z. and et. al., 2018. Strategic value alignment for information security management: A
critical success factor analysis. Information & Computer Security.
Achmadi, D., Suryanto, Y. and Ramli, K., 2018, May. On developing information security
management system (isms) framework for iso 27001-based data center. In 2018
International Workshop on Big Data and Information Security (IWBIS) (pp. 149-157).
IEEE.
Haqaf, H. and Koyuncu, M., 2018. Understanding key skills for information security managers.
International Journal of Information Management. 43, pp.165-172.
White, G. L., Hewitt, B. and Kruck, S. E., 2019. Incorporating global information security and
assurance in IS education. Journal of Information Systems Education, 24(1), p.1.
Paliszkiewicz, J., 2019. Information security policy compliance: Leadership and trust. Journal of
Computer Information Systems, 59(3), pp.211-217.
Jeong, C. Y., Lee, S. Y. T. and Lim, J. H., 2019. Information security breaches and IT security
investments: Impacts on competitors. Information & Management, 56(5), pp.681-695.
Miloslavskaya, N. and Tolstoy, A., 2019. Internet of Things: information security challenges and
solutions. Cluster Computing, 22(1), pp.103-119.
Guhr, N., Lebek, B. and Breitner, M. H., 2019. The impact of leadership on employees' intended
information security behaviour: An examination of the full‐range leadership
theory. Information Systems Journal, 29(2), pp.340-362.
Kim, S. and Choi, M., 2020. Educational requirement analysis for information security
professionals in Korea. Journal of Information Systems Education, 13(3), p.11.
Boiko, A., Shendryk, V. and Boiko, O., 2019. Information systems for supply chain
management: uncertainties, risks and cyber security. Procedia computer science, 149,
pp.65-70.
Ak, M. F. and Gul, M., 2019. AHP–TOPSIS integration extended with Pythagorean fuzzy sets
for information security risk analysis. Complex & Intelligent Systems, 5(2), pp.113-126.
Tariq, M. I., 2019. Agent Based Information Security Framework for Hybrid Cloud
Computing. KSII Transactions on Internet & Information Systems, 13(1).
Yoon, C., Hwang, J. W. and Kim, R., 2019. Exploring factors that influence students’ behaviors
in information security. Journal of information systems education, 23(4), p.7.
DuHadway, S., Carnovale, S. and Hazen, B., 2019. Understanding risk management for
intentional supply chain disruptions: Risk detection, risk mitigation, and risk
recovery. Annals of Operations Research, 283(1), pp.179-198.
Rampini, A. A., Viswanathan, S. and Vuillemey, G., 2020. Risk management in financial
institutions. The Journal of Finance, 75(2), pp.591-637.
Baryannis, G. and et. al., 2019. Supply chain risk management and artificial intelligence: state of
the art and future research directions. International Journal of Production
Research, 57(7), pp.2179-2202.
Bodnar, G. M. and et. al., 2019. A view inside corporate risk management. Management
Science, 65(11), pp.5001-5026.
Manab, N. and Aziz, N., 2019. Integrating knowledge management in sustainability risk
management practices for company survival. Management Science Letters, 9(4),
pp.585-594.
Elamer, A. A., Ntim, C. G. and Abdou, H. A., 2020. Islamic governance, national governance,
and bank risk management and disclosure in MENA countries. Business &
Society, 59(5), pp.914-955.
Shojaei, P. and Haeri, S. A. S., 2019. Development of supply chain risk management approaches
for construction projects: A grounded theory approach. Computers & Industrial
Engineering, 128, pp.837-850.
institutions. The Journal of Finance, 75(2), pp.591-637.
Baryannis, G. and et. al., 2019. Supply chain risk management and artificial intelligence: state of
the art and future research directions. International Journal of Production
Research, 57(7), pp.2179-2202.
Bodnar, G. M. and et. al., 2019. A view inside corporate risk management. Management
Science, 65(11), pp.5001-5026.
Manab, N. and Aziz, N., 2019. Integrating knowledge management in sustainability risk
management practices for company survival. Management Science Letters, 9(4),
pp.585-594.
Elamer, A. A., Ntim, C. G. and Abdou, H. A., 2020. Islamic governance, national governance,
and bank risk management and disclosure in MENA countries. Business &
Society, 59(5), pp.914-955.
Shojaei, P. and Haeri, S. A. S., 2019. Development of supply chain risk management approaches
for construction projects: A grounded theory approach. Computers & Industrial
Engineering, 128, pp.837-850.
1 out of 16
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.