301162 - Info Security Management System Design for Healthcare Org

Verified

Added on 2023/03/30

AI Summary

This report provides a detailed design of an information security management system tailored for a large healthcare organization with over 1000 devices. It covers key aspects such as policy development, personnel roles, and the importance of understanding the plan for effective implementation. The report emphasizes the necessity of adhering to legal standards and the significance of executive support in policy creation. It also discusses the roles of Information Security personnel, particularly the Chief Information Security Officer (CISO), and their responsibilities in maintaining security. The reflection section highlights the importance of information security in safeguarding business and customer data, as well as the potential consequences of not having a robust security system. The report concludes by emphasizing the need for employee training and a clear understanding of roles and responsibilities to ensure the successful implementation of the information security system.

Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION SECURITY MANAGEMENT
Abstract
The way that the world of business is transforming with the technology implementation every
day, it is quite easy to understand how the organisations at dealing with the generated
information that has been increasing at an exponential rate. To handle all the systems
generating information within the organisation with the utilisation of Information
Technology, organisations required to have an information system management plant setup
within the organisation. This would help in the proper management of the generated
information within an organisation. Every person in the organisation should abide by the
policies developed within the organisation adhering to the law. This is also done by the
understanding of their responsibility in handling the information system and also the
individual data of the customers. The requirements that implementations of such an
information system within an organisation need are all described with the report as below.

2INFORMATION SECURITY MANAGEMENT
Table of Contents
Policy Development...............................................................................................................3
Personnel................................................................................................................................4
Understanding of the plan......................................................................................................5
Reflection...............................................................................................................................6
References..................................................................................................................................7

3INFORMATION SECURITY MANAGEMENT
Policy Development
Information Security is such a sensitive issue within the healthcare institution that was
the loss of any information, be it about the business or the customer, can bring about a huge
loss to the business [2]. Therefore, it is required that the healthcare institution develops
security policy and programme to make sure that all the activities or operations that is
followed on a day-to-day basis within the healthcare institution is maintaining proper policy
code of conduct for maintaining utmost security to the business information [3]. Since, the
healthcare institution is a larger one with 1000 devices to manage, they should set up their
security policy and program that should include the security policy, the policy components,
the practice standards and the policy the components of the Information Security program
and Information Security policy development.
This is required because having a return instruction for the employees to be informed
about the proper behaviour and code of conduct for using the information and information
assets in the workplace would be managed in a feasible way [4]. The effective way by which
the policy would design a structure and explain the code of conduct to the employees would
create a productive and effective work environment; at the same time providing extreme
security to the business information generated every day.
The basic rules that the healthcare institution should follow while preparing a policy
can be regarded as follows:
 The security policy for information generator within the healthcare
organization must always abide by the general law [5].
 The policy should always be made in such a way that it has the potential of
being brought about as an evidence in a court if it is ever challenged [1].

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION SECURITY MANAGEMENT
 The policy should be prepared under the administration and support of the
business executives.
At the same time, it should always be kept in mind that the guidelines while creating
the Information Security policy within the organisation, the policies need to contribute to the
success of the organisation in the long run, as it is a large sized organization [6].
One of the most popular policy models that is utilised while creating policies for
Information Security in healthcare institution is the Bull's Eye method. This method is built
upon four layers need of policies, networks, systems and applications.
Personnel
The Information Security personnel are mostly found to be taken from the
Information Technology sectors to work at military or other law enforcement systems.
Mostly, it has been found that the Information Technology sectors that the InfoSec
professionals are selected from belong from the programming networking, database
administration or system administration sections. As a Chief Information Security Officer or
CISO for the healthcare organization as well, it is required that these positions within the
healthcare organisation are selected as the most important Information Security officer [7].
The Chief Information Security Officers are responsible of frequently putting the chief
Information officer about all the areas of Information Security within the organisation
including all the analysis that they have already done on the technology, planning and policy.
These CISOs should always follow 6 particular principles within the healthcare
organisation. They should have a sound knowledge of the engagement of business, gather
data from the analysis of the entire organisation and focus on the initiative, schedule and
target the initiatives, deliver the services, acknowledge the credibility and manage the

5INFORMATION SECURITY MANAGEMENT
relationship between all the employees within the organisation [8]. The employees are also
accountable for all the Information Security program that occurs within the organisation on a
daily basis. The security manager is another position that should be maintained within an
organisation with the responsibility of maintaining the current and appropriate information
necessary to perform the management of Information Security within the healthcare
organisation.
Understanding of the plan
It is also required that the employees within the healthcare organisation are
accustomed to all the Information Security policies and procedures that is being set up within
the organisation. They also need to understand how the Information Security plan is being
developed and what are the reasons behind it. It is also required that all the employees within
the healthcare institutions are accustomed to the importance of business and customer
information [9]. When the employees understand the primary reason behind having and
Information Security system, it becomes much easier for the organisations to devise a plan
and make the employees follow the same. The understanding of the employees might not be
initiated from within, therefore, it is also required that all the people within the organisation
plan accordingly to find a way to train the employees and also ensure that they practice this
code of conduct for the enhancement of their behaviour towards Information Security system.
They also need to understand why the healthcare organisation is developing and
Information Security system policy and also what are the roles and responsibilities of the
Information Security personnel [10]. With all these understandings, it would be easier for the
employees to be sure about the plan that the organisation is trying to put in with the
implementation of the Information Security systems within the organisation. With all these

6INFORMATION SECURITY MANAGEMENT
above plans made, it is estimated that the healthcare organisation would easily device and
Information Security plan.
Reflection
From the above-mentioned security plan for the security of information within the
healthcare organisation, I can clearly understand why Information Security is necessary for
all the business information and the customer information. I understand that if the healthcare
organisation does not acknowledge the security system to maintain the security of
information generated on a daily basis within the organisation, there can be problematic
consequences. There might be occurrences where without proper Information Security
system implemented within this organisation, any malicious cyber attacker barges into the
security system of the organisation and the company has to compromise all the confidential
data regarding the business and the customers as it is a large institution with more than 1000
devices and huge amount of customer and business information.
I understand that this is not just an implication towards a business reputation but it
also endangers the presence of a person over online, even more if the person continues to deal
with transactions over the internet. Therefore, it is required that the healthcare organisation
has a proper code of conduct set with documented policies so that they understand what they
need to perform and what they need to discard from their day-to-day business activities and
behaviour to maintain the security of information. I also understood that the problems that the
organisation have been facing even after policy enrolment within the organisation is with the
understanding of the roles and responsibility within the employees of the organisation who
are to implement the Information Security system. Having a plan set for the appointing of
responsibilities to the different people within the organisation for securing the information

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7INFORMATION SECURITY MANAGEMENT
system makes it even easier for the organisation to manage all the generated information as
well as the personnel within the healthcare organisation.

8INFORMATION SECURITY MANAGEMENT
References
[1] K.C., Laudon, and J.P., Laudon. Management information system. Pearson Education
India, 2016.
[2] Z.A., Soomro, M.H. Shah, and J., Ahmed. Information security management needs more
holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225, 2016.
[3] J., Shafritz. International Encyclopedia of Public Policy and Administration Volume 3.
Routledge, 2019.
[4] G.N., Kouziokas. Technology-based management of environmental organizations using
an Environmental Management Information System (EMIS): Design and
development. Environmental Technology & Innovation, 5, pp.106-116, 2016.
[5] R., Hoffmann, M. Kiedrowicz, and J., Stanik. Risk management system as the basic
paradigm of the information security management system in an organization. In MATEC Web
of Conferences (Vol. 76, p. 04010). EDP Sciences, 2016.
[6] K.M., Lukaszewski, D.L. Stone, and R.D., Johnson. Impact of human resource
information system policies on privacy. AIS Transactions on Human-Computer
Interaction, 8(2), pp.58-73, 2016.
[7] K.A., Barton, G., Tejay, M. Lane, and S., Terrell. Information system security
commitment: A study of external influences on senior management. Computers &
Security, 59, pp.9-25, 2016.
[8] K., Sadgrove. The complete guide to business risk management. Routledge, 2016.

9INFORMATION SECURITY MANAGEMENT
[9] S., Siedentop, S. Fina and A., Krehl. Greenbelts in Germany's regional plans—An
effective growth management policy?. Landscape and Urban Planning, 145, pp.71-82, 2016.
[10] R., Revans. The enterprise as a learning system. In Action learning in practice (pp. 43-
48). Routledge, 2016.