Information Security Management for Beyond Health
Added on 2023-06-10
14 Pages3291 Words152 Views
Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author Note
Information Security Management
Name of the Student
Name of the University
Author Note
1INFORMATION SECURITY MANAGEMENT
Table of Contents
Information Security Team Description..........................................................................................2
Team Division and Description...................................................................................................3
Information Security Policy Document.......................................................................................5
Incident Management Plan..........................................................................................................7
Legal and Ethical Issues..............................................................................................................9
Reference.......................................................................................................................................12
Table of Contents
Information Security Team Description..........................................................................................2
Team Division and Description...................................................................................................3
Information Security Policy Document.......................................................................................5
Incident Management Plan..........................................................................................................7
Legal and Ethical Issues..............................................................................................................9
Reference.......................................................................................................................................12
2INFORMATION SECURITY MANAGEMENT
Information Security Team Description
Beyond Heath, an Australian company that operates private hospitals, medical centres
and internal pathology services; it is very important that security Management Services be
installed. The IT security in Information Assurance Department or ISIA that has been appointed
by this company is a large organisation having primary responsibilities of designing, planning
and creating secure infrastructure. Since organisation has recently suffered a ransomware attack
in a data breach incident the Australian Health Organisation has appointed me as a Chief
Information Security Officer or CISO. The organisation Beyond Health had suffered data breach
and ransomware attacks on account of which they wanted to implement a new information
security system replacing the old traditional system for securing the data and information for the
organisation. For this they had a pointed IT Security and Information Assurance Department
including the designing, planning in creating of a secured infrastructure so that there might not
be a repetition of this incident. Beyond Health is an Australian Health Organisation providing
healthcare all throughout Australia on accordance of 45 hospitals and 50 medical centres (Wager,
Lee and Glaser, 2017). It also has a span of 17000 employees who have been working in
different roles under multiple locations. Due to the ransomware attacks and the data breach it is
possible that the entire organisation with such vivid and important information was on the verge
of being jeopardized (Huang, Behara, and Goo, 2014). Therefore, it is necessary that the older
security system must be replaced with a new and improved version that would prevent further
data breaches and ransomware attacks in the organization, aiding to the hospitals and medical
centres governed by the organization.
Therefore, since it is seen that the previous security system did little or nothing for the
organization. It was a faulty system that made the business organization goes through a loss of
medical health information of their patients. It is thus proposed that the previous security system
be replaced with a new and improved one, with thorough research done about the vulnerabilities
of the previous system (Liebler and McConnell, 2016). The new security system would be
implemented only after the vulnerabilities of the previous system are identified and the new
system has the potential to address all the risks associated with it.
Information Security Team Description
Beyond Heath, an Australian company that operates private hospitals, medical centres
and internal pathology services; it is very important that security Management Services be
installed. The IT security in Information Assurance Department or ISIA that has been appointed
by this company is a large organisation having primary responsibilities of designing, planning
and creating secure infrastructure. Since organisation has recently suffered a ransomware attack
in a data breach incident the Australian Health Organisation has appointed me as a Chief
Information Security Officer or CISO. The organisation Beyond Health had suffered data breach
and ransomware attacks on account of which they wanted to implement a new information
security system replacing the old traditional system for securing the data and information for the
organisation. For this they had a pointed IT Security and Information Assurance Department
including the designing, planning in creating of a secured infrastructure so that there might not
be a repetition of this incident. Beyond Health is an Australian Health Organisation providing
healthcare all throughout Australia on accordance of 45 hospitals and 50 medical centres (Wager,
Lee and Glaser, 2017). It also has a span of 17000 employees who have been working in
different roles under multiple locations. Due to the ransomware attacks and the data breach it is
possible that the entire organisation with such vivid and important information was on the verge
of being jeopardized (Huang, Behara, and Goo, 2014). Therefore, it is necessary that the older
security system must be replaced with a new and improved version that would prevent further
data breaches and ransomware attacks in the organization, aiding to the hospitals and medical
centres governed by the organization.
Therefore, since it is seen that the previous security system did little or nothing for the
organization. It was a faulty system that made the business organization goes through a loss of
medical health information of their patients. It is thus proposed that the previous security system
be replaced with a new and improved one, with thorough research done about the vulnerabilities
of the previous system (Liebler and McConnell, 2016). The new security system would be
implemented only after the vulnerabilities of the previous system are identified and the new
system has the potential to address all the risks associated with it.
3INFORMATION SECURITY MANAGEMENT
Team Division and Description
Since there has been a data breach before in the organization, hampering all the hospitals
and medical centres under it, the new process should definitely incorporate the security systems
that defends all the vulnerabilities that has been present in the previous system (Abdelhak,
Grostick and Hanken, 2014). The proposal would be approved by the higher authorities when
there would be a clear division of workforce and implementation authorities in a clear way.
The team implementation would have people in various roles and accountable to the
security system managements in the organization (Pathan, 2016). The team division would
include a chief finance officer, a chief Information System manager, the CEO, the senior
software architect, the Director of software development, a software developer or a team of
software engineers, a Chief Information Security Officer or CISO, an application programming
manager, a risk mitigation manager, a software tester, security management trainers, software
implementation specialist, quality assurance providers, prototype developer, and code
developers. Following would be a table that would have the detailed job description of every
person responsible for the implementation of the software system:
Name of the employees Roles
Chief finance advisor The role of a chief finance advisor is to prepare a
feasibility study of the project according to the project
budget. This would then be conveyed to the people in
the project to be aware of the finance developed in
each phase.
Chief IS manager The chief IS manager or Information Systems manager
develops the project outline based on the suitable
Information System for the implementation.
Chief executive officer The responsibility of the CEO is to be aware of the
entire matter of the project along with the management
approach and the risk management and system
development.
Senior software architect Helps in preparing the software architecture suitable
Team Division and Description
Since there has been a data breach before in the organization, hampering all the hospitals
and medical centres under it, the new process should definitely incorporate the security systems
that defends all the vulnerabilities that has been present in the previous system (Abdelhak,
Grostick and Hanken, 2014). The proposal would be approved by the higher authorities when
there would be a clear division of workforce and implementation authorities in a clear way.
The team implementation would have people in various roles and accountable to the
security system managements in the organization (Pathan, 2016). The team division would
include a chief finance officer, a chief Information System manager, the CEO, the senior
software architect, the Director of software development, a software developer or a team of
software engineers, a Chief Information Security Officer or CISO, an application programming
manager, a risk mitigation manager, a software tester, security management trainers, software
implementation specialist, quality assurance providers, prototype developer, and code
developers. Following would be a table that would have the detailed job description of every
person responsible for the implementation of the software system:
Name of the employees Roles
Chief finance advisor The role of a chief finance advisor is to prepare a
feasibility study of the project according to the project
budget. This would then be conveyed to the people in
the project to be aware of the finance developed in
each phase.
Chief IS manager The chief IS manager or Information Systems manager
develops the project outline based on the suitable
Information System for the implementation.
Chief executive officer The responsibility of the CEO is to be aware of the
entire matter of the project along with the management
approach and the risk management and system
development.
Senior software architect Helps in preparing the software architecture suitable
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Healthcare Data Securitylg...
|8
|1648
|70
Ethical Hacking: WannaCry Ransomware Attack and GDPR Implicationslg...
|8
|1826
|130
Network Security Fundamentalslg...
|4
|659
|33
Impact of Database Security Breacheslg...
|5
|680
|32
Ransomware and its Impacts on Societylg...
|12
|2901
|122
IT Networking Designing - Assignmentlg...
|6
|999
|40