Information Security in Healthcare Cloud
Added on 2020-03-23
20 Pages4570 Words189 Views
|
|
|
Running head: INFORMATION SECURITY MANAGEMENT GUIDELINESInformation Security Management GuidelinesName of the StudentName of the UniversityAuthor Note
1INFORMATION SECURITY MANAGEMENT GUIDELINESExecutive SummaryThe purpose of this report is to provide guidelines on improving the information security for theorganization and introduce and effective and efficient information security risk assessmentmanagement for A4A organization. A4A is about to transform it’s traditional of data andinformation into computerized based methods using information technology. These guidelinescover from context establishment to the risk assessment management. An overview over this riskassessment management has been introduced in this report that emphasis on the various stepsthat could be helpful in successful implementation of the risk assessment processes. This reportalso emphasis on the Australian laws that could be complementary for the A4A in establishing abetter risk assessment management system regarding the safeguard of the information and datathat are critical for the organization. It is very necessary to implement an information securityrisk assessment management system for enhancing the performance of the technology and takingbenefits of the technology with complete efficiency, which has also been explained in this report.This report focuses on the determining the context for A4A in manner to pave a platform for thewhole risk assessment processes that includes risks in outsourcing, cloud storage, cloudcomputing and many other risks related to the implementation of information technology into theexisting system of the organization.
2INFORMATION SECURITY MANAGEMENT GUIDELINESTable of ContentsIntroduction......................................................................................................................................4Applicable Policy and Legislation...................................................................................................4Applicable Policy.........................................................................................................................4Australian Privacy Law...............................................................................................................5Privacy Legislation......................................................................................................................5Risk Management Overview...........................................................................................................5Risk Assessment Framework.......................................................................................................5Applying ISO 31000....................................................................................................................6Establishment of the Context.......................................................................................................8Determining Context for the A4A...............................................................................................8Identifying Risk...........................................................................................................................9How to Determine Agency Risk Tolerance.................................................................................9Considering Factors while Determining the Cloud integration Risk.........................................10Potential Threats While Outsourcing Information....................................................................11Mapping Risks...........................................................................................................................12Assessing Risk...........................................................................................................................12Guidance on Determining Potential Consequences...................................................................13Evaluating the Risks..................................................................................................................13How to Consider Potential Risk Treatment Options 2795........................................................14Communication and Consultation.............................................................................................14Risk Monitoring and Review.....................................................................................................15Conclusion.....................................................................................................................................15References:....................................................................................................................................16
3INFORMATION SECURITY MANAGEMENT GUIDELINESIntroductionFollowing report aims at proving guidance on the information security and assessmentmanagement for the organization A4A considering the storage of data and the way of keepingthem safer. The scope of this report is to present an information security management system forthe organization in manner to maintain the confidentiality, availability, and integrity of the dataabout the operational activities and sensitive information about the employees working in thesame organization including the safety measures for the stakeholders too.According to the case study, A4A is Non-Governmental Organization, which is going totransform the existing system into a technology based system and about to set up informationsystems to keep those data saved into the database of the systems. For this transformationassumptions can be made that there will be need of outsourcing of Information andCommunication technology (ICT) and computers.The guidelines provided in this report can be much efficient for the risk assessmentmanagement and better protecting the information that is being store into the systems or in thecloud. This is the most important aspect for all the organization, which is migrating data orinformation into systems or in cloud.Applicable Policy and LegislationApplicable PolicyAustralian Government policy promotes the PSPF and ISM for the policy related to theinformation security. A4A can manage the information security with better efficiency throughthe mandatory requirements that has been already stated in the PSPF. For A4A it is a veryimportant factor for its growth to establish a better and effective risk management for the
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents