Report on Information Technology and Security Management
VerifiedAdded on 2022/11/25
|10
|2301
|119
AI Summary
This report discusses an IT system developed for tracking patients and effective communication in the healthcare sector. It elaborates on access control policies and security protocols to reduce risk factors in the application.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: REPORT ON INFORMATION TECHNOLOGY AND SECURITY
MANAGEMENT
REPORT
ON
INFORMATION TECHNOLOGY
AND
SECURITY MANAGEMENT
Name of the Student
Name of the University
Author Note:
MANAGEMENT
REPORT
ON
INFORMATION TECHNOLOGY
AND
SECURITY MANAGEMENT
Name of the Student
Name of the University
Author Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1IT Security Manegement
Table of Contents
Part A: Planning, Development and the Management of the Security Policies.........................2
Introduction:...........................................................................................................................2
Description of the application:...............................................................................................2
Identified User-......................................................................................................................2
Doctor-...............................................................................................................................3
Pathologist-........................................................................................................................4
Nurse-.................................................................................................................................4
Conclusion:............................................................................................................................5
Part B: Risk Assessment in Australian Defence Industry..........................................................5
Australian Defence Industry:.................................................................................................5
Identification of the Risk(s):..................................................................................................6
Consequence(s):.....................................................................................................................6
Risk Register:.........................................................................................................................6
Table of Contents
Part A: Planning, Development and the Management of the Security Policies.........................2
Introduction:...........................................................................................................................2
Description of the application:...............................................................................................2
Identified User-......................................................................................................................2
Doctor-...............................................................................................................................3
Pathologist-........................................................................................................................4
Nurse-.................................................................................................................................4
Conclusion:............................................................................................................................5
Part B: Risk Assessment in Australian Defence Industry..........................................................5
Australian Defence Industry:.................................................................................................5
Identification of the Risk(s):..................................................................................................6
Consequence(s):.....................................................................................................................6
Risk Register:.........................................................................................................................6
2IT Security Manegement
Part A: Planning, Development and the Management of the Security
Policies
Introduction:
The aim of this report is to discuss an IT system which has been developed in order to
keep the track of patients and which will also help the user to effectively communicate with
the other stakeholders present in the scope of the application. Considering the above
mentioned objectives the Australia Government has expressed their interest towards the
betterment of this application. While discussing the application as well as the user interface
of the application named as “My Health Record” it has been noticed that there are several
users who may use this application with individual purpose. Followed by this is has been
observed that it should incorporate effective data access control as well as security protocol
which will provide protection to the user data. Hence, in this paper a detail elaboration on the
most appropriate access control policies as well as the security policies will be provided
which holds the capability to reduce the risk factors present in the nominated application.
Description of the application:
After investigating the mentioned aspect it has been noticed that the nominated
application “My Health Record” is a digital health record tracking system which gathers as
well as analyses the health records of the users. This system was initially approached by the
Australian Government. Followed by this above aspects it has been noticed that this
approached application will allow the hospitals, doctors, nurse, pathologist as well as the
patients to provide their healthcare information via which it enables the user to check the
health record of particular individual’s. Along with the above feature this application enables
the user to access the healthcare information via online. Followed by these aspects in this
paper it will effectively discuss about the user interface and their operations in this
application (Wheeler et al., 2018). Hence, the discussion on the essential users of this
approached application are mentioned below.
Identified User-
Followed by the purpose to elaborate the user interfaces in the approached application
it has been noticed that there is a significant impact of information access control in this
system as this system includes several users like Doctors, Nurse, Patients and the Pathologist
as well. Hence, it is highly essential to manage and control the information based of the
Part A: Planning, Development and the Management of the Security
Policies
Introduction:
The aim of this report is to discuss an IT system which has been developed in order to
keep the track of patients and which will also help the user to effectively communicate with
the other stakeholders present in the scope of the application. Considering the above
mentioned objectives the Australia Government has expressed their interest towards the
betterment of this application. While discussing the application as well as the user interface
of the application named as “My Health Record” it has been noticed that there are several
users who may use this application with individual purpose. Followed by this is has been
observed that it should incorporate effective data access control as well as security protocol
which will provide protection to the user data. Hence, in this paper a detail elaboration on the
most appropriate access control policies as well as the security policies will be provided
which holds the capability to reduce the risk factors present in the nominated application.
Description of the application:
After investigating the mentioned aspect it has been noticed that the nominated
application “My Health Record” is a digital health record tracking system which gathers as
well as analyses the health records of the users. This system was initially approached by the
Australian Government. Followed by this above aspects it has been noticed that this
approached application will allow the hospitals, doctors, nurse, pathologist as well as the
patients to provide their healthcare information via which it enables the user to check the
health record of particular individual’s. Along with the above feature this application enables
the user to access the healthcare information via online. Followed by these aspects in this
paper it will effectively discuss about the user interface and their operations in this
application (Wheeler et al., 2018). Hence, the discussion on the essential users of this
approached application are mentioned below.
Identified User-
Followed by the purpose to elaborate the user interfaces in the approached application
it has been noticed that there is a significant impact of information access control in this
system as this system includes several users like Doctors, Nurse, Patients and the Pathologist
as well. Hence, it is highly essential to manage and control the information based of the
3IT Security Manegement
category of the user. Considering the aspect of differentiating the information access limit it
has been identified that there is huge application of information access policies as well as
information security policies in order to establish the desired access control on the user
information. In order to support the above statement a detail explanation information access
from the identified user interfaces are provided furthermore in this paper. With respect to the
above statement it has been identified that in this approached application Doctors, Pathologist
and the Nurse are the most significant user, hence a detail elaboration on their user interfaces
are listed below:
Doctor-
In the mentioned application one of the most frequent users are the doctors as in a
healthcare application involvement of doctors are essential to support the healthcare services.
Purpose-
Followed by the above aspect it has been noticed that there is a significant purpose to
implement information security protocol in the approached IT system in order to protect the
information from the access of unauthorized users as well as to protect the information from
the cyber criminals. Since, in this application the detail of doctors will be provided as well as
the doctors must have the access of the relevant data from which, they can determine the
disease in order to suggest treatments for those identified disease. Hence, it is essential to
differentiate the data accessibility for the doctors compared with the other users (Duckett &
Willcox 2015).
Policy-
Considering the above mentioned aspect it has been noticed that in order to provide
effective access control to the information gathered in the IT system the Role Base Access
Control Policy will be accurate. Since, it has been noticed that in the nominated application
that considering the role or the categories of the user they must have the capabilities to access
the data.
Procedure-
Due to the application of the mentioned policies the doctors will then get the access of
the relevant patient’s data as well as their location in order to provide services to the required
user.
category of the user. Considering the aspect of differentiating the information access limit it
has been identified that there is huge application of information access policies as well as
information security policies in order to establish the desired access control on the user
information. In order to support the above statement a detail explanation information access
from the identified user interfaces are provided furthermore in this paper. With respect to the
above statement it has been identified that in this approached application Doctors, Pathologist
and the Nurse are the most significant user, hence a detail elaboration on their user interfaces
are listed below:
Doctor-
In the mentioned application one of the most frequent users are the doctors as in a
healthcare application involvement of doctors are essential to support the healthcare services.
Purpose-
Followed by the above aspect it has been noticed that there is a significant purpose to
implement information security protocol in the approached IT system in order to protect the
information from the access of unauthorized users as well as to protect the information from
the cyber criminals. Since, in this application the detail of doctors will be provided as well as
the doctors must have the access of the relevant data from which, they can determine the
disease in order to suggest treatments for those identified disease. Hence, it is essential to
differentiate the data accessibility for the doctors compared with the other users (Duckett &
Willcox 2015).
Policy-
Considering the above mentioned aspect it has been noticed that in order to provide
effective access control to the information gathered in the IT system the Role Base Access
Control Policy will be accurate. Since, it has been noticed that in the nominated application
that considering the role or the categories of the user they must have the capabilities to access
the data.
Procedure-
Due to the application of the mentioned policies the doctors will then get the access of
the relevant patient’s data as well as their location in order to provide services to the required
user.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4IT Security Manegement
Managerial-
The above mentioned procedure will be managed by using effective passwords as
well as will confidential logIn credentials.
Pathologist-
Along with the doctors, pathologists are also one of the most effective users of the
approached application. Hence, it is highly essential to address the requirement of the
pathologist.
Purpose-
Most significant purpose behind the implementation of the security and the access
control policy for the pathologist is to get the access of the relevant data as per their category.
Along with this, it is also very essential to protect the data from the other stakeholders as well
as from the unauthorized access (Laver et al., 2018).
Policy-
Similar to the Doctor’s interface here also the implementation of effective Role Base
Access Control Policies will be effective in order to provide protect to the user data.
Followed by this in the “My health Record” app it is also essential to adopt the affective
Authentication Control Policy which will enable the system provide information access
only to the authorized users (Hu et al., 2015).
Procedure-
Followed by this implementation the pathologist will get the access to the relevant
data from which they can serve their services. Along with it is will also provide only the
relevant information of the pathologist which is essential to contact or communicate with the
pathologist in case of any emergency occurs.
Managerial-
Along with the incorporation of the password to protect the information it is also
essential to implement effective security standards to provide protection to the IT system
(Dumas, Bennett & Fiske 2015).
Nurse-
Along with the services served by the above users, there is also a significant
importance of the Nurse in the healthcare services.
Managerial-
The above mentioned procedure will be managed by using effective passwords as
well as will confidential logIn credentials.
Pathologist-
Along with the doctors, pathologists are also one of the most effective users of the
approached application. Hence, it is highly essential to address the requirement of the
pathologist.
Purpose-
Most significant purpose behind the implementation of the security and the access
control policy for the pathologist is to get the access of the relevant data as per their category.
Along with this, it is also very essential to protect the data from the other stakeholders as well
as from the unauthorized access (Laver et al., 2018).
Policy-
Similar to the Doctor’s interface here also the implementation of effective Role Base
Access Control Policies will be effective in order to provide protect to the user data.
Followed by this in the “My health Record” app it is also essential to adopt the affective
Authentication Control Policy which will enable the system provide information access
only to the authorized users (Hu et al., 2015).
Procedure-
Followed by this implementation the pathologist will get the access to the relevant
data from which they can serve their services. Along with it is will also provide only the
relevant information of the pathologist which is essential to contact or communicate with the
pathologist in case of any emergency occurs.
Managerial-
Along with the incorporation of the password to protect the information it is also
essential to implement effective security standards to provide protection to the IT system
(Dumas, Bennett & Fiske 2015).
Nurse-
Along with the services served by the above users, there is also a significant
importance of the Nurse in the healthcare services.
5IT Security Manegement
Purpose-
Similar to the above mentioned objectives, it holds the purpose to access the
information effectively as well as it will also help to protect the information from the external
threats.
Policy-
The User Authentication Policy as well as the Role Base Access Control Policies will
help to address the required problems identified in the above discussion.
Procedure-
Due to this implementation the Nurse will get the access to the relevant data those are
essential to serve the desired services.
Managerial-
Incorporation of the password protection as well as the effective logIn credentials will
help to reduce the chance of data leakage.
Conclusion:
After the above discussion it can be concluded that in this paper it has effectively
elaborated the benefits of implementing the required policies in order to protect the data
stored in the application of “My Health Record”. Along with these, this paper also consists
of a detail elaboration related to the effective security controls and the access control policies
by which it can address the desire features of the application.
Part B: Risk Assessment in Australian Defence Industry
In this part it will effectively elaborate the services of the Australian Defence Industry
who uses the IT infrastructure as well as this discussion will also consist detail explanation
related to the identified risk. Followed by this it will also discuss about the consequence, as
well as the mitigation approached of the identified risk. A detail elaboration of the services of
the nominated organization is listed below-
Australian Defence Industry:
This organization servers the services to the Australian Defence Sector by providing
the required military equipment as well as other required devices. In has been also noticed
that this organization includes several other SMEs in order to support the mentioned services.
Followed by this it has been noticed that this organization uses effective IT systems in order
Purpose-
Similar to the above mentioned objectives, it holds the purpose to access the
information effectively as well as it will also help to protect the information from the external
threats.
Policy-
The User Authentication Policy as well as the Role Base Access Control Policies will
help to address the required problems identified in the above discussion.
Procedure-
Due to this implementation the Nurse will get the access to the relevant data those are
essential to serve the desired services.
Managerial-
Incorporation of the password protection as well as the effective logIn credentials will
help to reduce the chance of data leakage.
Conclusion:
After the above discussion it can be concluded that in this paper it has effectively
elaborated the benefits of implementing the required policies in order to protect the data
stored in the application of “My Health Record”. Along with these, this paper also consists
of a detail elaboration related to the effective security controls and the access control policies
by which it can address the desire features of the application.
Part B: Risk Assessment in Australian Defence Industry
In this part it will effectively elaborate the services of the Australian Defence Industry
who uses the IT infrastructure as well as this discussion will also consist detail explanation
related to the identified risk. Followed by this it will also discuss about the consequence, as
well as the mitigation approached of the identified risk. A detail elaboration of the services of
the nominated organization is listed below-
Australian Defence Industry:
This organization servers the services to the Australian Defence Sector by providing
the required military equipment as well as other required devices. In has been also noticed
that this organization includes several other SMEs in order to support the mentioned services.
Followed by this it has been noticed that this organization uses effective IT systems in order
6IT Security Manegement
to get the job done (Baldino & Carr 2016). Considering the working of the organization as
well as the IT systems a detail elaboration of the identified risk are listed below-
Identification of the Risk(s):
Since, the nominated organization work with the government defence sector of Australia
it holds a significant possibilities to get attacked by the criminals. Hence, the most identified
risk present in this scope due to the utilization of the Information Technology are listed
below-
Significant threat of Cyber Criminals, who are intended to steal the information related to
the defence sector (Cordner 2016).
The Possibilities of Ransomware attack in order to hack the entire IT system of the
organization and ask for money.
Due to the system failure the operation of the organization gets affected (Joiner et al.,
2016).
Along with the above threats the risk present due to the unauthorized access also cannot
be avoided (Fowler et al., 2017).
Along with it the IT system may cause a permanent damage to the organizational data
(Medcalf 2014).
Consequence(s):
After analysing the above risk present in this case scenario it has been noticed that
due to the occurrence of the above risk the reputation of the organization will be significantly
affected as well as it will harm the privacy of the defence data which may cause a huge
blunder.
Risk Register:
Sl.
No
.
Identified Risk Likelihood Impact Severity Owner Mitigation
identified risk
1. Attacks of Cyber
Criminals.
Moderate High High IT
security
officer
Adoption of
Firewall and IDS
IPS protection.
2. Ransomware
Attack.
Moderate High High Security
Officer
Implementation
of IDS and IPS
3. Information Low Low Moderate Developer Effective backup
to get the job done (Baldino & Carr 2016). Considering the working of the organization as
well as the IT systems a detail elaboration of the identified risk are listed below-
Identification of the Risk(s):
Since, the nominated organization work with the government defence sector of Australia
it holds a significant possibilities to get attacked by the criminals. Hence, the most identified
risk present in this scope due to the utilization of the Information Technology are listed
below-
Significant threat of Cyber Criminals, who are intended to steal the information related to
the defence sector (Cordner 2016).
The Possibilities of Ransomware attack in order to hack the entire IT system of the
organization and ask for money.
Due to the system failure the operation of the organization gets affected (Joiner et al.,
2016).
Along with the above threats the risk present due to the unauthorized access also cannot
be avoided (Fowler et al., 2017).
Along with it the IT system may cause a permanent damage to the organizational data
(Medcalf 2014).
Consequence(s):
After analysing the above risk present in this case scenario it has been noticed that
due to the occurrence of the above risk the reputation of the organization will be significantly
affected as well as it will harm the privacy of the defence data which may cause a huge
blunder.
Risk Register:
Sl.
No
.
Identified Risk Likelihood Impact Severity Owner Mitigation
identified risk
1. Attacks of Cyber
Criminals.
Moderate High High IT
security
officer
Adoption of
Firewall and IDS
IPS protection.
2. Ransomware
Attack.
Moderate High High Security
Officer
Implementation
of IDS and IPS
3. Information Low Low Moderate Developer Effective backup
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7IT Security Manegement
System failure. system to
support the
organizational
services.
4. Unauthorized data
access.
Moderate High High Security
Officer
Incorporation of
effective security
protocol.
5. Permanent data
loss.
Low High High Database
manager.
Effective data
backup in virtual
storage which
will give the
support in case
of any problem
occurs.
System failure. system to
support the
organizational
services.
4. Unauthorized data
access.
Moderate High High Security
Officer
Incorporation of
effective security
protocol.
5. Permanent data
loss.
Low High High Database
manager.
Effective data
backup in virtual
storage which
will give the
support in case
of any problem
occurs.
8IT Security Manegement
Reference:
Baldino, D., & Carr, A. (2016). Defence diplomacy and the Australian defence force:
smokescreen or strategy?. Australian Journal of International Affairs, 70(2), 139-158.
Cordner, L. (2016). The future of maritime forces in an integrated Australian defence
force. Security Challenges, 12(1), 101-114.
Duckett, S., & Willcox, S. (2015). The Australian health care system (No. Ed. 5). Oxford
University Press.
Dumas, P. C., Bennett, T., & Fiske, S. (2015). U.S. Patent No. 9,196,104. Washington, DC:
U.S. Patent and Trademark Office.
Fowler, S., Sweetman, C., Ravindran, S., Joiner, K. F., & Sitnikova, E. (2017). Developing
cyber-security policies that penetrate Australian defence acquisitions. Australian
Defence Force Journal, (202), 17.
Hu, V. C., Kuhn, D. R., Ferraiolo, D. F., & Voas, J. (2015). Attribute-based access
control. Computer, 48(2), 85-88.
Joiner, K., Sitnikova, E., & Tutty, M. (2016). Structuring defence cyber-survivability T and E
to research best practice in cyber-resilient systems. In 2016 Systems engineering test
and evaluation conference: SETE 2016 (p. 50). Engineers Australia.
Laver, K., Gnanamanickam, E., Whitehead, C., Kurrle, S., Corlis, M., Ratcliffe, J., ... &
Crotty, M. (2018). Introducing consumer directed care in residential care settings for
older people in Australia: views of a citizens’ jury. Journal of health services research
& policy, 23(3), 176-184.
Reference:
Baldino, D., & Carr, A. (2016). Defence diplomacy and the Australian defence force:
smokescreen or strategy?. Australian Journal of International Affairs, 70(2), 139-158.
Cordner, L. (2016). The future of maritime forces in an integrated Australian defence
force. Security Challenges, 12(1), 101-114.
Duckett, S., & Willcox, S. (2015). The Australian health care system (No. Ed. 5). Oxford
University Press.
Dumas, P. C., Bennett, T., & Fiske, S. (2015). U.S. Patent No. 9,196,104. Washington, DC:
U.S. Patent and Trademark Office.
Fowler, S., Sweetman, C., Ravindran, S., Joiner, K. F., & Sitnikova, E. (2017). Developing
cyber-security policies that penetrate Australian defence acquisitions. Australian
Defence Force Journal, (202), 17.
Hu, V. C., Kuhn, D. R., Ferraiolo, D. F., & Voas, J. (2015). Attribute-based access
control. Computer, 48(2), 85-88.
Joiner, K., Sitnikova, E., & Tutty, M. (2016). Structuring defence cyber-survivability T and E
to research best practice in cyber-resilient systems. In 2016 Systems engineering test
and evaluation conference: SETE 2016 (p. 50). Engineers Australia.
Laver, K., Gnanamanickam, E., Whitehead, C., Kurrle, S., Corlis, M., Ratcliffe, J., ... &
Crotty, M. (2018). Introducing consumer directed care in residential care settings for
older people in Australia: views of a citizens’ jury. Journal of health services research
& policy, 23(3), 176-184.
9IT Security Manegement
Medcalf, R. (2014). In defence of the Indo-Pacific: Australia's new strategic map. Australian
Journal of International Affairs, 68(4), 470-483.
Wheeler, A. J., Scahill, S., Hopcroft, D., & Stapleton, H. (2018). Reducing medication errors
at transitions of care is everyone’s business. Australian prescriber, 41(3), 73.
Medcalf, R. (2014). In defence of the Indo-Pacific: Australia's new strategic map. Australian
Journal of International Affairs, 68(4), 470-483.
Wheeler, A. J., Scahill, S., Hopcroft, D., & Stapleton, H. (2018). Reducing medication errors
at transitions of care is everyone’s business. Australian prescriber, 41(3), 73.
1 out of 10
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.