Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Security Management and Governance for Griffith University Medical Centre (GUMC)

Verified

Added on 2023/06/07

AI Summary

The report aims at providing an overview of Security Management and governance in context of Griffith University Medical Centre (GUMC). The report puts forward a discussion on how the information security is managed in a better way through the development of Security Management Program. This also involves discussion about a program involving tasks and roles for the development of a Security Management Program. The report also puts forward a preliminary management plan or risk assessment including a contingency plan for managing the information of the patients.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: SECURITY MANAGEMENT AND GOVERNANCE
Security Management and Governance
Name of the Student:
Name of the University:
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
SECURITY MANAGEMENT AND GOVERNANCE
Executive Summary:
The report aims at providing an overview of Security Management and governance in context of
Griffith University Medical Centre (GUMC). The report puts forward a discussion on how the
information security is managed in a better way through the development of Security
Management Program. This also involves discussion about a program involving tasks and roles
for the development of a Security Management Program. The report also puts forward a
preliminary management plan or risk assessment including a contingency plan for managing the
information of the patients.

2
SECURITY MANAGEMENT AND GOVERNANCE
Table of Contents
Purpose of the Report:.....................................................................................................................3
Structure of the Report:...................................................................................................................3
Part A...............................................................................................................................................3
1. Benefits of an Ongoing Security Management Process and Reasons for Having a Policy.........3
2. Development of Security Policy and Security Management Plan...............................................5
3. a. Functions, Tasks, Roles and Responsibilities for Security Management Program of GUMC 6
b. Roles of Different Individuals / Groups in Terms of Governance..............................................7
4. Identify of Models for the development of a Security Management Program............................8
5. Implications of Legal and Statutory Requirements of Security Management Program..............8
Part B.............................................................................................................................................10
1. a. Benefits of Risk Management Plan........................................................................................10
b. Steps Necessary for Building a Risk Management Plan...........................................................10
c. Importance of Contingency Plan and Risk Analysis and Cost Benefit Analysis......................11
2. Threats, Vulnerabilities, and Attacks that Formal Risk Management Plan Manages...............11
3. Risk Management Plan and Recommendations based on Cost Benefit Analysis.....................12
4. Responsibility of the User and Vendor......................................................................................15
References:....................................................................................................................................16
Appendix:......................................................................................................................................18

3
SECURITY MANAGEMENT AND GOVERNANCE

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
SECURITY MANAGEMENT AND GOVERNANCE
Purpose of the Report:
The purpose of the report is to put forward the need and requirement for the
implementation of Information and communications technology (ICT) security system for the
Griffith University Medical Centre (GUMC) in Tasmania
Structure of the Report:
The report consists of two parts. The first part discusses about the benefits of Security
Management and the importance of the policies. There is also discussion about the security
policy and the security management plan. This portion of the report also provides a descriptive
analysis of tasks, roles, responsibilities and functions. There is also discussion about the
individual roles in governance, models relevant for developing security management program
along with an implication of the statutory and legal requirements. The second part of the report
talks about the process of risk assessment along with explanation of the benefits of risk
management plan. In this portion the report helps in the identification of the assets,
vulnerabilities, threats, suggested controls and the priority sets.
Part A
1. Benefits of an Ongoing Security Management Process and Reasons for Having a Policy
The benefits an ongoing Security Management process is as follows (Soomro, Shah and
Ahmed 2016):
1. It helps in securing all forms of information: A Security Management process
ensures protecting all kinds of paper based and digital information, company related secrets,

5
SECURITY MANAGEMENT AND GOVERNANCE
intellectual property, data on cloud and on services along with personal information and hard
copies.
2. Enhances the Resilience Towards Cyber Attacks: A Security Management process
will enhance the organization’s resilience towards the cyber attacks
3. Represents a Centrally Managed Framework: An ongoing Security Management
process helps in keeping the information of the organization safe and thereby manage it from a
single place.
4. Protection to the Organization: The presence of Security Management system not
only protects the organization from technology-based risks but common threats like ineffective
procedures and poorly informed staffs.
5. Ensures Responding to the Evolving Security Related Threats: The Security
Management process helps in continuously adapting to the changes of the environment and
within the organization thereby reducing threats of the continuously evolving risk.
6. Reduction of Cost in terms of Information Security: The risk assessment and
analysis approach of Security Management process allows organizations in reducing the cost
indiscriminately spent on adding the layers of the defensive technology that may not work.
7. Allows Protection, Integration and Availability of Data: The Security Management
process offers set of procedures, policies, physical and technical control for protecting the
availability, confidentiality and the integrity of the information

6
SECURITY MANAGEMENT AND GOVERNANCE
8. Leads to Improvement in the Culture of the Company: This helps the employees in
readily understanding the risk and in embracing the security controls as the day-to-day working
practice. .
2. Development of Security Policy and Security Management Plan
The security policy represents a document explaining the procedures intended for
protecting resources and the physical assets related to the information technology (Safa, Von
Solms and Furnell 2016). The policy is designed with much flexibility for making amendments
whenever necessary.
Thus, the successful development a Security Policy involves (Ifinedo 2014):
1. Identification of the risks
2. Learning the Security Policy Implemented by the Others
3. Ensuring the conformation of the policy with the legal requirements
Security Management Plan helps in setting out security measures for implementation by
the Griffith University Medical Centre (GUMC) of Tasmania. Such implementation depends on
all the aspects of services and the processes associated with service delivery (Weaver et al.
2016). This also depends on the compliance with the security procedures and measures that are
sufficient for ensuring that the services comply with the provision of the schedule. In other
words, the Security Management Plan sets out plans for transitioning all the security
responsibilities and arrangements from the ones in place to the one’s incorporated on a specific
date for meeting the security requirements and full obligations.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
SECURITY MANAGEMENT AND GOVERNANCE
The objectives and the purpose of the Security Management Plan lines in (Peltier 2016):
1. The establishment, support and maintenance of a plan based on the evaluation and
monitoring of the potential and actual hazards that makes use of the organizational experience,
accepted practices and the applicable regulation and law.
2. Security Management Plan helps in reducing the risk of the patients, physicians, staffs,
vendors/contractors and the visitors while they are inside a hospital or any other property through
assurance of a hazard free physical environment.
3. It also provides a secure, safe and a comfortable physical environment.
4. This also ensures that the training and education of the staffs on the methods of
preventing injuries, incidents and thereby provide a quicker response for recognizing, reporting
and reacting to accidents that seems inappropriate.
3. a. Functions, Tasks, Roles and Responsibilities for Security Management Program of
GUMC
Functions of Security Management program include (Sennewald and Baillie 2015):
 Monitoring all infrastructure and operations
 Maintaining all the security technology and tools
 Monitoring the compliance of the internal and external policy
 Monitoring the compliance of regulation
 Working with the different departments within the organization for reducing risk.
 Implementing newer technologies

8
SECURITY MANAGEMENT AND GOVERNANCE
 Auditing policies and controls on a continuous basis
Tasks Included in Security Management Program are as follows (Peltier 2013):
The Security Management Program holds the responsibility of monitoring security operations
of GUMC. The tasks primarily include:
 Implementation of the security policies
 Implementation of rules and regulations
 Implementation of norms
 Ensuring a safe environment for the employers and the patient
Roles and responsibilities of a Security Management Program are as follows (Rittinghouse
and Ransome 2016):
Security Management Program acts as a control function of GUMC and is responsible for
verifying and implementing the enterprise protection intended for meeting the duty for protection
through the adequate protection of the things that has already been protected.
b. Roles of Different Individuals / Groups in Terms of Governance.
1. Chief Information Security Office: This person holds the responsibility of defining
the entire security posture of the organization and will have an idea about and understanding of
the systems and information they are responsible for protecting (Harkins 2013).
2. Security Manager: The role involves the creation of a vision for building processes,
hiring and the development of technology stack (Ahmad, Maynard and Park 2014). He must also
possess a significant experience and background in running of a security tea and therefore should
provide both managerial oversight and technical guidance

9
SECURITY MANAGEMENT AND GOVERNANCE
3. Security Engineer: They are responsible for building the engineering security systems
and the security architecture thereby ensuring speed and continuity(Bhatt, Manadhata and
Zomlot 2014).
4. Security Analyst: They hold the responsibility of recommending newer technologies
and installing them along with providing required training to the other teams (Hilary and Shen
2013).
4. Identify of Models for the development of a Security Management Program
The Bell-LaPadula Confidentiality Model might find relevance in the development of the
Security Management Program (Younis, Kifayat and Merabti 2014). The model helps in
ensuring the confidentiality of the information system since it makes use of mandatory access
controls (MACs), security clearances and data classification. This model is secure since it
depends on a conceptual approach where the state of content of a system undergoing modeling
always remains in a secured condition. The model represents a system that acts as reference
monitor that compares the classification level of data with clearance from entity requesting an
access.
5. Implications of Legal and Statutory Requirements of Security Management Program
The legal and statutory requirements of the Security Management Program help in the
prevention of legal misbehavior and in dealing with complex programs that extend to the areas
involving the clients (Nemeth 2017). Besides, a Security Management Program depends on three

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
SECURITY MANAGEMENT AND GOVERNANCE
key principles often guaranteed by fulfilling the legal and the statutory requirements. This
includes confidentiality, integrity and the availability.

11
SECURITY MANAGEMENT AND GOVERNANCE
Part B
1. a. Benefits of Risk Management Plan
These include (Sadgrove 2016):
1. Observing Non Apparent Risk: This enables in leveraging a team of experts for
identification and providing deeper understanding of all risks
2. Provides Support and Insight to Board of Directors: The members of the board
might find difficult in identifying risk beyond their experience and expertise. Therefore, it helps
in providing advisory services and resources to the Board for discharging the duties.
3. Helps in Reducing Business Liability: This involves the reduction of the upfront
litigation risk that makes a company more attractive.
4. Helps in Framing Regulatory Issues: Risk management program helps in providing a
greater insight for insurance, liability and indemnity issues thereby allowing the company to
focus.
b. Steps Necessary for Building a Risk Management Plan
This includes (Hopkin 2018):
 Step 1: Identification of the e risk
 Step 2: Analysis of the risk
 Step 3: Evaluating and treating the risk
 Step 4: Treatment of the risk
 Step 5: Monitoring and reviewing the risk

12
SECURITY MANAGEMENT AND GOVERNANCE
c. Importance of Contingency Plan and Risk Analysis and Cost Benefit Analysis
A contingency plan for GUMC will enable the firm in returning to the daily operations as
soon as possible post the occurrence of an unforeseen event (Talluri et al. 2013). The presence of
a contingency plan helps in protection of resources, minimization of inconvenience of the
customers along with identification of key staff.
Risk analysis refers to the examinations of how the outcomes and objectives of a project
may change due to impact of risk event (Kou, Peng and Wang 2014). After the identification of
risk, analysis is done for the identifying the qualitative and quantitative impacts of the risk on
projects for undertaking appropriate steps for mitigating them.
A cost benefit analysis involves evaluation of rewards and risks of the projects under the
consideration (Muennig and Bounthavong 2016). It is often used for projecting potential benefits
of the investment in product development, marketing ideas, enhancements of infrastructure and
the operational changes.
2. Threats, Vulnerabilities, and Attacks that Formal Risk Management Plan Manages
Threats
 Threats related to the breach of security and hacking of the health data.
 Threats of infiltration into the system by gaining access of the health information of
patients.
 Threats related to the unintentional actions or mistakes
 Threats related to supply chain from transactions with the vendors to the pharmaceutical
shipments.
Vulnerabilities
 Theft of medical information by simply stealing desktop computers

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13
SECURITY MANAGEMENT AND GOVERNANCE
 Usage of the mobile devices does not have the same level of security as the computer
systems
 Leakage of data while dissemination from the patients to the third parties.
 Outsourcing to the third party vendors or business associates that has become a norm in
the healthcare industry.
 Employment of cloud computing services for maintaining the protected health
information exposed health organization to breaches.
Attacks
 Negligent behavior of the employees acted as the biggest worry in healthcare
organizations
 Criminal threats as the cybercriminals are changing their tactics on regular basis.
 of Insufficient security the Electronic Medical Records (EMR), has raised the risk of
exposure of the personal information of the patients (Park, Parwani and Pantanowitz
2014).
3. Risk Management Plan and Recommendations based on Cost Benefit Analysis.
Patient Safety and Risk Management Program
The Plan can act as the model for the development of patient safety and the risk management
program for meeting the needs of the organization.
1. Purpose
The purpose of the Risk Management Plan lies in supporting the vision and mission of Griffith
University Medical Centre (GUMC) since it deals with the patient safety and the clinical risk
along with visitor, volunteer, third party and employee safety

14
SECURITY MANAGEMENT AND GOVERNANCE
2. Guiding Principles
The Risk Management Plan represents a conceptual and overarching framework that leads to the
development of a risk management program along with the activities and initiatives related to
patient safety.
3. Governing Body
The governing board is committed to the promotion of safety of all the patients, visitors,
volunteers, employees and individuals who are involved in the organizational operations.
3. Programs, Objectives and Goals
 Continuous improvement of the patient safety and minimizing and preventing occurrence
of the errors
 Minimizing the adverse impacts of the errors, system breakdowns and events as and
when they occur.
 Minimizing the overall organizational losses by proactively analyzing, identifying, ,
controlling and preventing clinical business and the operational risks.
 Facilitating compliance with the legal and regulatory authority thereby accrediting the
requirements of the agency
 Protection of intangible and human resources
4. Risk Management Program Functions
1. Development of systems for reporting and overseeing the potentially unsafe conditions
and the adverse events.
2. Collection and analysis of the data for monitoring performance processes involving
risk or other adverse events.

15
SECURITY MANAGEMENT AND GOVERNANCE
3. Overseeing GUMC for collection of data and processing, analysis of information and
the generation of the statistical trend reports for the monitoring and identification of the adverse
event.
4. Ensuring the compliance with reporting requirements and data collection for the
governmental, accrediting and regulatory agencies
5. Facilitating the implementation of improved tracking systems for the diagnostic test,
preventive screenings and medication related safety systems.
6. Facilitating the participation of the staff and the provider in the educational programs
of risk and safety management.
5. Monitoring and Continuous Improvement
The Patient Risk Management Committee undertakes a risk management activity on
regular basis. The risk manager usually reports the outcomes and the activities to the governing
board on a regular basis.
6. Confidentiality
The documents and records of the patients are confidential and privileged to extent provided by
the state and the federal law.
7. Recommendations
 By using a risk informed instead of a risk based approach towards the management of
risk
 By incorporating qualitative assessment of risk
 By focusing on the management of the risk instead of measuring the risk

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

16
SECURITY MANAGEMENT AND GOVERNANCE
4. Responsibility of the User and Vendor
They hold the responsibility of developing the risk consciousness amongst all the
contractors, owners and suppliers by making them understand the explicit consideration of the
risk.

17
SECURITY MANAGEMENT AND GOVERNANCE
References:
Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), pp.357-
370.
Bhatt, S., Manadhata, P.K. and Zomlot, L., 2014. The operational role of security information
and event management systems. IEEE security & Privacy, (5), pp.35-41.
Harkins, M., 2013. Managing risk and information security: protect to enable. Apress.
Hilary, G. and Shen, R., 2013. The role of analysts in intra-industry information transfer. The
Accounting Review, 88(4), pp.1265-1287.
Hopkin, P., 2018. Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.
Kou, G., Peng, Y. and Wang, G., 2014. Evaluation of clustering algorithms for financial risk
analysis using MCDM methods. Information Sciences, 275, pp.1-12.
Muennig, P. and Bounthavong, M., 2016. Cost-effectiveness analysis in health: a practical
approach. John Wiley & Sons.
Nemeth, C.P., 2017. Private security and the law. CRC Press.

18
SECURITY MANAGEMENT AND GOVERNANCE
Park, S.L., Parwani, A.V. and Pantanowitz, L., 2014. Electronic medical records. In Practical
Informatics for Cytopathology (pp. 121-127). Springer, New York, NY.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Rittinghouse, J.W. and Ransome, J.F., 2016. Cloud computing: implementation, management,
and security. CRC press.
Sadgrove, K., 2016. The complete guide to business risk management. Routledge.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. Computers & Security, 56, pp.70-82.
Sennewald, C.A. and Baillie, C., 2015. Effective security management. Butterworth-Heinemann.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information Management, 36(2),
pp.215-225.
Talluri, S., Kull, T.J., Yildiz, H. and Yoon, J., 2013. Assessing the efficiency of risk mitigation
strategies in supply chains. Journal of Business Logistics, 34(4), pp.253-269.
Weaver, C.A., Ball, M.J., Kim, G.R. and Kiel, J.M., 2016. Healthcare information management
systems. Cham: Springer International Publishing.
Younis, Y.A., Kifayat, K. and Merabti, M., 2014. An access control model for cloud
computing. Journal of Information Security and Applications, 19(1), pp.45-60.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

19
SECURITY MANAGEMENT AND GOVERNANCE

20
SECURITY MANAGEMENT AND GOVERNANCE
Appendix:
1. a. Benefits of Risk Management Plan
1. Observing Non Apparent Risk
2. Provides Support and Insight to Board of Directors.
3. Helps in Reducing Business Liability
4. Helps in Framing Regulatory Issues.
b. Steps Necessary for Building a Risk Management Plan
Step 1: Identification of the e risk
 Step 2: Analysis of the risk
 Step 3: Evaluating and treating the risk
 Step 4: Treatment of the risk
 Step 5: Monitoring and reviewing the risk
c. i. Contingency Plan will enable the firm in returning to the daily operations as soon as
possible post the occurrence of an unforeseen event
ii. Risk analysis refers to the examinations of how the outcomes and objectives of a project may
change due to impact of risk event
iii. Cost benefit analysis involves evaluation of rewards and risks of the projects under the
consideration.
2. i. Threats Managed by Risk Management Plan
 Breach of security and hacking of the health data.
 Infiltration into the system by gaining access of the health information of patients.

21
SECURITY MANAGEMENT AND GOVERNANCE
 Threats in relation to mistakes and unintentional actions
 Threats of supply chain
ii. Vulnerabilities
 Theft of important medical information
 Over usage of mobile devices with lack of security
 Leakage of data while dissemination
 Outsourcing to third party vendors or business associates
 Employment of cloud computing services exposes to breaches.
iii Attacks
 Negligent behavior of the employees
 Criminal threats by the cybercriminals
 Insufficient security to the Electronic Medical Records (EMR) has raised risk of exposure
3. Risk Management Plan
The Plan can act as the model for the development of patient safety and the risk management
program for meeting the needs of the organization.
1. Purpose
The purpose of the Risk Management Plan lies in supporting the vision and mission of Griffith
University Medical Centre (GUMC).
2. Guiding Principles
The Risk Management Plan represents a conceptual and overarching framework that leads to the
development of a risk management program.
3. Governing Body

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

22
SECURITY MANAGEMENT AND GOVERNANCE
The governing board is committed to the promotion of safety of all the patients, visitors,
volunteers, employees and individuals who are involved in the organizational operations.
3. Programs, Objectives and Goals
 Continuous improvement
 Minimizing the adverse impacts
 Minimizing the overall organizational losses.
 Facilitating compliance with the legal and regulatory authority
 Protection of intangible and human resources
4. Risk Management Program Functions
1. Development of systems for reporting and overseeing
2. Collection and analysis of the data for monitoring performance
3. Overseeing GUMC for collection of data and processing,
4. Ensuring compliance with reporting requirements
5. Facilitating implementation of improved tracking systems
6. Facilitating the participation of the staff
5. Monitoring and Continuous Improvement
The Patient Risk Management Committee undertakes a risk management activity on
regular basis. The risk manager usually reports the outcomes and the activities to the governing
board on a regular basis.
6. Confidentiality
The documents and records of the patients are confidential and privileged to extent provided by
the state and the federal law.
7. Recommendations

23
SECURITY MANAGEMENT AND GOVERNANCE
 By using a risk informed instead of a risk based approach towards the management of
risk
 By incorporating qualitative assessment of risk
 By focusing on the management of the risk instead of measuring the risk
4. Responsibility of the User and Vendor
They hold the responsibility of developing the risk consciousness amongst all the
contractors, owners and suppliers by making them understand the explicit consideration of the
risk.

24
SECURITY MANAGEMENT AND GOVERNANCE
.

1 out of 25

+13062052269

info@desklib.com

Security Management and Governance for Griffith University Medical Centre (GUMC)

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Report on Implementing Security Management Program at Griffith University Medical GUMC

Security Management and Governance for GUMC: A Comprehensive Plan

Security of Intellectual Property for PIA

Security Management and Governance

Security Management and Governance

Developing a Security Management Program and Risk Assessment Plan for Power AI