Analysis of Information System Security at NTN University

Verified

Added on 2023/06/06

AI Summary

This report delves into the critical aspects of information system security, specifically within the context of NTN, a nursing school with multiple campuses and affiliations with private hospitals. It begins by identifying potential legal issues arising from the mishandling of patient information by a mobile team, referencing the Privacy Act 1988. The report then explores ethical considerations for the security staff, emphasizing cyberethics and the need for a code of conduct to prevent unethical behavior. Measures to prevent such behavior, including codes of conduct, employee appreciation, and consequences for violations, are discussed. Furthermore, the report outlines the essential components of an InfoSec program, encompassing people, processes, and technology. Finally, it highlights relevant national and international standards, such as ISO 9000 and ISO 12207, which are crucial for ensuring quality management and establishing a common framework for software and system lifecycles. This report provides a comprehensive overview of the challenges and solutions in establishing and maintaining robust information security practices.

Running head: INFORMATION SYSTEM SECURITY
INFORMATION SYSTEM SECURITY
Name of the Student
Name of the University
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION SYSTEM SECURITY
Table of Contents
Introduction..........................................................................................................................2
Discussion............................................................................................................................2
Legal problems related to mishandling of information...................................................2
Ethics in InfoSec for the Staff of Security division.........................................................3
Measures taken to prevent unethical handling of information........................................3
Components of InfoSec program.....................................................................................4
National and international standard for this organization................................................5
Conclusion...........................................................................................................................5
References............................................................................................................................7

2INFORMATION SYSTEM SECURITY
Introduction
NTN is known to be a newly nursing school started in Australia. The main campus of this
school is located in the city of Sydney but its satellite campus is located in two locations that are
Darwin and Cairns. This new private has made an agreement with almost three private hospitals
which are based in Sydney (Peltier 2016). Both the private hospital and its satellite campus of
NTN has established its connection among each other by the help of internet. NTN aims at
providing telemedicine and services related to health care to a community which is at a radius of
200 km around it (Soomro, Shah and Ahmed 2016). The mobile team of this organization aims
to provide services and consultation to the important patient at their location of home.
In the coming pages of the report, an idea has been provided regarding legal problems
which are encountered due to mishandling of information. After that ethics for the staff of NTN
has been discussed in brief. Apart from this certain measures have been discussed which can be
used for unethical use of information. Various components of InfoSec program have been
discussed in details.
Discussion
Legal problems related to mishandling of information
Mobile team of NTN can encounter a list of legal issues with respect to mishandling of
information (Tu and Yuan 2014). Accessing the patient healthcare records are generally made
available to patient by properly treating it with health care providers and another kind of person
who is involved in care of the healthcare system. It is generally a normal healthcare practice for
patient of GP and other providers who are generally involved in providing care. Recognition of
health care providers is involved in providing proper care which is required to access the

3INFORMATION SYSTEM SECURITY
information of the patient. In many cases, it is seen that patient come up with greater concern
related to the fact that how information is made available. It is particularly the scenario related to
personal health information which is collected for various service. Healthcare service should be
made be available related to certain number of concern and methods of addressing it. Privacy Act
1988 is known to be an Australian law which emphasizes on handling personal information of
various individual (Safa, Von Solms and Furnell 2016). It is inclusive of following things like
collection, use, storage and lastly disclosure of vital information. Privacy Act of 1988 is
generally applied to most of private sector and commonwealth organization. It generally aims in
regulating the methods which can be used for regulating organization and agencies for handling
information.
Ethics in InfoSec for the Staff of Security division
Ethics can be easily stated like a set of certain principles which helps in governing an
individual or group of computer. Various security professional are generally expected to have an
idea regarding the various laws and associated regulation (Narain Singh, Gupta and Ojha 2014).
These are mainly used for use of various computer and along with information. Cyberethics can
be easily defined as certain codes of behavior which are needed for understanding various
aspects like moral, legal and issues related to social on internet and cyber technology. With the
help of proper cyber ethics an individual can easily experience safer and better internet
experience (Silva et al. 2014). Cyberbullying is a good term which is used for repeatedly
harming the people. With increase in the use of technologies, cyberbullying has been increased
to a large extend. Cyber technologies can be defined as a collection large number of computer
and another kind of communication device and associated technologies.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION SYSTEM SECURITY
Measures were taken to prevent unethical handling of information
A list of measures should be taken by information security division of NTN from
unethical handling of information like creation of code of conduct, appreciation for employees,
hiring for values and many others. Unethical practices in the security division of NTN can easily
damage its working environment (Safa et al. 2015). Unethical practices in this organization can
easily damage its credibility and can force the business to lose its customer. So, the business
owners and its management team can easily work with various employees for preventing any
kind of unethical behavior with NTN.
Code of conduct: Codes of Conduct which are written can easily provide employees and
associated managers with a proper overview regarding the kind of conduct and behaviors (Tot,
Grubor and Marta 2015). It mainly outlines the certain number of behavior which is considered
to be unexpected and certain employees violate the code of conduct.
Reinforcement of Consequences: Different business owners should hold their
employees into account for any kind of unethical behavior. The employees of this organization
should be easily informed about the new rules in NTN during the orientation sessions (Mishra et
al.2014). If any of the employees of NTN works in unethical way, then that individual should
refer to code of conduct and take certain measures for warning him or terminating him.
Show employee appreciation: Loyal employees understand the value of hard work
before accomplishing the task on daily basis (Sari and Nurshabrina 2016). Loyal employees are
less like to act unethically. Giving appreciation to employees or workers on daily basis can easily
encourage loyalty.

5INFORMATION SYSTEM SECURITY
Components of InfoSec program
The need for securing information system has become a vital thing as it can be used for
transmitting, collecting and lastly storing information (Peltier 2016). Both the federal
government and private sector are focusing to easily design and implement secure system for
preventing any kind of security breach. Development of an information security program
requires a good structured plan which includes various things like people, process and lastly
technology. Information security generally emphasizes on well structure plan which is inclusive
of people, process and lastly technology (Soomro, Shah and Ahmed 2016). For achieving
strategic and operational goals there are some key components for successfully implementing the
information security program.
1. Emphasizing on information security program
2. Align the security programs with mission and objectives of an organization.
3. Development of some meaningful and proper information security program
4. Developing a proper program for risk management.
5. Development and implementation of incident response plan.
National and international standard for this organization
ISC 9000 can be stated as a family of quality management standard which is needed for
providing the featuring of various products and services (Tu and Yuan 2014). It is generally
required by various customers. Quality management helps the organization in ensuring the
products and services which is needed for understanding the quality of requirement. ISO 12207
aims in establishment of common framework which is needed by software industry. It comes
with certain process which can be used for acquisition of any software services or product (Safa,

6INFORMATION SYSTEM SECURITY
Von Solms and Furnell 2016). ISO 15288 establishes a common framework which can be used
for describing the lifecycle system which is created by humans.
Conclusion
From the above discussion, it can be easily concluded that this report is all about NTN
organization which is a private nursing school in Australia. NTN aims in providing telemedicine
and healthcare service to community which is established within the radius of 200 km. The
mobile team of Darwin and Cairn aim to provide mobile services to various needy patients of the
home. Mobile team tends to travel around in a special vehicle known as home care vehicle.
Mobile team can easily scan and send the report of the patients to the private hospitals. They can
establish communication with the medical staff through networks. In the above pages of report,
an idea has been provided regarding the various legal issues which are related to mishandling of
patient information by mobile team of NTN. After that ethics in InfoSec for the staff members of
information security division has been discussed in details. The last section of the report deals
with various components of InfoSec program.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7INFORMATION SYSTEM SECURITY
References
Mishra, S., Caputo, D.J., Leone, G.J., Kohun, F.G. and Draus, P.J., 2014. The role of awareness
and communications in information security management: A health care information systems
perspective. International Journal of Management & Information Systems (Online), 18(2), p.139.
Narain Singh, A., Gupta, M.P. and Ojha, A., 2014. Identifying factors of “organizational
information security management”. Journal of Enterprise Information Management, 27(5),
pp.644-667.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. Computers & Security, 56, pp.70-82.
Sari, P.K. and Nurshabrina, N., 2016, April. Factor analysis on information security management
in higher education institutions. In Cyber and IT Service Management, International Conference
on (pp. 1-5). IEEE.
Silva, M.M., de Gusmão, A.P.H., Poleto, T., e Silva, L.C. and Costa, A.P.C.S., 2014. A
multidimensional approach to information security risk management using FMEA and fuzzy
theory. International Journal of Information Management, 34(6), pp.733-740.

8INFORMATION SYSTEM SECURITY
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information Management, 36(2),
pp.215-225.
Tot, L., Grubor, G. and Marta, T., 2015. Introducing the Information Security Management
System in Cloud Computing Environment. Acta Polytechnica Hungarica, 12(3), pp.147-166.
Tu, Z. and Yuan, Y., 2014. Critical success factors analysis on effective information security
management: A literature review.