Information Security Policy and Program: A Comprehensive Analysis
VerifiedAdded on 2025/08/22
|20
|3396
|258
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
Information security policy and program
1
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
Introduction......................................................................................................................................3
Part 1................................................................................................................................................4
Plan System Access Security Policy............................................................................................4
Develop System Access Security Policy.....................................................................................6
Manage System Access Security Policy......................................................................................7
Part 2................................................................................................................................................8
A brief introduction of the organization and the IT systems.......................................................8
Identify and explain any major risk in the IT systems components.............................................9
Discuss the consequences of the risk.........................................................................................10
The inherent risk assessment that is then assessed, raw/untreated risk inherent in a process or
activity without doing anything to reduce the likelihood or consequence.................................11
Mitigate the risk.........................................................................................................................12
A residual risk assessment that is then assessed, risk in a process or activity in terms of
likelihood and consequence after controls are applied to mitigate the risk...............................13
Create a Risk Register based on the risks identified in the IT systems.....................................14
Conclusion.....................................................................................................................................16
References......................................................................................................................................17
2
Introduction......................................................................................................................................3
Part 1................................................................................................................................................4
Plan System Access Security Policy............................................................................................4
Develop System Access Security Policy.....................................................................................6
Manage System Access Security Policy......................................................................................7
Part 2................................................................................................................................................8
A brief introduction of the organization and the IT systems.......................................................8
Identify and explain any major risk in the IT systems components.............................................9
Discuss the consequences of the risk.........................................................................................10
The inherent risk assessment that is then assessed, raw/untreated risk inherent in a process or
activity without doing anything to reduce the likelihood or consequence.................................11
Mitigate the risk.........................................................................................................................12
A residual risk assessment that is then assessed, risk in a process or activity in terms of
likelihood and consequence after controls are applied to mitigate the risk...............................13
Create a Risk Register based on the risks identified in the IT systems.....................................14
Conclusion.....................................................................................................................................16
References......................................................................................................................................17
2
Introduction
The programs and features for managing security and safety systems are very important to
establish. Establishment of new programs and security systems to manage is slightly difficult
because it is a systematic and enthusiastic process. Many specialists have conducted various
events in order to create a new security system to protect programs to be launched. In simple
words, it is set of policies governed by some specialized moderators obtained by the
organizations or associations to develop a security system. This security system helps to access
the programs with special features and characteristics. No matters how sophisticated techniques
and programs an organization use eventually they need a security system to be established to
maintain the integrity and keep the information safe and protected. This helps the organizations
to use their own domain and private networking systems with effective guidelines. Hence,
information security programs are necessary to be obtained by every organization.
3
The programs and features for managing security and safety systems are very important to
establish. Establishment of new programs and security systems to manage is slightly difficult
because it is a systematic and enthusiastic process. Many specialists have conducted various
events in order to create a new security system to protect programs to be launched. In simple
words, it is set of policies governed by some specialized moderators obtained by the
organizations or associations to develop a security system. This security system helps to access
the programs with special features and characteristics. No matters how sophisticated techniques
and programs an organization use eventually they need a security system to be established to
maintain the integrity and keep the information safe and protected. This helps the organizations
to use their own domain and private networking systems with effective guidelines. Hence,
information security programs are necessary to be obtained by every organization.
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Part 1
Plan System Access Security Policy
A system security plan is basically an implemented organizational IT environment proposed on
the basis of planning and controlling of an information system (Russell & Miller, 2019). The
main objective of establishing an IT system is to keep the environment safe and protected with
security policies.
Based on this assessment it has been found that the commonwealth government of Australia has
decided to launch a new program “My health record”. This program is basically created for the
patients and disease suffering peoples in Australia to get well informed about their health
problems by maintaining an online record in their information system. Commonwealth
government of Australia has forwarded step towards launching this program in order to maintain
health records which do not even reduce the rate of unnecessary hospital admissions but also
improvise the quality of patients caring. With the help of this program, the patients can easily go
through from health records and they can also allow accessing the health record system to their
doctors, administration supervisor of the hospital, nurses, etc. However, the enabling and
disabling of the information system can only possible with the help of system access security
policy (BANSAL & Desai, 2019).
In order to commence is system access security system, the security advisor is required to bring
all the required resource to establish this system access security system. The very most and basic
step to commence any program or activity, planning is the most effective step. Without planning
no activity can be performed whether inside or outside the business. While conducting the
establishment of these plans, the security advisor is required to set out what would be the results
and for whom it will be necessary. In order to establish several aspects that need to identify by
the security advisor. Being a manager of this whole project, it is also very important to get the
work done with required resources and system access security policy considered as major
finding.
4
Plan System Access Security Policy
A system security plan is basically an implemented organizational IT environment proposed on
the basis of planning and controlling of an information system (Russell & Miller, 2019). The
main objective of establishing an IT system is to keep the environment safe and protected with
security policies.
Based on this assessment it has been found that the commonwealth government of Australia has
decided to launch a new program “My health record”. This program is basically created for the
patients and disease suffering peoples in Australia to get well informed about their health
problems by maintaining an online record in their information system. Commonwealth
government of Australia has forwarded step towards launching this program in order to maintain
health records which do not even reduce the rate of unnecessary hospital admissions but also
improvise the quality of patients caring. With the help of this program, the patients can easily go
through from health records and they can also allow accessing the health record system to their
doctors, administration supervisor of the hospital, nurses, etc. However, the enabling and
disabling of the information system can only possible with the help of system access security
policy (BANSAL & Desai, 2019).
In order to commence is system access security system, the security advisor is required to bring
all the required resource to establish this system access security system. The very most and basic
step to commence any program or activity, planning is the most effective step. Without planning
no activity can be performed whether inside or outside the business. While conducting the
establishment of these plans, the security advisor is required to set out what would be the results
and for whom it will be necessary. In order to establish several aspects that need to identify by
the security advisor. Being a manager of this whole project, it is also very important to get the
work done with required resources and system access security policy considered as major
finding.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
To make the planning effective, the basic step is to find the necessary information about the
organization of the association what they want in the security system. The necessary information
should be followed by security managers such as:
Authentication of users
Device identification
Access control
Identification management
Account management
Based on this information the security managers can establish the required set of application or a
security system. The company needs to develop, describe and disseminate the plan to the patients
to obtain this feature. Commonwealth government of Australia wants this feature is to be
governed in each or most of the hospitals in Australia so they could enhance the serviceability of
the providing quality of care to them. In order to put into action, it is very necessary to force this
in a formal and sophisticated manner. The integrity is also an important factor to be maintained
with the help of assured commitments, coordination between the entities and compliances
(Garrett, et. al, 2019). A plan or procedure is a set of formalization, documentation and full of
procedural work which helps to facilitate communication or transformation of information of the
individuals to control rate of admissions of hospitals.
5
organization of the association what they want in the security system. The necessary information
should be followed by security managers such as:
Authentication of users
Device identification
Access control
Identification management
Account management
Based on this information the security managers can establish the required set of application or a
security system. The company needs to develop, describe and disseminate the plan to the patients
to obtain this feature. Commonwealth government of Australia wants this feature is to be
governed in each or most of the hospitals in Australia so they could enhance the serviceability of
the providing quality of care to them. In order to put into action, it is very necessary to force this
in a formal and sophisticated manner. The integrity is also an important factor to be maintained
with the help of assured commitments, coordination between the entities and compliances
(Garrett, et. al, 2019). A plan or procedure is a set of formalization, documentation and full of
procedural work which helps to facilitate communication or transformation of information of the
individuals to control rate of admissions of hospitals.
5
Develop System Access Security Policy
After commencing the planning for system access security policy, the management system of
security organization is required to develop the plan. The commencement of prepared is required
cost and required resources in which way too important. Financing and funding is the heart of
every plan. The main objective of commencing this function is to get higher efficiency in the
hospitals in Australia. The development of plan is not an easy function to perform.
Commonwealth government of Australia has obtained the security advisor to establish a system
access security policy. However, he proposed a plan for the hospitals with highly advanced
technology and advanced features as mentioned below:
Access enforcement: With the help of required information and instructions, the
description is necessary to be provided to the patients in order to maintain the
transparency and assigned the authorization to the control the access. In order to control
the policies, identification policies, role-based policies and rule-based policies are very
necessary to be performed by the management systems.
Information flow enforcement: The hospitals can flow the control systems where the
information can be allowed to share between the patients and the hospital administration
department. Information will remain interconnected till last. The information system will
allow the patients to access as well as also allow checking all the necessary details
without explicit regard to subsequent accesses (Smith, et. al, 2019).
Separation of duties: This process refers to t eliminate the separation of duties and
conflicts of interest. The duties of hospital and the responsibilities of patients both are
different factors. There is an access control which helps to maintain patients’ accounts
and also removes fraudulent activities happen with account details.
Login attempts: The protection and security are very critical factors which are the most
important part of this system. Lock the account with the help of advanced passwords and
combination of digits, symbols and alphabets will be there to access the account and
prevent from unsuccessful login attempts. In regards to logging in to the accounts, the
systems will ask login prompts to access the account.
System notifications: If there is necessary information or any notification details
circulated or sent by the hospitals so the patients can easily check that information
6
After commencing the planning for system access security policy, the management system of
security organization is required to develop the plan. The commencement of prepared is required
cost and required resources in which way too important. Financing and funding is the heart of
every plan. The main objective of commencing this function is to get higher efficiency in the
hospitals in Australia. The development of plan is not an easy function to perform.
Commonwealth government of Australia has obtained the security advisor to establish a system
access security policy. However, he proposed a plan for the hospitals with highly advanced
technology and advanced features as mentioned below:
Access enforcement: With the help of required information and instructions, the
description is necessary to be provided to the patients in order to maintain the
transparency and assigned the authorization to the control the access. In order to control
the policies, identification policies, role-based policies and rule-based policies are very
necessary to be performed by the management systems.
Information flow enforcement: The hospitals can flow the control systems where the
information can be allowed to share between the patients and the hospital administration
department. Information will remain interconnected till last. The information system will
allow the patients to access as well as also allow checking all the necessary details
without explicit regard to subsequent accesses (Smith, et. al, 2019).
Separation of duties: This process refers to t eliminate the separation of duties and
conflicts of interest. The duties of hospital and the responsibilities of patients both are
different factors. There is an access control which helps to maintain patients’ accounts
and also removes fraudulent activities happen with account details.
Login attempts: The protection and security are very critical factors which are the most
important part of this system. Lock the account with the help of advanced passwords and
combination of digits, symbols and alphabets will be there to access the account and
prevent from unsuccessful login attempts. In regards to logging in to the accounts, the
systems will ask login prompts to access the account.
System notifications: If there is necessary information or any notification details
circulated or sent by the hospitals so the patients can easily check that information
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
through its notification panel. Notification messages can be administrated in the form of
quick popup and displayed on their device.
Basically, these are the major aspects which need to address by the security advisor. Rest other
features are also covered under this developed plan. Technology is a dynamic factor hence the
development of system access security policy will upgrade timely.
7
quick popup and displayed on their device.
Basically, these are the major aspects which need to address by the security advisor. Rest other
features are also covered under this developed plan. Technology is a dynamic factor hence the
development of system access security policy will upgrade timely.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Manage System Access Security Policy
Planning and development of a plan is a significant factor that needs to be analyzed however
managing the plan is also a very necessary factor to be implemented at the workplace. After
implementing the system access security policy, it is very important or a duty of hospital
management to follow the instructions and policies to manage the developed plan. The basic
objective of getting the plans into practices is to engage high-quality services to the patients. The
highly advanced features make the plan efficient and effective to get productive results. There
are some practices through which the management can go through with effective managing
practices (Shinde & Awasthi, 2015). These practices are mentioned below:
Supervision and review: The hospitals can use appropriate activities in the context of
recording procedure details. They can investigate any abnormal or unusual activities
happening in any patient account and easily can change the authorization.
Remote access: Patients would be able to access their account through various controls
of access methods. The security agency has also featured this function from cryptography
to protect the confidentiality and integrity of access sessions.
Implications of external information system: Through this feature, the patient will
allow the hospital to access their account and the hospitals cannot directly access the
patients’ account.
Content of audit record: The records of audits and significant information are way too
necessary to keep the data in the application so both the parties can easily retrieve the
details whenever any incident or event occurs. For example, date and time, elements of
the information, location of the events, etc.
Storage capacity: The storage of information is also a critical factor to be analyzed so
the security advisor has also added a special feature through which both can store the
information on this platform with the help of cloud technology.
Continuous monitoring: Regular checks and audits are very necessary to protect the
data and information from any unethical activity and cross-checking. The patients can
easily use these feature through their mobile also. Application is the smartest feature to
access the platform anytime & anywhere. If any activity found by the patient's side so
they can easily get the review the records and generate the changes accordingly.
8
Planning and development of a plan is a significant factor that needs to be analyzed however
managing the plan is also a very necessary factor to be implemented at the workplace. After
implementing the system access security policy, it is very important or a duty of hospital
management to follow the instructions and policies to manage the developed plan. The basic
objective of getting the plans into practices is to engage high-quality services to the patients. The
highly advanced features make the plan efficient and effective to get productive results. There
are some practices through which the management can go through with effective managing
practices (Shinde & Awasthi, 2015). These practices are mentioned below:
Supervision and review: The hospitals can use appropriate activities in the context of
recording procedure details. They can investigate any abnormal or unusual activities
happening in any patient account and easily can change the authorization.
Remote access: Patients would be able to access their account through various controls
of access methods. The security agency has also featured this function from cryptography
to protect the confidentiality and integrity of access sessions.
Implications of external information system: Through this feature, the patient will
allow the hospital to access their account and the hospitals cannot directly access the
patients’ account.
Content of audit record: The records of audits and significant information are way too
necessary to keep the data in the application so both the parties can easily retrieve the
details whenever any incident or event occurs. For example, date and time, elements of
the information, location of the events, etc.
Storage capacity: The storage of information is also a critical factor to be analyzed so
the security advisor has also added a special feature through which both can store the
information on this platform with the help of cloud technology.
Continuous monitoring: Regular checks and audits are very necessary to protect the
data and information from any unethical activity and cross-checking. The patients can
easily use these feature through their mobile also. Application is the smartest feature to
access the platform anytime & anywhere. If any activity found by the patient's side so
they can easily get the review the records and generate the changes accordingly.
8
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Part 2
A brief introduction of the organization and the IT systems
In this global world, it has been observed that Infosys is gradually participating in the exploration
of their business in several countries. Infosys has originated from India. The main headquarter of
Infosys is situated in Bangalore, India. N.R. Narayana Murthy was the founder of Infosys and it
was founded in July 1981. According to the boom in the market the managers and leaders have
applied various strategies to internationalize the business. Infosys has in Australia and
facilitating the service to in the country. However, an IT system is very necessary to be
established in any organization. Infosys is also holding a system of information technology.
Basically, an It system is an organization’s data centre. The management system of information
technology helps in facilitating the delivery of IT services to the organizations. It enables the
features changing and reducing the risk factors at the workplace. It also includes oversees of
issues and complexities happens at the workplace. Some IT systems may include different parties
like cloud services. The bringing and establishment of IT system mainly established by chief
information officers of the organization; however chief technology officers also support in
architecting and control the IT systems (Hu, et. al, 2015).
10
A brief introduction of the organization and the IT systems
In this global world, it has been observed that Infosys is gradually participating in the exploration
of their business in several countries. Infosys has originated from India. The main headquarter of
Infosys is situated in Bangalore, India. N.R. Narayana Murthy was the founder of Infosys and it
was founded in July 1981. According to the boom in the market the managers and leaders have
applied various strategies to internationalize the business. Infosys has in Australia and
facilitating the service to in the country. However, an IT system is very necessary to be
established in any organization. Infosys is also holding a system of information technology.
Basically, an It system is an organization’s data centre. The management system of information
technology helps in facilitating the delivery of IT services to the organizations. It enables the
features changing and reducing the risk factors at the workplace. It also includes oversees of
issues and complexities happens at the workplace. Some IT systems may include different parties
like cloud services. The bringing and establishment of IT system mainly established by chief
information officers of the organization; however chief technology officers also support in
architecting and control the IT systems (Hu, et. al, 2015).
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Identify and explain any major risk in the IT systems components
Risk identification in a business or management control system is a very critical factor. The
decisions are taken or contingency planning is working after determining the risks at the
workplace. The severity of risk can be judge chief information officer when timely reported to
them by the team members. The identification of risk is very necessary to be reported to the right
authorities before it affects the workplace with serious consequence. Based on the process of risk
identification there are some major risk has been found are mentioned below:
Hardware & software failure: While working at the international business landscape,
the risk of systems cannot be afforded by the business. The power and influences of these
business factors may include necessary data and shortage of productivity (Arnott, et. al.
2015).
Human error: It is not necessarily important that any executive or employee does not
make a mistake. Mistakes are very common if an organization involve human inputs in
business functions. However, the need for understanding the errors arise due to humans
in the organization is very necessary.
Criminal offences: The main objective of getting things with correctly and effectively at
the workplace is very important. The elimination of hacking, fraudulent activities,
passwords thefts, denial of services, etc. is very important.
11
Risk identification in a business or management control system is a very critical factor. The
decisions are taken or contingency planning is working after determining the risks at the
workplace. The severity of risk can be judge chief information officer when timely reported to
them by the team members. The identification of risk is very necessary to be reported to the right
authorities before it affects the workplace with serious consequence. Based on the process of risk
identification there are some major risk has been found are mentioned below:
Hardware & software failure: While working at the international business landscape,
the risk of systems cannot be afforded by the business. The power and influences of these
business factors may include necessary data and shortage of productivity (Arnott, et. al.
2015).
Human error: It is not necessarily important that any executive or employee does not
make a mistake. Mistakes are very common if an organization involve human inputs in
business functions. However, the need for understanding the errors arise due to humans
in the organization is very necessary.
Criminal offences: The main objective of getting things with correctly and effectively at
the workplace is very important. The elimination of hacking, fraudulent activities,
passwords thefts, denial of services, etc. is very important.
11
Discuss the consequences of the risk
Identification of risks is not only enough to be performed. After identifying the errors or risk at
the workplace, ignoring of these risk are more harmful than before. The consequences could
serious impacts on the business (Uhl & Gollenia, 2016). There are basically five potential risks at
the workplace that are identified mentioned underneath:
Lawsuits: It could lead the organization to get fail in complying the legal policies and
regulations on the business. Employees could get a slip from organizational policies. It
could decrease the legal exposures of the organization.
Catastrophic losses: The losses in or failure could minimize damages from the company
could spoil or ruin the whole organization. The business owner could lose the market due
to catastrophic losses.
Theft: risk management is only a part of managing the data and information from theft
and stolen. Risk management is a significant part of corporate culture and decision-
making. The risk analysis is very necessary to build uptightness in the IT systems.
Failure to thrive: Effective risk management could lead the business towards absolute
success and prosperity. But it can only possible if they apply the methods to make the
plan succeed.
12
Identification of risks is not only enough to be performed. After identifying the errors or risk at
the workplace, ignoring of these risk are more harmful than before. The consequences could
serious impacts on the business (Uhl & Gollenia, 2016). There are basically five potential risks at
the workplace that are identified mentioned underneath:
Lawsuits: It could lead the organization to get fail in complying the legal policies and
regulations on the business. Employees could get a slip from organizational policies. It
could decrease the legal exposures of the organization.
Catastrophic losses: The losses in or failure could minimize damages from the company
could spoil or ruin the whole organization. The business owner could lose the market due
to catastrophic losses.
Theft: risk management is only a part of managing the data and information from theft
and stolen. Risk management is a significant part of corporate culture and decision-
making. The risk analysis is very necessary to build uptightness in the IT systems.
Failure to thrive: Effective risk management could lead the business towards absolute
success and prosperity. But it can only possible if they apply the methods to make the
plan succeed.
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 20
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.