Security Management and Governance Report for Griffith University GUMC
VerifiedAdded on 2023/06/07
|25
|4222
|80
Report
AI Summary
This report provides a comprehensive overview of security management and governance for Griffith University Medical Centre (GUMC) in Tasmania. It emphasizes the need for an ICT Security Program, detailing how information security can be better managed through a Security Management Program. The report includes a discussion of the benefits of an ongoing security management process, the development of a security policy and management plan, and the functions, tasks, roles, and responsibilities within the program. It also identifies relevant models for development, implications of legal and statutory requirements, and a preliminary risk assessment and management plan with a contingency plan and cost-benefit analysis for the patient information system. The report further addresses threats, vulnerabilities, and attacks, and outlines user and vendor responsibilities.
Running head: SECURITY MANAGEMENT AND GOVERNANCE
Security Management and Governance
Name of the Student:
Name of the University:
Author Note:
Security Management and Governance
Name of the Student:
Name of the University:
Author Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
SECURITY MANAGEMENT AND GOVERNANCE
Executive Summary:
The report aims at providing an overview of Security Management and governance in context of
Griffith University Medical Centre (GUMC). The report puts forward a discussion on how the
information security is managed in a better way through the development of Security
Management Program. This also involves discussion about a program involving tasks and roles
for the development of a Security Management Program. The report also puts forward a
preliminary management plan or risk assessment including a contingency plan for managing the
information of the patients.
SECURITY MANAGEMENT AND GOVERNANCE
Executive Summary:
The report aims at providing an overview of Security Management and governance in context of
Griffith University Medical Centre (GUMC). The report puts forward a discussion on how the
information security is managed in a better way through the development of Security
Management Program. This also involves discussion about a program involving tasks and roles
for the development of a Security Management Program. The report also puts forward a
preliminary management plan or risk assessment including a contingency plan for managing the
information of the patients.
2
SECURITY MANAGEMENT AND GOVERNANCE
Table of Contents
Purpose of the Report:.....................................................................................................................3
Structure of the Report:...................................................................................................................3
Part A...............................................................................................................................................3
1. Benefits of an Ongoing Security Management Process and Reasons for Having a Policy.........3
2. Development of Security Policy and Security Management Plan...............................................5
3. a. Functions, Tasks, Roles and Responsibilities for Security Management Program of GUMC 6
b. Roles of Different Individuals / Groups in Terms of Governance..............................................7
4. Identify of Models for the development of a Security Management Program............................8
5. Implications of Legal and Statutory Requirements of Security Management Program..............8
Part B.............................................................................................................................................10
1. a. Benefits of Risk Management Plan........................................................................................10
b. Steps Necessary for Building a Risk Management Plan...........................................................10
c. Importance of Contingency Plan and Risk Analysis and Cost Benefit Analysis......................11
2. Threats, Vulnerabilities, and Attacks that Formal Risk Management Plan Manages...............11
3. Risk Management Plan and Recommendations based on Cost Benefit Analysis.....................12
4. Responsibility of the User and Vendor......................................................................................15
References:....................................................................................................................................16
Appendix:......................................................................................................................................18
SECURITY MANAGEMENT AND GOVERNANCE
Table of Contents
Purpose of the Report:.....................................................................................................................3
Structure of the Report:...................................................................................................................3
Part A...............................................................................................................................................3
1. Benefits of an Ongoing Security Management Process and Reasons for Having a Policy.........3
2. Development of Security Policy and Security Management Plan...............................................5
3. a. Functions, Tasks, Roles and Responsibilities for Security Management Program of GUMC 6
b. Roles of Different Individuals / Groups in Terms of Governance..............................................7
4. Identify of Models for the development of a Security Management Program............................8
5. Implications of Legal and Statutory Requirements of Security Management Program..............8
Part B.............................................................................................................................................10
1. a. Benefits of Risk Management Plan........................................................................................10
b. Steps Necessary for Building a Risk Management Plan...........................................................10
c. Importance of Contingency Plan and Risk Analysis and Cost Benefit Analysis......................11
2. Threats, Vulnerabilities, and Attacks that Formal Risk Management Plan Manages...............11
3. Risk Management Plan and Recommendations based on Cost Benefit Analysis.....................12
4. Responsibility of the User and Vendor......................................................................................15
References:....................................................................................................................................16
Appendix:......................................................................................................................................18
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
SECURITY MANAGEMENT AND GOVERNANCE
SECURITY MANAGEMENT AND GOVERNANCE
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
SECURITY MANAGEMENT AND GOVERNANCE
Purpose of the Report:
The purpose of the report is to put forward the need and requirement for the
implementation of Information and communications technology (ICT) security system for the
Griffith University Medical Centre (GUMC) in Tasmania
Structure of the Report:
The report consists of two parts. The first part discusses about the benefits of Security
Management and the importance of the policies. There is also discussion about the security
policy and the security management plan. This portion of the report also provides a descriptive
analysis of tasks, roles, responsibilities and functions. There is also discussion about the
individual roles in governance, models relevant for developing security management program
along with an implication of the statutory and legal requirements. The second part of the report
talks about the process of risk assessment along with explanation of the benefits of risk
management plan. In this portion the report helps in the identification of the assets,
vulnerabilities, threats, suggested controls and the priority sets.
Part A
1. Benefits of an Ongoing Security Management Process and Reasons for Having a Policy
The benefits an ongoing Security Management process is as follows (Soomro, Shah and
Ahmed 2016):
1. It helps in securing all forms of information: A Security Management process
ensures protecting all kinds of paper based and digital information, company related secrets,
SECURITY MANAGEMENT AND GOVERNANCE
Purpose of the Report:
The purpose of the report is to put forward the need and requirement for the
implementation of Information and communications technology (ICT) security system for the
Griffith University Medical Centre (GUMC) in Tasmania
Structure of the Report:
The report consists of two parts. The first part discusses about the benefits of Security
Management and the importance of the policies. There is also discussion about the security
policy and the security management plan. This portion of the report also provides a descriptive
analysis of tasks, roles, responsibilities and functions. There is also discussion about the
individual roles in governance, models relevant for developing security management program
along with an implication of the statutory and legal requirements. The second part of the report
talks about the process of risk assessment along with explanation of the benefits of risk
management plan. In this portion the report helps in the identification of the assets,
vulnerabilities, threats, suggested controls and the priority sets.
Part A
1. Benefits of an Ongoing Security Management Process and Reasons for Having a Policy
The benefits an ongoing Security Management process is as follows (Soomro, Shah and
Ahmed 2016):
1. It helps in securing all forms of information: A Security Management process
ensures protecting all kinds of paper based and digital information, company related secrets,
5
SECURITY MANAGEMENT AND GOVERNANCE
intellectual property, data on cloud and on services along with personal information and hard
copies.
2. Enhances the Resilience Towards Cyber Attacks: A Security Management process
will enhance the organization’s resilience towards the cyber attacks
3. Represents a Centrally Managed Framework: An ongoing Security Management
process helps in keeping the information of the organization safe and thereby manage it from a
single place.
4. Protection to the Organization: The presence of Security Management system not
only protects the organization from technology-based risks but common threats like ineffective
procedures and poorly informed staffs.
5. Ensures Responding to the Evolving Security Related Threats: The Security
Management process helps in continuously adapting to the changes of the environment and
within the organization thereby reducing threats of the continuously evolving risk.
6. Reduction of Cost in terms of Information Security: The risk assessment and
analysis approach of Security Management process allows organizations in reducing the cost
indiscriminately spent on adding the layers of the defensive technology that may not work.
7. Allows Protection, Integration and Availability of Data: The Security Management
process offers set of procedures, policies, physical and technical control for protecting the
availability, confidentiality and the integrity of the information
SECURITY MANAGEMENT AND GOVERNANCE
intellectual property, data on cloud and on services along with personal information and hard
copies.
2. Enhances the Resilience Towards Cyber Attacks: A Security Management process
will enhance the organization’s resilience towards the cyber attacks
3. Represents a Centrally Managed Framework: An ongoing Security Management
process helps in keeping the information of the organization safe and thereby manage it from a
single place.
4. Protection to the Organization: The presence of Security Management system not
only protects the organization from technology-based risks but common threats like ineffective
procedures and poorly informed staffs.
5. Ensures Responding to the Evolving Security Related Threats: The Security
Management process helps in continuously adapting to the changes of the environment and
within the organization thereby reducing threats of the continuously evolving risk.
6. Reduction of Cost in terms of Information Security: The risk assessment and
analysis approach of Security Management process allows organizations in reducing the cost
indiscriminately spent on adding the layers of the defensive technology that may not work.
7. Allows Protection, Integration and Availability of Data: The Security Management
process offers set of procedures, policies, physical and technical control for protecting the
availability, confidentiality and the integrity of the information
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
SECURITY MANAGEMENT AND GOVERNANCE
8. Leads to Improvement in the Culture of the Company: This helps the employees in
readily understanding the risk and in embracing the security controls as the day-to-day working
practice. .
2. Development of Security Policy and Security Management Plan
The security policy represents a document explaining the procedures intended for
protecting resources and the physical assets related to the information technology (Safa, Von
Solms and Furnell 2016). The policy is designed with much flexibility for making amendments
whenever necessary.
Thus, the successful development a Security Policy involves (Ifinedo 2014):
1. Identification of the risks
2. Learning the Security Policy Implemented by the Others
3. Ensuring the conformation of the policy with the legal requirements
Security Management Plan helps in setting out security measures for implementation by
the Griffith University Medical Centre (GUMC) of Tasmania. Such implementation depends on
all the aspects of services and the processes associated with service delivery (Weaver et al.
2016). This also depends on the compliance with the security procedures and measures that are
sufficient for ensuring that the services comply with the provision of the schedule. In other
words, the Security Management Plan sets out plans for transitioning all the security
responsibilities and arrangements from the ones in place to the one’s incorporated on a specific
date for meeting the security requirements and full obligations.
SECURITY MANAGEMENT AND GOVERNANCE
8. Leads to Improvement in the Culture of the Company: This helps the employees in
readily understanding the risk and in embracing the security controls as the day-to-day working
practice. .
2. Development of Security Policy and Security Management Plan
The security policy represents a document explaining the procedures intended for
protecting resources and the physical assets related to the information technology (Safa, Von
Solms and Furnell 2016). The policy is designed with much flexibility for making amendments
whenever necessary.
Thus, the successful development a Security Policy involves (Ifinedo 2014):
1. Identification of the risks
2. Learning the Security Policy Implemented by the Others
3. Ensuring the conformation of the policy with the legal requirements
Security Management Plan helps in setting out security measures for implementation by
the Griffith University Medical Centre (GUMC) of Tasmania. Such implementation depends on
all the aspects of services and the processes associated with service delivery (Weaver et al.
2016). This also depends on the compliance with the security procedures and measures that are
sufficient for ensuring that the services comply with the provision of the schedule. In other
words, the Security Management Plan sets out plans for transitioning all the security
responsibilities and arrangements from the ones in place to the one’s incorporated on a specific
date for meeting the security requirements and full obligations.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
SECURITY MANAGEMENT AND GOVERNANCE
The objectives and the purpose of the Security Management Plan lines in (Peltier 2016):
1. The establishment, support and maintenance of a plan based on the evaluation and
monitoring of the potential and actual hazards that makes use of the organizational experience,
accepted practices and the applicable regulation and law.
2. Security Management Plan helps in reducing the risk of the patients, physicians, staffs,
vendors/contractors and the visitors while they are inside a hospital or any other property through
assurance of a hazard free physical environment.
3. It also provides a secure, safe and a comfortable physical environment.
4. This also ensures that the training and education of the staffs on the methods of
preventing injuries, incidents and thereby provide a quicker response for recognizing, reporting
and reacting to accidents that seems inappropriate.
3. a. Functions, Tasks, Roles and Responsibilities for Security Management Program of
GUMC
Functions of Security Management program include (Sennewald and Baillie 2015):
Monitoring all infrastructure and operations
Maintaining all the security technology and tools
Monitoring the compliance of the internal and external policy
Monitoring the compliance of regulation
Working with the different departments within the organization for reducing risk.
Implementing newer technologies
SECURITY MANAGEMENT AND GOVERNANCE
The objectives and the purpose of the Security Management Plan lines in (Peltier 2016):
1. The establishment, support and maintenance of a plan based on the evaluation and
monitoring of the potential and actual hazards that makes use of the organizational experience,
accepted practices and the applicable regulation and law.
2. Security Management Plan helps in reducing the risk of the patients, physicians, staffs,
vendors/contractors and the visitors while they are inside a hospital or any other property through
assurance of a hazard free physical environment.
3. It also provides a secure, safe and a comfortable physical environment.
4. This also ensures that the training and education of the staffs on the methods of
preventing injuries, incidents and thereby provide a quicker response for recognizing, reporting
and reacting to accidents that seems inappropriate.
3. a. Functions, Tasks, Roles and Responsibilities for Security Management Program of
GUMC
Functions of Security Management program include (Sennewald and Baillie 2015):
Monitoring all infrastructure and operations
Maintaining all the security technology and tools
Monitoring the compliance of the internal and external policy
Monitoring the compliance of regulation
Working with the different departments within the organization for reducing risk.
Implementing newer technologies
8
SECURITY MANAGEMENT AND GOVERNANCE
Auditing policies and controls on a continuous basis
Tasks Included in Security Management Program are as follows (Peltier 2013):
The Security Management Program holds the responsibility of monitoring security operations
of GUMC. The tasks primarily include:
Implementation of the security policies
Implementation of rules and regulations
Implementation of norms
Ensuring a safe environment for the employers and the patient
Roles and responsibilities of a Security Management Program are as follows (Rittinghouse
and Ransome 2016):
Security Management Program acts as a control function of GUMC and is responsible for
verifying and implementing the enterprise protection intended for meeting the duty for protection
through the adequate protection of the things that has already been protected.
b. Roles of Different Individuals / Groups in Terms of Governance.
1. Chief Information Security Office: This person holds the responsibility of defining
the entire security posture of the organization and will have an idea about and understanding of
the systems and information they are responsible for protecting (Harkins 2013).
2. Security Manager: The role involves the creation of a vision for building processes,
hiring and the development of technology stack (Ahmad, Maynard and Park 2014). He must also
possess a significant experience and background in running of a security tea and therefore should
provide both managerial oversight and technical guidance
SECURITY MANAGEMENT AND GOVERNANCE
Auditing policies and controls on a continuous basis
Tasks Included in Security Management Program are as follows (Peltier 2013):
The Security Management Program holds the responsibility of monitoring security operations
of GUMC. The tasks primarily include:
Implementation of the security policies
Implementation of rules and regulations
Implementation of norms
Ensuring a safe environment for the employers and the patient
Roles and responsibilities of a Security Management Program are as follows (Rittinghouse
and Ransome 2016):
Security Management Program acts as a control function of GUMC and is responsible for
verifying and implementing the enterprise protection intended for meeting the duty for protection
through the adequate protection of the things that has already been protected.
b. Roles of Different Individuals / Groups in Terms of Governance.
1. Chief Information Security Office: This person holds the responsibility of defining
the entire security posture of the organization and will have an idea about and understanding of
the systems and information they are responsible for protecting (Harkins 2013).
2. Security Manager: The role involves the creation of a vision for building processes,
hiring and the development of technology stack (Ahmad, Maynard and Park 2014). He must also
possess a significant experience and background in running of a security tea and therefore should
provide both managerial oversight and technical guidance
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
SECURITY MANAGEMENT AND GOVERNANCE
3. Security Engineer: They are responsible for building the engineering security systems
and the security architecture thereby ensuring speed and continuity(Bhatt, Manadhata and
Zomlot 2014).
4. Security Analyst: They hold the responsibility of recommending newer technologies
and installing them along with providing required training to the other teams (Hilary and Shen
2013).
4. Identify of Models for the development of a Security Management Program
The Bell-LaPadula Confidentiality Model might find relevance in the development of the
Security Management Program (Younis, Kifayat and Merabti 2014). The model helps in
ensuring the confidentiality of the information system since it makes use of mandatory access
controls (MACs), security clearances and data classification. This model is secure since it
depends on a conceptual approach where the state of content of a system undergoing modeling
always remains in a secured condition. The model represents a system that acts as reference
monitor that compares the classification level of data with clearance from entity requesting an
access.
5. Implications of Legal and Statutory Requirements of Security Management Program
The legal and statutory requirements of the Security Management Program help in the
prevention of legal misbehavior and in dealing with complex programs that extend to the areas
involving the clients (Nemeth 2017). Besides, a Security Management Program depends on three
SECURITY MANAGEMENT AND GOVERNANCE
3. Security Engineer: They are responsible for building the engineering security systems
and the security architecture thereby ensuring speed and continuity(Bhatt, Manadhata and
Zomlot 2014).
4. Security Analyst: They hold the responsibility of recommending newer technologies
and installing them along with providing required training to the other teams (Hilary and Shen
2013).
4. Identify of Models for the development of a Security Management Program
The Bell-LaPadula Confidentiality Model might find relevance in the development of the
Security Management Program (Younis, Kifayat and Merabti 2014). The model helps in
ensuring the confidentiality of the information system since it makes use of mandatory access
controls (MACs), security clearances and data classification. This model is secure since it
depends on a conceptual approach where the state of content of a system undergoing modeling
always remains in a secured condition. The model represents a system that acts as reference
monitor that compares the classification level of data with clearance from entity requesting an
access.
5. Implications of Legal and Statutory Requirements of Security Management Program
The legal and statutory requirements of the Security Management Program help in the
prevention of legal misbehavior and in dealing with complex programs that extend to the areas
involving the clients (Nemeth 2017). Besides, a Security Management Program depends on three
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
SECURITY MANAGEMENT AND GOVERNANCE
key principles often guaranteed by fulfilling the legal and the statutory requirements. This
includes confidentiality, integrity and the availability.
SECURITY MANAGEMENT AND GOVERNANCE
key principles often guaranteed by fulfilling the legal and the statutory requirements. This
includes confidentiality, integrity and the availability.
11
SECURITY MANAGEMENT AND GOVERNANCE
Part B
1. a. Benefits of Risk Management Plan
These include (Sadgrove 2016):
1. Observing Non Apparent Risk: This enables in leveraging a team of experts for
identification and providing deeper understanding of all risks
2. Provides Support and Insight to Board of Directors: The members of the board
might find difficult in identifying risk beyond their experience and expertise. Therefore, it helps
in providing advisory services and resources to the Board for discharging the duties.
3. Helps in Reducing Business Liability: This involves the reduction of the upfront
litigation risk that makes a company more attractive.
4. Helps in Framing Regulatory Issues: Risk management program helps in providing a
greater insight for insurance, liability and indemnity issues thereby allowing the company to
focus.
b. Steps Necessary for Building a Risk Management Plan
This includes (Hopkin 2018):
Step 1: Identification of the e risk
Step 2: Analysis of the risk
Step 3: Evaluating and treating the risk
Step 4: Treatment of the risk
Step 5: Monitoring and reviewing the risk
SECURITY MANAGEMENT AND GOVERNANCE
Part B
1. a. Benefits of Risk Management Plan
These include (Sadgrove 2016):
1. Observing Non Apparent Risk: This enables in leveraging a team of experts for
identification and providing deeper understanding of all risks
2. Provides Support and Insight to Board of Directors: The members of the board
might find difficult in identifying risk beyond their experience and expertise. Therefore, it helps
in providing advisory services and resources to the Board for discharging the duties.
3. Helps in Reducing Business Liability: This involves the reduction of the upfront
litigation risk that makes a company more attractive.
4. Helps in Framing Regulatory Issues: Risk management program helps in providing a
greater insight for insurance, liability and indemnity issues thereby allowing the company to
focus.
b. Steps Necessary for Building a Risk Management Plan
This includes (Hopkin 2018):
Step 1: Identification of the e risk
Step 2: Analysis of the risk
Step 3: Evaluating and treating the risk
Step 4: Treatment of the risk
Step 5: Monitoring and reviewing the risk
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 25
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.