ISY3006 Report: Security Policy Planning for Melbourne Hospital
VerifiedAdded on 2022/10/14
|12
|3310
|420
Report
AI Summary
This report focuses on the planning and formulation of a security policy for Royal Melbourne Hospital, a national healthcare organization. It addresses the crucial need for information system protection, given the increasing importance of data privacy and security in the digital era. The report examines security incidents, such as ransomware attacks and internal threats, and develops a comprehensive security policy to mitigate these risks. The policy outlines access controls for doctors, nurses, and system administrators, emphasizing the importance of confidentiality, integrity, and availability of patient data. It also explores potential threats and vulnerabilities within the information system and suggests mitigation strategies, including the implementation of updated software, access restrictions, and employee training. The report emphasizes the necessity of a robust security management system, including regular policy reviews and enforcement, to safeguard the hospital's data and maintain the trust of its patients.
PLANNING AND FORMULATION OF SECURITY POLICY 1
PLANNING AND FORMULATION OF SECURITY POLICY FOR ROYAL
MELBOURNE HOSPITAL
Student Name
Tutor
Institutional Affiliations
State
Date
PLANNING AND FORMULATION OF SECURITY POLICY FOR ROYAL
MELBOURNE HOSPITAL
Student Name
Tutor
Institutional Affiliations
State
Date
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
PLANNING AND FORMULATION OF SECURITY POLICY 2
Executive summary
Information system is obligatory for organizations in the current era. We have
experienced drastic change in the way data is generated and managed. This has also changed the
way people interact not only at personal level but also at organizational level. We have amassed
significant benefits from the new era but it is associated with its challenges in terms of privacy
and information security. This is also reflected by the ever growing legislations on information
security around the world.
As a national healthcare organization that is committed high quality healthcare services,
Royal Melbourne Hospital has a legal, ethical as well as professional duty to ensure that sensitive
data it holds for its clients conforms to integrity, confidentiality and availability principles. The
organization is obliged to ensure that the information it holds is secured from any form of
security breach. Following this rationale, the purpose of this document is to research, formulate,
develop and document basic security policies for the organization. The policies will be the
cornerstone of Royal Melbourne healthcare to enhance and manage its information security
procedures.
Table of Contents
Executive summary
Information system is obligatory for organizations in the current era. We have
experienced drastic change in the way data is generated and managed. This has also changed the
way people interact not only at personal level but also at organizational level. We have amassed
significant benefits from the new era but it is associated with its challenges in terms of privacy
and information security. This is also reflected by the ever growing legislations on information
security around the world.
As a national healthcare organization that is committed high quality healthcare services,
Royal Melbourne Hospital has a legal, ethical as well as professional duty to ensure that sensitive
data it holds for its clients conforms to integrity, confidentiality and availability principles. The
organization is obliged to ensure that the information it holds is secured from any form of
security breach. Following this rationale, the purpose of this document is to research, formulate,
develop and document basic security policies for the organization. The policies will be the
cornerstone of Royal Melbourne healthcare to enhance and manage its information security
procedures.
Table of Contents
PLANNING AND FORMULATION OF SECURITY POLICY 3
Executive summary...................................................................................................................................2
Table of Contents.......................................................................................................................................3
PLANNING AND FORMULATION OF SECURITY POLICY FOR ROYAL MELBOURNE
HOSPITAL................................................................................................................................................4
Introduction...............................................................................................................................................4
Security incidents in information system.................................................................................................4
Security policies.........................................................................................................................................5
The system access security policy plan.....................................................................................................6
Security policies for information system access......................................................................................6
Doctors.......................................................................................................................................................7
Purpose...............................................................................................................................................7
Policy..................................................................................................................................................7
Nurses.........................................................................................................................................................7
Purpose...............................................................................................................................................8
Policy..................................................................................................................................................8
System administrators...............................................................................................................................8
Purpose...............................................................................................................................................8
Policy..................................................................................................................................................8
Managing information system security policy.........................................................................................8
POTENTIAL THREATS AND VULNERABILITY OF INFORMATION SYSTEM........................9
How the threats can be mitigated...........................................................................................................10
Conclusion................................................................................................................................................10
References................................................................................................................................................11
Executive summary...................................................................................................................................2
Table of Contents.......................................................................................................................................3
PLANNING AND FORMULATION OF SECURITY POLICY FOR ROYAL MELBOURNE
HOSPITAL................................................................................................................................................4
Introduction...............................................................................................................................................4
Security incidents in information system.................................................................................................4
Security policies.........................................................................................................................................5
The system access security policy plan.....................................................................................................6
Security policies for information system access......................................................................................6
Doctors.......................................................................................................................................................7
Purpose...............................................................................................................................................7
Policy..................................................................................................................................................7
Nurses.........................................................................................................................................................7
Purpose...............................................................................................................................................8
Policy..................................................................................................................................................8
System administrators...............................................................................................................................8
Purpose...............................................................................................................................................8
Policy..................................................................................................................................................8
Managing information system security policy.........................................................................................8
POTENTIAL THREATS AND VULNERABILITY OF INFORMATION SYSTEM........................9
How the threats can be mitigated...........................................................................................................10
Conclusion................................................................................................................................................10
References................................................................................................................................................11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
PLANNING AND FORMULATION OF SECURITY POLICY 4
PLANNING AND FORMULATION OF SECURITY POLICY FOR ROYAL
MELBOURNE HOSPITAL
Introduction
Information system of any healthcare organization requires full protection to ensure that
no unauthorized personnel are capable of accessing anything about it. It therefore needs many
procedures and policies to help in accessing and managing information. There are important
details of patients that should not easily be accessed by hackers or stakeholders of any other
organization. Health records should be stored in a safeguarded database since they carry delicate
information. The information security of Royal Melbourne hospital was realized to be low and
can therefore easily experience threats (Puthal, Nepal, Ranjan and Chen, 2016, pp.64-71). They
were making use of windows XP software which was not regularly updated and therefore was
encrypted by unknown personnel.
It is true that every organization has got important information that should be protected
from cybercriminals. This vital information is always protected by strategies and controls. The
process of implementing the laid down policies requires attention of employees such as
clinicians, nurses and professional experts in administration. The management process involves
monitoring the manners of the personnel within the organization.
Security incidents in information system
The hospital experiences a number of incidences of threats in the information system. In
the first case, there exists violence in the department of emergency as reported by nursing staff,
which has increased to the level that calls for total attention (Ferns, 2012, pp12.). This has raised
the incidences of injury presentations. The main causes of violence is said to be influence of
drugs and alcohol. Appropriate policies are therefore required to deal with the risk.
The second incidence is ransomware which is a universal threat hindering business
steadiness as well as reliability of identifiable evidences that are much sensitive at individual
level. More than 1500 files of patients could not be accessed after experiencing an attack which
interfered with the data. Even after payment to the attackers, some files could still not be
accessed containing sensitive medical reports that were to be used in identifying theft. The
PLANNING AND FORMULATION OF SECURITY POLICY FOR ROYAL
MELBOURNE HOSPITAL
Introduction
Information system of any healthcare organization requires full protection to ensure that
no unauthorized personnel are capable of accessing anything about it. It therefore needs many
procedures and policies to help in accessing and managing information. There are important
details of patients that should not easily be accessed by hackers or stakeholders of any other
organization. Health records should be stored in a safeguarded database since they carry delicate
information. The information security of Royal Melbourne hospital was realized to be low and
can therefore easily experience threats (Puthal, Nepal, Ranjan and Chen, 2016, pp.64-71). They
were making use of windows XP software which was not regularly updated and therefore was
encrypted by unknown personnel.
It is true that every organization has got important information that should be protected
from cybercriminals. This vital information is always protected by strategies and controls. The
process of implementing the laid down policies requires attention of employees such as
clinicians, nurses and professional experts in administration. The management process involves
monitoring the manners of the personnel within the organization.
Security incidents in information system
The hospital experiences a number of incidences of threats in the information system. In
the first case, there exists violence in the department of emergency as reported by nursing staff,
which has increased to the level that calls for total attention (Ferns, 2012, pp12.). This has raised
the incidences of injury presentations. The main causes of violence is said to be influence of
drugs and alcohol. Appropriate policies are therefore required to deal with the risk.
The second incidence is ransomware which is a universal threat hindering business
steadiness as well as reliability of identifiable evidences that are much sensitive at individual
level. More than 1500 files of patients could not be accessed after experiencing an attack which
interfered with the data. Even after payment to the attackers, some files could still not be
accessed containing sensitive medical reports that were to be used in identifying theft. The
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
PLANNING AND FORMULATION OF SECURITY POLICY 5
hackers were much busy with the patients’ data with an aim of committing more crimes on
identity of theft within the hospital.
The cyber-crime organization accessed the information system of the hospital and slashed
medical files from a professional cardiology unit and later demanded for payment before the
provision of a specific password to do away with the encryption (Ackoski and Dojcinovski,
2012, pp. 26). This lead to loss to the hospital as some information about the patients could not
be accessed and therefore the bills could not be determined. The hackers uncovered solemn
weaknesses in the cyber security which could put the data of patients in danger. Hackers always
use basic hacking tools to reach the sensitive patients’ information.
According to reports, the staff has low knowledge on data security. This facilitated the
success of phishing technique of using strange emails to entice people to provide profound
information and revealing the database where information is stored. This has called for priority
in safeguarding of patients as well as clinical data. Report shows that during the hacking process,
hackers found out that there was adequate infrastructure of security and weak philosophy of
security among staff of the government. This was realized as a present risk that needed urgent
attention.
It is quite clear that hackers are capable of holding one’s health records using
ransomware. They can either use lockers or encryptions to access your details. Lockers are able
to lock out of their system whereas encryptions are made on vital files. The known targets of
hackers all along have been IT systems.
There is aggression and violence within the emergency departments. Doctors and nurses
usually experience aggression in their workplace. According to anecdotal evidence, aggressive
behavior rises rapidly and most health workers are at risk of experiencing fierceness in the
workplace.
Security policies
After a computer virus affected windows XP systems within the hospital and delivery of
results interfered with, staff has shifted to manual methods by using fax machines and telephones
to ensure that services are frequently delivered as planned. The process of restoring other
hackers were much busy with the patients’ data with an aim of committing more crimes on
identity of theft within the hospital.
The cyber-crime organization accessed the information system of the hospital and slashed
medical files from a professional cardiology unit and later demanded for payment before the
provision of a specific password to do away with the encryption (Ackoski and Dojcinovski,
2012, pp. 26). This lead to loss to the hospital as some information about the patients could not
be accessed and therefore the bills could not be determined. The hackers uncovered solemn
weaknesses in the cyber security which could put the data of patients in danger. Hackers always
use basic hacking tools to reach the sensitive patients’ information.
According to reports, the staff has low knowledge on data security. This facilitated the
success of phishing technique of using strange emails to entice people to provide profound
information and revealing the database where information is stored. This has called for priority
in safeguarding of patients as well as clinical data. Report shows that during the hacking process,
hackers found out that there was adequate infrastructure of security and weak philosophy of
security among staff of the government. This was realized as a present risk that needed urgent
attention.
It is quite clear that hackers are capable of holding one’s health records using
ransomware. They can either use lockers or encryptions to access your details. Lockers are able
to lock out of their system whereas encryptions are made on vital files. The known targets of
hackers all along have been IT systems.
There is aggression and violence within the emergency departments. Doctors and nurses
usually experience aggression in their workplace. According to anecdotal evidence, aggressive
behavior rises rapidly and most health workers are at risk of experiencing fierceness in the
workplace.
Security policies
After a computer virus affected windows XP systems within the hospital and delivery of
results interfered with, staff has shifted to manual methods by using fax machines and telephones
to ensure that services are frequently delivered as planned. The process of restoring other
PLANNING AND FORMULATION OF SECURITY POLICY 6
windows XP computers is underway. Safety of patients is maintained and critical treatment of
patients is continuing as normal. Microsoft has been sending regular patches related to security
to those using windows XP on its dangers (Scime, 2015, pp. 21). It advised people to stop using
the software by April 2014. It suggested that security updates was necessary for the PC to avoid
vulnerabilities to any dangerous virus and malicious software that is capable of stealing and
damaging business information. Alternatives such like tablets can as well be used to help those
with basic needs for computers.
A wide solution to the virus was sorted by the IT but over a period of time. The staff,
whose computers were on, was advised not to switch them on, as those whose computers were
off also not allowed to switch them on. The hospital must shell out a lot of money to overcome
the threat if it bothers to update its information system. A device capable of protecting medical
equipment from being accessed and controlled by hackers is also necessary (Dehling, Lins and
Sunyaev, 2019, pp. 319-339).
The system access security policy plan
The security plan of Royal Melbourne hospital aims at ensuring that IT system is not
accessed by unauthorized personnel. The healthcare tries to source requirements necessary for
coming up with a compliable security management system. This policy describes the plan to
offer highest security to its data (Petrie, 2017, pp. 18). Nurses, doctors and information system
operators are the key parameters when this policy is being placed into practice. The plan will not
only ensure that the policies are applied by highlighted experts but also by the stakeholders and
Royal Melbourne Hospital as a whole.
Patients’ data will be handled and managed in orderly manner by intellects and
professionals. The information security system operators will play an important role in adding,
monitoring and updating information in the database (Watters and Keane 2013, pp.20). Doctors
will be monitoring the data of patients and obtaining their progressive reports.
Security policies for information system access
In this section of the article, the required policies are outlined. In the process of avoiding
risks realized in the information security system, specific policies and procedures should be
identified, analyzed, formulated, implemented and adopted( Schlak, 2015, pp. 17; Griffin,
windows XP computers is underway. Safety of patients is maintained and critical treatment of
patients is continuing as normal. Microsoft has been sending regular patches related to security
to those using windows XP on its dangers (Scime, 2015, pp. 21). It advised people to stop using
the software by April 2014. It suggested that security updates was necessary for the PC to avoid
vulnerabilities to any dangerous virus and malicious software that is capable of stealing and
damaging business information. Alternatives such like tablets can as well be used to help those
with basic needs for computers.
A wide solution to the virus was sorted by the IT but over a period of time. The staff,
whose computers were on, was advised not to switch them on, as those whose computers were
off also not allowed to switch them on. The hospital must shell out a lot of money to overcome
the threat if it bothers to update its information system. A device capable of protecting medical
equipment from being accessed and controlled by hackers is also necessary (Dehling, Lins and
Sunyaev, 2019, pp. 319-339).
The system access security policy plan
The security plan of Royal Melbourne hospital aims at ensuring that IT system is not
accessed by unauthorized personnel. The healthcare tries to source requirements necessary for
coming up with a compliable security management system. This policy describes the plan to
offer highest security to its data (Petrie, 2017, pp. 18). Nurses, doctors and information system
operators are the key parameters when this policy is being placed into practice. The plan will not
only ensure that the policies are applied by highlighted experts but also by the stakeholders and
Royal Melbourne Hospital as a whole.
Patients’ data will be handled and managed in orderly manner by intellects and
professionals. The information security system operators will play an important role in adding,
monitoring and updating information in the database (Watters and Keane 2013, pp.20). Doctors
will be monitoring the data of patients and obtaining their progressive reports.
Security policies for information system access
In this section of the article, the required policies are outlined. In the process of avoiding
risks realized in the information security system, specific policies and procedures should be
identified, analyzed, formulated, implemented and adopted( Schlak, 2015, pp. 17; Griffin,
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
PLANNING AND FORMULATION OF SECURITY POLICY 7
Rajpathak, Kuo and Figlin, 2015, pp. 30). There should be enough confidentiality to patients’
data in any healthcare organization. Therefore, we will come up with policies that will help to
secure information system of Royal Melbourne hospital. The patients’ data is prioritized in this
policy besides doctors, nurses and information system administrators.
Doctors
These are personnel employed by the healthcare organization. They have got the access
to the data of patients and are capable of regularly checking their progress. Policies that will help
control their access to the information system are as follows.
Purpose
Objectives of the common wealth of Royal Melbourne Hospital and doctors can be
established through this policy. The policy aims at serving as reserve for new health specialists.
Policy
Procedure: to ensure that the information system is not easily accessed by the unknown
personnel but with specified experts.
1. Doctors will only access the information system while in the locality of Royal
Melbourne Hospital.
2. The privileged doctors will access and monitor the patients’ data responsively.
3. Any ethical issue realized in Royal Melbourne Hospital will be directed to the
authorized healthcare professionals.
4. Information system administrators will only access the doctor’s accounts upon
consultation of the manger.
Nurses
They are also employees within the Royal Melbourne Hospital. Patients highly depend on
them as immediate caretakers from healthcare industry. They always operate hand in hand with
doctors to ensure that patients are always protected and healthy. They are as well granted the
opportunity to access the information system. Policies below are to guide them on how to operate
the accessed information system.
Rajpathak, Kuo and Figlin, 2015, pp. 30). There should be enough confidentiality to patients’
data in any healthcare organization. Therefore, we will come up with policies that will help to
secure information system of Royal Melbourne hospital. The patients’ data is prioritized in this
policy besides doctors, nurses and information system administrators.
Doctors
These are personnel employed by the healthcare organization. They have got the access
to the data of patients and are capable of regularly checking their progress. Policies that will help
control their access to the information system are as follows.
Purpose
Objectives of the common wealth of Royal Melbourne Hospital and doctors can be
established through this policy. The policy aims at serving as reserve for new health specialists.
Policy
Procedure: to ensure that the information system is not easily accessed by the unknown
personnel but with specified experts.
1. Doctors will only access the information system while in the locality of Royal
Melbourne Hospital.
2. The privileged doctors will access and monitor the patients’ data responsively.
3. Any ethical issue realized in Royal Melbourne Hospital will be directed to the
authorized healthcare professionals.
4. Information system administrators will only access the doctor’s accounts upon
consultation of the manger.
Nurses
They are also employees within the Royal Melbourne Hospital. Patients highly depend on
them as immediate caretakers from healthcare industry. They always operate hand in hand with
doctors to ensure that patients are always protected and healthy. They are as well granted the
opportunity to access the information system. Policies below are to guide them on how to operate
the accessed information system.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
PLANNING AND FORMULATION OF SECURITY POLICY 8
Purpose
Objective: Ensures that unauthorized personnel do not access the information system of the
hospital.
Policy
1. Information system administrators will only access the system when authorized
by the managers.
2. They will be charged for any false committed during the access of information
system.
3. Nurses will not be allowed to access the information system while not in the
locality of Royal Melbourne Hospital.
System administrators
These are personnel within Royal Melbourne Hospital, who are privileged to access the
information security system for administrative purposes.
Purpose
To protect the information system from unauthorized personnel.
Policy
Objective: it is purposed to control information system. Administrative access of the system is
controlled by these experts. The policies below are designed for administrative purposes.
1. Only the managers and supervisors of the hospital are allowed to access the
information security system accounts of administrators.
2. Any information in the database will remain the property of Royal Melbourne
Hospital.
3. The privileged information system administrators to access the databases will
remain responsible for any fault that is realized during the management, monitoring and
updating data.
Managing information system security policy
Management of policies is a vital element that must be applied in an information security
system. It is capable of boosting the compliance to a policy among employees of an
Purpose
Objective: Ensures that unauthorized personnel do not access the information system of the
hospital.
Policy
1. Information system administrators will only access the system when authorized
by the managers.
2. They will be charged for any false committed during the access of information
system.
3. Nurses will not be allowed to access the information system while not in the
locality of Royal Melbourne Hospital.
System administrators
These are personnel within Royal Melbourne Hospital, who are privileged to access the
information security system for administrative purposes.
Purpose
To protect the information system from unauthorized personnel.
Policy
Objective: it is purposed to control information system. Administrative access of the system is
controlled by these experts. The policies below are designed for administrative purposes.
1. Only the managers and supervisors of the hospital are allowed to access the
information security system accounts of administrators.
2. Any information in the database will remain the property of Royal Melbourne
Hospital.
3. The privileged information system administrators to access the databases will
remain responsible for any fault that is realized during the management, monitoring and
updating data.
Managing information system security policy
Management of policies is a vital element that must be applied in an information security
system. It is capable of boosting the compliance to a policy among employees of an
PLANNING AND FORMULATION OF SECURITY POLICY 9
organization. Information obtained from database should the provided to stakeholders and other
participants in the hospital. Reports will be documented and its data used to amend whatever is
relevant and appropriate. When the policies will be successfully implemented, the information
system will be free from access by unauthorized personnel. The cybercriminals will therefore
find it difficult to access the information system of Royal Melbourne Hospital.
Policies are purposed to make sure that the information system of Royal Melbourne
Hospital is fully safeguarded from access by unauthorized personnel. This calls for proper
management and implementation of information security system of the hospital (Dehling, Lins
and Sunyaev, 2019, pp. 319-339). This section summarizes the procedures of applying the
policies discussed before. For compliance to be ensured, the management must keep the policies
not violated by unauthorized personnel. Violation of the policies will therefore send people home
or get exposed to a penalty unless there are stated exceptions. The policies will have to be
regularly revisited for complete compliance and monitoring of the policies together with the
exceptions. The stakeholders will have to agree on the amendments to be implemented over a
specified time interval.
POTENTIAL THREATS AND VULNERABILITY OF INFORMATION
SYSTEM
Besides the policies that have been planned and formulated for the organization, there are
still chances that the organization’s information system may be attacked by cyber-criminals. This
is due to the presence of inherent threats and vulnerabilities that can still be exploited by the
cyber criminals. In this section, we look at some threats and vulnerabilities that are still
associated with the organization’s information system in light of the security planned and
developed in the previous sections of the article.
The first vulnerability that is always common with every organization lies in human
beings. Studies suggest that human beings are the weakest link in information security.
Moreover, it is reported that security professional agree that negligence among organizations’
employees for security practices is the biggest threat to the end point security (Colwill, 2009,
pp.186-196). It is also said that an average company always experience at least 80% insider
security threats in a month. These opportunities can be exploited by malicious attackers to gain
organization. Information obtained from database should the provided to stakeholders and other
participants in the hospital. Reports will be documented and its data used to amend whatever is
relevant and appropriate. When the policies will be successfully implemented, the information
system will be free from access by unauthorized personnel. The cybercriminals will therefore
find it difficult to access the information system of Royal Melbourne Hospital.
Policies are purposed to make sure that the information system of Royal Melbourne
Hospital is fully safeguarded from access by unauthorized personnel. This calls for proper
management and implementation of information security system of the hospital (Dehling, Lins
and Sunyaev, 2019, pp. 319-339). This section summarizes the procedures of applying the
policies discussed before. For compliance to be ensured, the management must keep the policies
not violated by unauthorized personnel. Violation of the policies will therefore send people home
or get exposed to a penalty unless there are stated exceptions. The policies will have to be
regularly revisited for complete compliance and monitoring of the policies together with the
exceptions. The stakeholders will have to agree on the amendments to be implemented over a
specified time interval.
POTENTIAL THREATS AND VULNERABILITY OF INFORMATION
SYSTEM
Besides the policies that have been planned and formulated for the organization, there are
still chances that the organization’s information system may be attacked by cyber-criminals. This
is due to the presence of inherent threats and vulnerabilities that can still be exploited by the
cyber criminals. In this section, we look at some threats and vulnerabilities that are still
associated with the organization’s information system in light of the security planned and
developed in the previous sections of the article.
The first vulnerability that is always common with every organization lies in human
beings. Studies suggest that human beings are the weakest link in information security.
Moreover, it is reported that security professional agree that negligence among organizations’
employees for security practices is the biggest threat to the end point security (Colwill, 2009,
pp.186-196). It is also said that an average company always experience at least 80% insider
security threats in a month. These opportunities can be exploited by malicious attackers to gain
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
PLANNING AND FORMULATION OF SECURITY POLICY 10
access into the organization’s patient records and tamper with patient data or even run a ransom-
ware attack (Dlamini, Eloff and Eloff, 2009, pp.189-198).
Another threat that is worth mentioning is the failure to comply with the formulated
policies. Information security policies are formulated to govern the organization personnel’s
operation with the healthcare’s system in a bid to protect the system from access by individuals
with malicious intentions (Bulgurcu, Cavusoglu, and Benbasat, 2010, pp.523-548). But as
mentioned in the preceding sections of the article, negligence is one fundamental cause of
information security issues. As such, the organization employees may neglect their duties to
operate as defined by the business’ underlying information security policies. This may lead to
cyber-attack hence security threats.
How the threats can be mitigated
The threats and vulnerabilities associated with the organization discussed in the previous
part in this article can lead to exposure of Royal Melbourne healthcare organization’s patient
data. In this rationale, it is imperative to adopt proactive approaches in the organization to
prevent its system from being accessed by cyber criminals. To do this, the organization needs to
adopt training and awareness among its employees (McIlwraith, 2016, pp. 231). By this every
employee will be made alert thus preventing the attacks which might take advantage of the
weakness of human beings. Regarding threats about information security policy compliance, the
organization can enforce information security compliance which involve information security
policy management thus protecting the organization’s system from attacks which may take
advantage of lack of compliance.
Conclusion
In summary, we have finally planned and developed information security policies. The
document has also demonstrated on the ways of formulating policies that can easily be complied
to in order to achieve the planned goals of Royal Melbourne Hospital. The article has recognized
the strategies of information security policy management. We have also examined information
security vulnerabilities based on the formulated policies. Mitigation strategies have been
documented as well. From the wide-ranging analysis, it is judicious to conclude that security
information system is much vital for any healthcare organization.
access into the organization’s patient records and tamper with patient data or even run a ransom-
ware attack (Dlamini, Eloff and Eloff, 2009, pp.189-198).
Another threat that is worth mentioning is the failure to comply with the formulated
policies. Information security policies are formulated to govern the organization personnel’s
operation with the healthcare’s system in a bid to protect the system from access by individuals
with malicious intentions (Bulgurcu, Cavusoglu, and Benbasat, 2010, pp.523-548). But as
mentioned in the preceding sections of the article, negligence is one fundamental cause of
information security issues. As such, the organization employees may neglect their duties to
operate as defined by the business’ underlying information security policies. This may lead to
cyber-attack hence security threats.
How the threats can be mitigated
The threats and vulnerabilities associated with the organization discussed in the previous
part in this article can lead to exposure of Royal Melbourne healthcare organization’s patient
data. In this rationale, it is imperative to adopt proactive approaches in the organization to
prevent its system from being accessed by cyber criminals. To do this, the organization needs to
adopt training and awareness among its employees (McIlwraith, 2016, pp. 231). By this every
employee will be made alert thus preventing the attacks which might take advantage of the
weakness of human beings. Regarding threats about information security policy compliance, the
organization can enforce information security compliance which involve information security
policy management thus protecting the organization’s system from attacks which may take
advantage of lack of compliance.
Conclusion
In summary, we have finally planned and developed information security policies. The
document has also demonstrated on the ways of formulating policies that can easily be complied
to in order to achieve the planned goals of Royal Melbourne Hospital. The article has recognized
the strategies of information security policy management. We have also examined information
security vulnerabilities based on the formulated policies. Mitigation strategies have been
documented as well. From the wide-ranging analysis, it is judicious to conclude that security
information system is much vital for any healthcare organization.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
PLANNING AND FORMULATION OF SECURITY POLICY 11
References
.Watters, J.P. and Keane, M., iSIGHT Partners Inc, 2013. Information system security based on
threat vectors. U.S. Patent 8,438,644. (pp.20.
Ackoski, J. and Dojcinovski, M., 2012, June, Cyber terrorism and cyber-crime–threats for cyber
security. In Proceedings of First Annual International Scientific Conference, Makedonski Brod,
Macedonia, 09 June 2012. MIT University–Skopje, pp26.
Ashraf, Q.M. and Habaebi, M.H., 2015. Autonomic schemes for threat mitigation in Internet of
Things. Journal of Network and Computer Applications, 49, pp.112-127.
Bulgurcu, B., Cavusoglu, H. and Benbasat, I., 2010. Information security policy compliance: an
empirical study of rationality-based beliefs and information security awareness. MIS
quarterly, 34(3), pp.523-548.
Colwill, C., 2009. Human factors in information security: The insider threat–Who can you trust
these days?. Information security technical report, 14(4), pp.186-196.
Dehling, T., Lins, S. and Sunyaev, A., 2019. Security of critical information infrastructures.
In Information Technology for Peace and Security (pp. 319-339). Springer Vieweg, Wiesbaden.
Dehling, T., Lins, S. and Sunyaev, A., 2019. Security of critical information infrastructures.
In Information Technology for Peace and Security (pp. 319-339). Springer Vieweg, Wiesbaden.
Dlamini, M.T., Eloff, J.H. and Eloff, M.M., 2009. Information security: The moving
target. computers & security, 28(3-4), pp.189-198.
Ferns, T., 2012. Recording violent incidents in the emergency department. Nursing standard,
pp12. 26(28).
References
.Watters, J.P. and Keane, M., iSIGHT Partners Inc, 2013. Information system security based on
threat vectors. U.S. Patent 8,438,644. (pp.20.
Ackoski, J. and Dojcinovski, M., 2012, June, Cyber terrorism and cyber-crime–threats for cyber
security. In Proceedings of First Annual International Scientific Conference, Makedonski Brod,
Macedonia, 09 June 2012. MIT University–Skopje, pp26.
Ashraf, Q.M. and Habaebi, M.H., 2015. Autonomic schemes for threat mitigation in Internet of
Things. Journal of Network and Computer Applications, 49, pp.112-127.
Bulgurcu, B., Cavusoglu, H. and Benbasat, I., 2010. Information security policy compliance: an
empirical study of rationality-based beliefs and information security awareness. MIS
quarterly, 34(3), pp.523-548.
Colwill, C., 2009. Human factors in information security: The insider threat–Who can you trust
these days?. Information security technical report, 14(4), pp.186-196.
Dehling, T., Lins, S. and Sunyaev, A., 2019. Security of critical information infrastructures.
In Information Technology for Peace and Security (pp. 319-339). Springer Vieweg, Wiesbaden.
Dehling, T., Lins, S. and Sunyaev, A., 2019. Security of critical information infrastructures.
In Information Technology for Peace and Security (pp. 319-339). Springer Vieweg, Wiesbaden.
Dlamini, M.T., Eloff, J.H. and Eloff, M.M., 2009. Information security: The moving
target. computers & security, 28(3-4), pp.189-198.
Ferns, T., 2012. Recording violent incidents in the emergency department. Nursing standard,
pp12. 26(28).
PLANNING AND FORMULATION OF SECURITY POLICY 12
Griffin, B.C., Rajpathak, V.N., Kuo, C.J. and Figlin, I., Microsoft Corp, 2015. Predictive
malware threat mitigation. U.S. Patent 9,015,843, pp. 30.
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk through
employee education, training and awareness, pp.231. Routledge.
Petrie, A., 2017. Protective Data Security in the Victorian Public Sector. Parliament Library &
Information Service, Parliament of Victoria, pp18.
Puthal, D., Nepal, S., Ranjan, R. and Chen, J., 2016. Threats to networking cloud and edge
datacenters in the Internet of Things. IEEE Cloud Computing, 3(3), pp.64-71
Schlak, C.G., 2015. SAFETY VERSUS SECURITY: DEFINING HEALTHCARE INFORMATION
TECHNOLOGY (IT) SECURITY STRATEGIES (Doctoral dissertation, United States Air Force),
pp17
Scime, L.M., 2015. The threat of internet-connected devices replacing tools used to kill,
pp21 (Doctoral dissertation, Utica College).
Griffin, B.C., Rajpathak, V.N., Kuo, C.J. and Figlin, I., Microsoft Corp, 2015. Predictive
malware threat mitigation. U.S. Patent 9,015,843, pp. 30.
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk through
employee education, training and awareness, pp.231. Routledge.
Petrie, A., 2017. Protective Data Security in the Victorian Public Sector. Parliament Library &
Information Service, Parliament of Victoria, pp18.
Puthal, D., Nepal, S., Ranjan, R. and Chen, J., 2016. Threats to networking cloud and edge
datacenters in the Internet of Things. IEEE Cloud Computing, 3(3), pp.64-71
Schlak, C.G., 2015. SAFETY VERSUS SECURITY: DEFINING HEALTHCARE INFORMATION
TECHNOLOGY (IT) SECURITY STRATEGIES (Doctoral dissertation, United States Air Force),
pp17
Scime, L.M., 2015. The threat of internet-connected devices replacing tools used to kill,
pp21 (Doctoral dissertation, Utica College).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.