INFS 3070 - Information Security Management Report for Beyond Health
VerifiedAdded on 2023/06/10
|14
|3291
|152
Report
AI Summary
This report addresses information security management within Beyond Health, an Australian healthcare company. Following a ransomware attack and data breach, a new IT Security & Information Assurance Department (ISIA) was established, led by a Chief Information Security Officer (CISO). The report details team division and roles, outlining responsibilities from the Chief Finance Officer to software developers and risk mitigation managers. It includes an information security policy document, aiming to establish and maintain the security and confidentiality of information systems, applications, and networks. An incident management plan is presented, focusing on managing incidents and restoring normal operations, along with considerations for legal and ethical issues related to data security and patient information.
Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author Note
Information Security Management
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1INFORMATION SECURITY MANAGEMENT
Table of Contents
Information Security Team Description..........................................................................................2
Team Division and Description...................................................................................................3
Information Security Policy Document.......................................................................................5
Incident Management Plan..........................................................................................................7
Legal and Ethical Issues..............................................................................................................9
Reference.......................................................................................................................................12
Table of Contents
Information Security Team Description..........................................................................................2
Team Division and Description...................................................................................................3
Information Security Policy Document.......................................................................................5
Incident Management Plan..........................................................................................................7
Legal and Ethical Issues..............................................................................................................9
Reference.......................................................................................................................................12
2INFORMATION SECURITY MANAGEMENT
Information Security Team Description
Beyond Heath, an Australian company that operates private hospitals, medical centres
and internal pathology services; it is very important that security Management Services be
installed. The IT security in Information Assurance Department or ISIA that has been appointed
by this company is a large organisation having primary responsibilities of designing, planning
and creating secure infrastructure. Since organisation has recently suffered a ransomware attack
in a data breach incident the Australian Health Organisation has appointed me as a Chief
Information Security Officer or CISO. The organisation Beyond Health had suffered data breach
and ransomware attacks on account of which they wanted to implement a new information
security system replacing the old traditional system for securing the data and information for the
organisation. For this they had a pointed IT Security and Information Assurance Department
including the designing, planning in creating of a secured infrastructure so that there might not
be a repetition of this incident. Beyond Health is an Australian Health Organisation providing
healthcare all throughout Australia on accordance of 45 hospitals and 50 medical centres (Wager,
Lee and Glaser, 2017). It also has a span of 17000 employees who have been working in
different roles under multiple locations. Due to the ransomware attacks and the data breach it is
possible that the entire organisation with such vivid and important information was on the verge
of being jeopardized (Huang, Behara, and Goo, 2014). Therefore, it is necessary that the older
security system must be replaced with a new and improved version that would prevent further
data breaches and ransomware attacks in the organization, aiding to the hospitals and medical
centres governed by the organization.
Therefore, since it is seen that the previous security system did little or nothing for the
organization. It was a faulty system that made the business organization goes through a loss of
medical health information of their patients. It is thus proposed that the previous security system
be replaced with a new and improved one, with thorough research done about the vulnerabilities
of the previous system (Liebler and McConnell, 2016). The new security system would be
implemented only after the vulnerabilities of the previous system are identified and the new
system has the potential to address all the risks associated with it.
Information Security Team Description
Beyond Heath, an Australian company that operates private hospitals, medical centres
and internal pathology services; it is very important that security Management Services be
installed. The IT security in Information Assurance Department or ISIA that has been appointed
by this company is a large organisation having primary responsibilities of designing, planning
and creating secure infrastructure. Since organisation has recently suffered a ransomware attack
in a data breach incident the Australian Health Organisation has appointed me as a Chief
Information Security Officer or CISO. The organisation Beyond Health had suffered data breach
and ransomware attacks on account of which they wanted to implement a new information
security system replacing the old traditional system for securing the data and information for the
organisation. For this they had a pointed IT Security and Information Assurance Department
including the designing, planning in creating of a secured infrastructure so that there might not
be a repetition of this incident. Beyond Health is an Australian Health Organisation providing
healthcare all throughout Australia on accordance of 45 hospitals and 50 medical centres (Wager,
Lee and Glaser, 2017). It also has a span of 17000 employees who have been working in
different roles under multiple locations. Due to the ransomware attacks and the data breach it is
possible that the entire organisation with such vivid and important information was on the verge
of being jeopardized (Huang, Behara, and Goo, 2014). Therefore, it is necessary that the older
security system must be replaced with a new and improved version that would prevent further
data breaches and ransomware attacks in the organization, aiding to the hospitals and medical
centres governed by the organization.
Therefore, since it is seen that the previous security system did little or nothing for the
organization. It was a faulty system that made the business organization goes through a loss of
medical health information of their patients. It is thus proposed that the previous security system
be replaced with a new and improved one, with thorough research done about the vulnerabilities
of the previous system (Liebler and McConnell, 2016). The new security system would be
implemented only after the vulnerabilities of the previous system are identified and the new
system has the potential to address all the risks associated with it.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3INFORMATION SECURITY MANAGEMENT
Team Division and Description
Since there has been a data breach before in the organization, hampering all the hospitals
and medical centres under it, the new process should definitely incorporate the security systems
that defends all the vulnerabilities that has been present in the previous system (Abdelhak,
Grostick and Hanken, 2014). The proposal would be approved by the higher authorities when
there would be a clear division of workforce and implementation authorities in a clear way.
The team implementation would have people in various roles and accountable to the
security system managements in the organization (Pathan, 2016). The team division would
include a chief finance officer, a chief Information System manager, the CEO, the senior
software architect, the Director of software development, a software developer or a team of
software engineers, a Chief Information Security Officer or CISO, an application programming
manager, a risk mitigation manager, a software tester, security management trainers, software
implementation specialist, quality assurance providers, prototype developer, and code
developers. Following would be a table that would have the detailed job description of every
person responsible for the implementation of the software system:
Name of the employees Roles
Chief finance advisor The role of a chief finance advisor is to prepare a
feasibility study of the project according to the project
budget. This would then be conveyed to the people in
the project to be aware of the finance developed in
each phase.
Chief IS manager The chief IS manager or Information Systems manager
develops the project outline based on the suitable
Information System for the implementation.
Chief executive officer The responsibility of the CEO is to be aware of the
entire matter of the project along with the management
approach and the risk management and system
development.
Senior software architect Helps in preparing the software architecture suitable
Team Division and Description
Since there has been a data breach before in the organization, hampering all the hospitals
and medical centres under it, the new process should definitely incorporate the security systems
that defends all the vulnerabilities that has been present in the previous system (Abdelhak,
Grostick and Hanken, 2014). The proposal would be approved by the higher authorities when
there would be a clear division of workforce and implementation authorities in a clear way.
The team implementation would have people in various roles and accountable to the
security system managements in the organization (Pathan, 2016). The team division would
include a chief finance officer, a chief Information System manager, the CEO, the senior
software architect, the Director of software development, a software developer or a team of
software engineers, a Chief Information Security Officer or CISO, an application programming
manager, a risk mitigation manager, a software tester, security management trainers, software
implementation specialist, quality assurance providers, prototype developer, and code
developers. Following would be a table that would have the detailed job description of every
person responsible for the implementation of the software system:
Name of the employees Roles
Chief finance advisor The role of a chief finance advisor is to prepare a
feasibility study of the project according to the project
budget. This would then be conveyed to the people in
the project to be aware of the finance developed in
each phase.
Chief IS manager The chief IS manager or Information Systems manager
develops the project outline based on the suitable
Information System for the implementation.
Chief executive officer The responsibility of the CEO is to be aware of the
entire matter of the project along with the management
approach and the risk management and system
development.
Senior software architect Helps in preparing the software architecture suitable
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INFORMATION SECURITY MANAGEMENT
for the IS implementation.
Director of software development The role of a director of Software Development is to
manage, deploy, develop and approve the information
of the software system required for the project.
Software engineer The role of the software engineer is to approve and
develop the software that has been finalized by the
system developer and that is to be served to the
organizations IS system.
Chief information security officer The CISO will frame the security measures that must
be undertaken for mitigating the security issues.
Application programming
manager
The role of this designation is to operate the application
that has been developed by the software developers in
an accurate manner.
Contact software engineer This department is in the responsibility of handling any
editing issue related to the software that has been
developed, even the changes to be made as conveyed
by the application manager and also the customers.
Risk mitigation manager These people are dedicated to combat any kind of risk
associated with the implementation of the IS system.
Software tester These people are in the responsibility of checking
whether the software is being developed flawlessly
with all the requirements needed for the IS system
implementation.
Security management trainers These people are dedicated to provide trainings to the
people in the organization to prevent further attacks.
Software implementation
specialists
These people are responsible to implement the software
accurately in the required places and monitor the entire
process of implementation.
Quality assurance providers They are dedicated to make sure that the quality of the
IS software or other implementation is done accurately
and quality is maintained along with it.
for the IS implementation.
Director of software development The role of a director of Software Development is to
manage, deploy, develop and approve the information
of the software system required for the project.
Software engineer The role of the software engineer is to approve and
develop the software that has been finalized by the
system developer and that is to be served to the
organizations IS system.
Chief information security officer The CISO will frame the security measures that must
be undertaken for mitigating the security issues.
Application programming
manager
The role of this designation is to operate the application
that has been developed by the software developers in
an accurate manner.
Contact software engineer This department is in the responsibility of handling any
editing issue related to the software that has been
developed, even the changes to be made as conveyed
by the application manager and also the customers.
Risk mitigation manager These people are dedicated to combat any kind of risk
associated with the implementation of the IS system.
Software tester These people are in the responsibility of checking
whether the software is being developed flawlessly
with all the requirements needed for the IS system
implementation.
Security management trainers These people are dedicated to provide trainings to the
people in the organization to prevent further attacks.
Software implementation
specialists
These people are responsible to implement the software
accurately in the required places and monitor the entire
process of implementation.
Quality assurance providers They are dedicated to make sure that the quality of the
IS software or other implementation is done accurately
and quality is maintained along with it.
5INFORMATION SECURITY MANAGEMENT
Code developer In order to run the software program proper coding are
needed to be framed accurately by the code developers.
Therefore, the responsibilities of the IT head, the CEO and the CISO has been described
in details such that the Security Structure of the organization could be replaced with a new and
improved management structure to provide more security to the generated information for the
organization (Cascio, 2018). The clear description of the above table describing the team
division would thus enable the admin to approve of and carry on with the required
implementation of the new IS system replacing the faulty traditional IS system that the
organization used before.
Information Security Policy Document
Information and community technology or ICT deals just not with organizations that are
under it related services but also deals with Healthcare Management Services (Pozgar, 2014). It
connects the world's people and creates a variety of ideas and opportunities. Ever since there
have been technological advancements there has been a ramp and digitization that had been in
work in the Healthcare sector trying to improve the health care services utilizing the changes in
the technological world (Peltier, 2016). However it also has some dangerous side effects like the
information security risk. In this case as well Beyond Health Hatfield to recognize a ransomware
that had reached the organization data causing Havoc over 45 hospitals and 50 medical centers
under it. In addition to that 17000 employees and numerous other patient data had been
compromised as a result. Therefore in the light of the sensitive nature of Healthcare data and the
way that the mounting of information keeps on happening every single day is making it prone to
for the security risks. It is critical for Healthcare providers to have a robust and reliable
information security service intact (Runciman, Merry and Walton, 2017). Therefore it is required
that a policy document is kept at handy for the installation and implementation of new
technologically advanced security systems.
It is quite natural that the previously implemented Security System had failed to present
an impermeable security system that would prevent any kind of data breaches for the
organization. Therefore the newest implementation of Chief Information Security Officer or
Code developer In order to run the software program proper coding are
needed to be framed accurately by the code developers.
Therefore, the responsibilities of the IT head, the CEO and the CISO has been described
in details such that the Security Structure of the organization could be replaced with a new and
improved management structure to provide more security to the generated information for the
organization (Cascio, 2018). The clear description of the above table describing the team
division would thus enable the admin to approve of and carry on with the required
implementation of the new IS system replacing the faulty traditional IS system that the
organization used before.
Information Security Policy Document
Information and community technology or ICT deals just not with organizations that are
under it related services but also deals with Healthcare Management Services (Pozgar, 2014). It
connects the world's people and creates a variety of ideas and opportunities. Ever since there
have been technological advancements there has been a ramp and digitization that had been in
work in the Healthcare sector trying to improve the health care services utilizing the changes in
the technological world (Peltier, 2016). However it also has some dangerous side effects like the
information security risk. In this case as well Beyond Health Hatfield to recognize a ransomware
that had reached the organization data causing Havoc over 45 hospitals and 50 medical centers
under it. In addition to that 17000 employees and numerous other patient data had been
compromised as a result. Therefore in the light of the sensitive nature of Healthcare data and the
way that the mounting of information keeps on happening every single day is making it prone to
for the security risks. It is critical for Healthcare providers to have a robust and reliable
information security service intact (Runciman, Merry and Walton, 2017). Therefore it is required
that a policy document is kept at handy for the installation and implementation of new
technologically advanced security systems.
It is quite natural that the previously implemented Security System had failed to present
an impermeable security system that would prevent any kind of data breaches for the
organization. Therefore the newest implementation of Chief Information Security Officer or
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6INFORMATION SECURITY MANAGEMENT
CISO made sure that the information security policy document is absolutely impermeable
(Wears, Hollnagel and Braithwaite, 2015). The overall objective of making the information
security policy document is to control or guide the human behavior for a belief that it would
attempt to reduce the risk to information assets by accidental a deliberate actions of the
employees in charge. Information security policies underpin security and well being of
information resources (Coombs, 2014). Following would be the information security policy
document has prepared for implementation of new technology replacing the older security
systems for Beyond Health. The aim of this policy is to establish and maintain the security and
confidentiality of information, information systems application and networks owned by or held
by the organization (Nepal, Ranjan and Choo, 2015). This would include:
Ensuring that all members of staff are aware of and fully comply with the relevant
legislation as described in this and other policies.
Describing the principals of security and explaining how they shall be
implemented in the organization.
Introducing a consistent approach to security, ensuring that all members of staff
fully understand their own responsibilities.
Creating and maintaining within the organization a level of awareness of the need
for Information Security as an integral part of the day to day business.
Protecting information assets under the control of the organization.
The policies that would include in this list would replace the older version of storing of
information for the organization of Beyond Health (Lei et al., 2014). The policies would include
the following policy framework:
Management of Security
Information Security Awareness Training
Contracts of Employment
Security Control of Assets
Access Controls
User Access Controls
Computer Access Control
Application Access Control
Equipment Security
CISO made sure that the information security policy document is absolutely impermeable
(Wears, Hollnagel and Braithwaite, 2015). The overall objective of making the information
security policy document is to control or guide the human behavior for a belief that it would
attempt to reduce the risk to information assets by accidental a deliberate actions of the
employees in charge. Information security policies underpin security and well being of
information resources (Coombs, 2014). Following would be the information security policy
document has prepared for implementation of new technology replacing the older security
systems for Beyond Health. The aim of this policy is to establish and maintain the security and
confidentiality of information, information systems application and networks owned by or held
by the organization (Nepal, Ranjan and Choo, 2015). This would include:
Ensuring that all members of staff are aware of and fully comply with the relevant
legislation as described in this and other policies.
Describing the principals of security and explaining how they shall be
implemented in the organization.
Introducing a consistent approach to security, ensuring that all members of staff
fully understand their own responsibilities.
Creating and maintaining within the organization a level of awareness of the need
for Information Security as an integral part of the day to day business.
Protecting information assets under the control of the organization.
The policies that would include in this list would replace the older version of storing of
information for the organization of Beyond Health (Lei et al., 2014). The policies would include
the following policy framework:
Management of Security
Information Security Awareness Training
Contracts of Employment
Security Control of Assets
Access Controls
User Access Controls
Computer Access Control
Application Access Control
Equipment Security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INFORMATION SECURITY MANAGEMENT
Computer and Network Procedures
Information Risk Assessment
Information security events and weaknesses
Classification of Sensitive Information
Protection from Malicious Software
User media
Monitoring System Access and Use
Accreditation of Information Systems
System Change Control
Intellectual Property Rights
Business Continuity and Disaster Recovery Plans
Reporting
Policy Audit
Further Information
These policy frameworks would further be approved by the head of the security controls
and the board of directors and the owner of Beyond Health.
Incident Management Plan
Any incident management plan focuses on managing the incidents occurring in an
organization to back to normal operation. It also provides information regarding the structure of
the team handling the incident management (Caron et al., 2016). This is the criteria for bringing
into play about the business continuity and the management for incident resource requirement
and any other necessary staff movement and Critical processes. The document PAS 77 suggest
that an incident management structure should be established with its Association with the
organizational structure and should be fit to use by both public and the private sector company
(Gellman, 2017). Any incident management plan should have few criteria to be presented in a
document. These criteria are as follows:
Background of the incident
Scope and purpose
Computer and Network Procedures
Information Risk Assessment
Information security events and weaknesses
Classification of Sensitive Information
Protection from Malicious Software
User media
Monitoring System Access and Use
Accreditation of Information Systems
System Change Control
Intellectual Property Rights
Business Continuity and Disaster Recovery Plans
Reporting
Policy Audit
Further Information
These policy frameworks would further be approved by the head of the security controls
and the board of directors and the owner of Beyond Health.
Incident Management Plan
Any incident management plan focuses on managing the incidents occurring in an
organization to back to normal operation. It also provides information regarding the structure of
the team handling the incident management (Caron et al., 2016). This is the criteria for bringing
into play about the business continuity and the management for incident resource requirement
and any other necessary staff movement and Critical processes. The document PAS 77 suggest
that an incident management structure should be established with its Association with the
organizational structure and should be fit to use by both public and the private sector company
(Gellman, 2017). Any incident management plan should have few criteria to be presented in a
document. These criteria are as follows:
Background of the incident
Scope and purpose
8INFORMATION SECURITY MANAGEMENT
Relationship with any other plan
Definition of the Incident Response structure
Handing over from the Emergency Response Team
Assessing the situation
Roles of the Incident Management Team
Responsibilities of the Incident Management Team
Incident Room location
Details for accessing Incident Room Location
Alternate Incident Room
Invocation criteria
Invocation procedure including rendezvous points and responsible persons
Procedure for setting up and managing the Incident Room
Action plans for implementing the Business Continuity response
Recovery Profiles
Resumption Process
Details of equipment storage
Maps and directions to all locations mentioned in the Plan
Site access plans
Claims management procedure
Contact information
o Senior Management Team
Relationship with any other plan
Definition of the Incident Response structure
Handing over from the Emergency Response Team
Assessing the situation
Roles of the Incident Management Team
Responsibilities of the Incident Management Team
Incident Room location
Details for accessing Incident Room Location
Alternate Incident Room
Invocation criteria
Invocation procedure including rendezvous points and responsible persons
Procedure for setting up and managing the Incident Room
Action plans for implementing the Business Continuity response
Recovery Profiles
Resumption Process
Details of equipment storage
Maps and directions to all locations mentioned in the Plan
Site access plans
Claims management procedure
Contact information
o Senior Management Team
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9INFORMATION SECURITY MANAGEMENT
o Incident Management Team
o Bronze Team Leaders (all departments within the organisation)
o External suppliers
o Internal contacts
o Regulatory bodies
o Useful local information (e.g. hospital, doctors, plumbers, electrician, local
council)
o Stakeholders
Communications Matrix
Incident Log
Incident Management stand-down procedures
o Decision to stand down
o Who to communicate with
o Filing of paperwork
o Post incident report
Legal and Ethical Issues
As per the Australian ACS codes of ethics and laws the security system of any
organization is of highest priority and especially that of a healthcare organization (Deane et al.,
2015). The ethical implications would comply with the following policies for implementation of
the new security system by the CIS Officers. These policies would have:
The primacy of the Public Interest
Enhancement of Quality of Life
o Incident Management Team
o Bronze Team Leaders (all departments within the organisation)
o External suppliers
o Internal contacts
o Regulatory bodies
o Useful local information (e.g. hospital, doctors, plumbers, electrician, local
council)
o Stakeholders
Communications Matrix
Incident Log
Incident Management stand-down procedures
o Decision to stand down
o Who to communicate with
o Filing of paperwork
o Post incident report
Legal and Ethical Issues
As per the Australian ACS codes of ethics and laws the security system of any
organization is of highest priority and especially that of a healthcare organization (Deane et al.,
2015). The ethical implications would comply with the following policies for implementation of
the new security system by the CIS Officers. These policies would have:
The primacy of the Public Interest
Enhancement of Quality of Life
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10INFORMATION SECURITY MANAGEMENT
Honesty
Competence
Professional Development
Professionalism
In addition to that, the unique and confidential individual data of patients are of primary
importance (Alexander, Finch and Sutton, 2013). Therefore, that would also be kept in mind
while making the new security system as per the Australian laws of ethics.
Security plays an integral part in the world of ecommerce, computers and the internet.
Since, technology has its own evils; laws are implemented to protect the individual users, groups
and organizations, who are exposed to this threat. The interaction of legal system with
information security is in view of the ever changing and rapidly developing world of technology.
It can be noticed in several occasions that the technological vulnerabilities are not easily found
unless a major exploitation occurs. However, the laws to be implemented needs time to make
sure that the data exploitation is thoroughly addressed and the breach has been justified. The
Australian laws regarding the ethics for data breaches and other ethical concerns in healthcare
would most likely solve further issues and help in implementing an impermeable Security
System.
According to the Regulation of Health Information Privacy in Australia, the NHMRC
represents a working committee with the major tasks as follows:
Undertaking an analysis of the privacy framework in Australia, as it relates to
health information.
Undertaking consultation with NHMRC’s stakeholders to document their attitudes
towards and perceptions of the privacy framework as well as their experiences.
Preparing a submission to the review of the privacy legislation when the review is
announced.
Therefore, the entire legal and ethical issues would be handled by the CISO or Chief
Information Security Officer team keeping all these implications in mind. The organizational
Honesty
Competence
Professional Development
Professionalism
In addition to that, the unique and confidential individual data of patients are of primary
importance (Alexander, Finch and Sutton, 2013). Therefore, that would also be kept in mind
while making the new security system as per the Australian laws of ethics.
Security plays an integral part in the world of ecommerce, computers and the internet.
Since, technology has its own evils; laws are implemented to protect the individual users, groups
and organizations, who are exposed to this threat. The interaction of legal system with
information security is in view of the ever changing and rapidly developing world of technology.
It can be noticed in several occasions that the technological vulnerabilities are not easily found
unless a major exploitation occurs. However, the laws to be implemented needs time to make
sure that the data exploitation is thoroughly addressed and the breach has been justified. The
Australian laws regarding the ethics for data breaches and other ethical concerns in healthcare
would most likely solve further issues and help in implementing an impermeable Security
System.
According to the Regulation of Health Information Privacy in Australia, the NHMRC
represents a working committee with the major tasks as follows:
Undertaking an analysis of the privacy framework in Australia, as it relates to
health information.
Undertaking consultation with NHMRC’s stakeholders to document their attitudes
towards and perceptions of the privacy framework as well as their experiences.
Preparing a submission to the review of the privacy legislation when the review is
announced.
Therefore, the entire legal and ethical issues would be handled by the CISO or Chief
Information Security Officer team keeping all these implications in mind. The organizational
11INFORMATION SECURITY MANAGEMENT
policies and the major vulnerabilities of the system would be addressed, as well as the new
policies would be made depending on these vulnerabilities to make the newly implemented
system absolutely permeable.
policies and the major vulnerabilities of the system would be addressed, as well as the new
policies would be made depending on these vulnerabilities to make the newly implemented
system absolutely permeable.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
12INFORMATION SECURITY MANAGEMENT
Reference
Abdelhak, M., Grostick, S. and Hanken, M.A., 2014. Health Information-E-Book: Management
of a Strategic Resource. Elsevier Health Sciences.
Alexander, D., Finch, A. and Sutton, D., 2013, June. Information security management
principles. BCS.
Caron, X., Bosua, R., Maynard, S.B. and Ahmad, A., 2016. The Internet of Things (IoT) and its
impact on individual privacy: An Australian perspective. Computer law & security review, 32(1),
pp.4-15.
Cascio, W., 2018. Managing human resources. McGraw-Hill Education.
Coombs, W.T., 2014. Ongoing crisis communication: Planning, managing, and responding.
Sage Publications.
Deane, F.P., Gonsalvez, C., Blackman, R., Saffioti, D. and Andresen, R., 2015. Issues in the
Development of e‐supervision in Professional Psychology: A Review. Australian
Psychologist, 50(3), pp.241-247.
Gellman, R., 2017. Fair information practices: A basic history.
Gostin, L.O. and Wiley, L.F., 2016. Public health law: power, duty, restraint. Univ of California
Press.
Hall, M.A., Orentlicher, D., Bobinski, M.A., Bagley, N. and Cohen, I.G., 2018. Health care law
and ethics. Wolters Kluwer Law & Business.
Huang, C.D., Behara, R.S. and Goo, J., 2014. Optimal information security investment in a
Healthcare Information Exchange: An economic analysis. Decision Support Systems, 61, pp.1-
11.
Lei, J., Guan, P., Gao, K., Lu, X., Chen, Y., Li, Y., Meng, Q., Zhang, J., Sittig, D.F. and Zheng,
K., 2014. Characteristics of health IT outage and suggested risk management strategies: An
Reference
Abdelhak, M., Grostick, S. and Hanken, M.A., 2014. Health Information-E-Book: Management
of a Strategic Resource. Elsevier Health Sciences.
Alexander, D., Finch, A. and Sutton, D., 2013, June. Information security management
principles. BCS.
Caron, X., Bosua, R., Maynard, S.B. and Ahmad, A., 2016. The Internet of Things (IoT) and its
impact on individual privacy: An Australian perspective. Computer law & security review, 32(1),
pp.4-15.
Cascio, W., 2018. Managing human resources. McGraw-Hill Education.
Coombs, W.T., 2014. Ongoing crisis communication: Planning, managing, and responding.
Sage Publications.
Deane, F.P., Gonsalvez, C., Blackman, R., Saffioti, D. and Andresen, R., 2015. Issues in the
Development of e‐supervision in Professional Psychology: A Review. Australian
Psychologist, 50(3), pp.241-247.
Gellman, R., 2017. Fair information practices: A basic history.
Gostin, L.O. and Wiley, L.F., 2016. Public health law: power, duty, restraint. Univ of California
Press.
Hall, M.A., Orentlicher, D., Bobinski, M.A., Bagley, N. and Cohen, I.G., 2018. Health care law
and ethics. Wolters Kluwer Law & Business.
Huang, C.D., Behara, R.S. and Goo, J., 2014. Optimal information security investment in a
Healthcare Information Exchange: An economic analysis. Decision Support Systems, 61, pp.1-
11.
Lei, J., Guan, P., Gao, K., Lu, X., Chen, Y., Li, Y., Meng, Q., Zhang, J., Sittig, D.F. and Zheng,
K., 2014. Characteristics of health IT outage and suggested risk management strategies: An
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13INFORMATION SECURITY MANAGEMENT
analysis of historical incident reports in China. International journal of medical
informatics, 83(2), pp.122-130.
Liebler, G. and McConnell, C.R., 2016. Management principles for health professionals. Jones
& Bartlett Publishers.
Nepal, S., Ranjan, R. and Choo, K.K.R., 2015. Trustworthy processing of healthcare big data in
hybrid clouds. IEEE Cloud Computing, 2(2), pp.78-84.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET.
CRC press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Pozgar, G.D., 2014. Legal and ethical issues for health professionals. Jones & Bartlett
Publishers.
Runciman, B., Merry, A. and Walton, M., 2017. Safety and ethics in healthcare: a guide to
getting it right. CRC Press.
Wager, K.A., Lee, F.W. and Glaser, J.P., 2017. Health care information systems: a practical
approach for health care management. John Wiley & Sons.
Wears, R.L., Hollnagel, E. and Braithwaite, J. eds., 2015. Resilient health care. Ashgate
Publishing, Ltd.
analysis of historical incident reports in China. International journal of medical
informatics, 83(2), pp.122-130.
Liebler, G. and McConnell, C.R., 2016. Management principles for health professionals. Jones
& Bartlett Publishers.
Nepal, S., Ranjan, R. and Choo, K.K.R., 2015. Trustworthy processing of healthcare big data in
hybrid clouds. IEEE Cloud Computing, 2(2), pp.78-84.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET.
CRC press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Pozgar, G.D., 2014. Legal and ethical issues for health professionals. Jones & Bartlett
Publishers.
Runciman, B., Merry, A. and Walton, M., 2017. Safety and ethics in healthcare: a guide to
getting it right. CRC Press.
Wager, K.A., Lee, F.W. and Glaser, J.P., 2017. Health care information systems: a practical
approach for health care management. John Wiley & Sons.
Wears, R.L., Hollnagel, E. and Braithwaite, J. eds., 2015. Resilient health care. Ashgate
Publishing, Ltd.
1 out of 14
