Cyber Security Threats, Information Governance, and Risk Assessment
VerifiedAdded on 2023/01/17
|17
|6166
|47
Report
AI Summary
This report provides a comprehensive analysis of cyber security threats, information governance, and risk assessment within the context of Wallington Trust Hospital. It begins by identifying common cyber threats such as viruses, spyware, hackers, and phishing, and then emphasizes the critical importance of an information governance system in safeguarding data and ensuring patient privacy. The report explores the role of the Information Security Officer, detailing the approach to implementing an Information Security Management System (ISMS), including its scope and content. It further delves into risk assessment methodologies, identifying information assets, associated threats, and vulnerabilities. The report outlines key components of an information security policy and information governance policy framework, culminating in a discussion of implementation plans and monitoring mechanisms to ensure continuous security and compliance. The report emphasizes the importance of maintaining data quality, fostering a strong doctor-patient relationship, and the significance of ISMS in protecting sensitive patient information and organizational operations.
Information Governance and Cyber
Security
Security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
INTRODUCTION...........................................................................................................................3
TASK 1............................................................................................................................................3
Current Cyber Security Threats...................................................................................................3
Importance of Information Governance System..........................................................................5
Role of Information Security Officer in Organization.................................................................5
TASK 2............................................................................................................................................6
Approach Used for Information Security Management System..................................................6
Scope of The Information Security Management System..........................................................6
Content of the Information Security Management System..........................................................7
TASK 3............................................................................................................................................8
Risk Assessment Methodologies.................................................................................................9
Information Assets, Identify Threats Vulnerabilities and Risk Association..............................10
TASK 4..........................................................................................................................................10
Information Security policy.......................................................................................................10
Information Governance Policy Framework.............................................................................13
Implementation plan and monitoring mechanisms....................................................................14
Monitoring and Controlling.......................................................................................................15
CONCLUSION..............................................................................................................................15
REFERENCES..............................................................................................................................16
INTRODUCTION...........................................................................................................................3
TASK 1............................................................................................................................................3
Current Cyber Security Threats...................................................................................................3
Importance of Information Governance System..........................................................................5
Role of Information Security Officer in Organization.................................................................5
TASK 2............................................................................................................................................6
Approach Used for Information Security Management System..................................................6
Scope of The Information Security Management System..........................................................6
Content of the Information Security Management System..........................................................7
TASK 3............................................................................................................................................8
Risk Assessment Methodologies.................................................................................................9
Information Assets, Identify Threats Vulnerabilities and Risk Association..............................10
TASK 4..........................................................................................................................................10
Information Security policy.......................................................................................................10
Information Governance Policy Framework.............................................................................13
Implementation plan and monitoring mechanisms....................................................................14
Monitoring and Controlling.......................................................................................................15
CONCLUSION..............................................................................................................................15
REFERENCES..............................................................................................................................16
INTRODUCTION
Information governance is process that is used by the business organizations to kept their
information and data safe and secure through various policies and processes that are mentioned
in the information security management system. This report is covering various criterion of the
Wallington Trust Hospital that provides the secondary health related services to the patients of
suburb of London Borough of Sutton. The current threats of cyber security will be assesses in the
report. The requirement and information of the information governance frame work will be
evaluated for the Wallington Trust Hospital. The frame work used or suggested for Wallington
Trust Hospital also will be justified in the report. Information system that is used in the
organization will be critically evaluated in the study process. Importance of the information
management system will be analysed in the study. Different quantitative and qualitative risk
assessment process will be discussed in the report. Implementation plan of the cyber security
frame work will be discussed in the report. Further evaluation of scope, purpose, roles and
responsibilities are also will be analysed in the report.
TASK 1
Current Cyber Security Threats
The most common threats that are considered in cyber security are -
Computer Viruses
This is one of the most common type of threats in the cyber security. Computer viruses
are basically known as the computer programs that are created by bad intention and designed to
harm the data, information and hardware of the user. This is most common and highly dangerous
threats that can cause damage to the information and data of particular computer. As a virus get
installed in a computer it starts to infect the operation of system (Laybats and Tredinnick, 2016).
This virus programs are written to create mess with process that is basically used by the system
to perform certain task. Operations of the computer virus replicate and execute its operations. It
also can cause leakage in the data and information of the Wallington Trust Hospital. Viruses can
affect the data and information processing in host computer. Viruses also can provide gate way
to the hackers to breach in the computer systems of organization.
Spyware Threats
It is also know as compute program that keep track on offline and online activity of user.
The operations and functions of this program is created to track activities of used on computer
Information governance is process that is used by the business organizations to kept their
information and data safe and secure through various policies and processes that are mentioned
in the information security management system. This report is covering various criterion of the
Wallington Trust Hospital that provides the secondary health related services to the patients of
suburb of London Borough of Sutton. The current threats of cyber security will be assesses in the
report. The requirement and information of the information governance frame work will be
evaluated for the Wallington Trust Hospital. The frame work used or suggested for Wallington
Trust Hospital also will be justified in the report. Information system that is used in the
organization will be critically evaluated in the study process. Importance of the information
management system will be analysed in the study. Different quantitative and qualitative risk
assessment process will be discussed in the report. Implementation plan of the cyber security
frame work will be discussed in the report. Further evaluation of scope, purpose, roles and
responsibilities are also will be analysed in the report.
TASK 1
Current Cyber Security Threats
The most common threats that are considered in cyber security are -
Computer Viruses
This is one of the most common type of threats in the cyber security. Computer viruses
are basically known as the computer programs that are created by bad intention and designed to
harm the data, information and hardware of the user. This is most common and highly dangerous
threats that can cause damage to the information and data of particular computer. As a virus get
installed in a computer it starts to infect the operation of system (Laybats and Tredinnick, 2016).
This virus programs are written to create mess with process that is basically used by the system
to perform certain task. Operations of the computer virus replicate and execute its operations. It
also can cause leakage in the data and information of the Wallington Trust Hospital. Viruses can
affect the data and information processing in host computer. Viruses also can provide gate way
to the hackers to breach in the computer systems of organization.
Spyware Threats
It is also know as compute program that keep track on offline and online activity of user.
The operations and functions of this program is created to track activities of used on computer
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
system and transfer to the creators. This is major threats for organization like Wallington Trust
Hospital cause it can reduce the confidentiality and privacy of the information and data of
hospital staff, patient and transaction details that are important for the organization.
Hackers and Predators
There are different people are using the internet and harmful software to intentionally
harm target. The purpose of this action could be depended on the mentality of the hacker. In this
process hackers that presents inside or outside the organization look for the gaps in the internet
gateway of computer and online system of organization to stole or damage their data base for
criminal purposes (Van Horenbeeck, 2018). This is how hackers and predators can misuse the
personal information of patient and organization to meet personal profits and criminal offence.
Phishing
On daily basis different kind of information is received by organization that can mislead
the process and operations of the organization. Mostly this kind of threats are exists in form of E-
mail,software or online link that can harm the online processes and operations of the
organization. By this process data and personal information of patient or nursing staff can be
stole by providing access to the external hackers to the computer system of organization.
There are some main threats that are possible for the computer and online system of
organization. These threats can affect the operations of organization with damage range of minor
to major.
Importance of Information Governance System
Information governance system is used by profit or non profit organization to to maintain
its operation without any major or minor issue in its information handling process and
operations. The information governance system has different advantages that can improve the
safety measures of organization. Some of main benefits of Information governance system are-
Turn data Safe and secure
This is one of the main feature of the information governance system that helps the
organization to keep their data and information safe and secure from different troubles that can
harm their operations.
Reduce the Risk
This is main function of the information governance system to prevent various kind of
risk for the information system of the organization. It consists of different layers of security
Hospital cause it can reduce the confidentiality and privacy of the information and data of
hospital staff, patient and transaction details that are important for the organization.
Hackers and Predators
There are different people are using the internet and harmful software to intentionally
harm target. The purpose of this action could be depended on the mentality of the hacker. In this
process hackers that presents inside or outside the organization look for the gaps in the internet
gateway of computer and online system of organization to stole or damage their data base for
criminal purposes (Van Horenbeeck, 2018). This is how hackers and predators can misuse the
personal information of patient and organization to meet personal profits and criminal offence.
Phishing
On daily basis different kind of information is received by organization that can mislead
the process and operations of the organization. Mostly this kind of threats are exists in form of E-
mail,software or online link that can harm the online processes and operations of the
organization. By this process data and personal information of patient or nursing staff can be
stole by providing access to the external hackers to the computer system of organization.
There are some main threats that are possible for the computer and online system of
organization. These threats can affect the operations of organization with damage range of minor
to major.
Importance of Information Governance System
Information governance system is used by profit or non profit organization to to maintain
its operation without any major or minor issue in its information handling process and
operations. The information governance system has different advantages that can improve the
safety measures of organization. Some of main benefits of Information governance system are-
Turn data Safe and secure
This is one of the main feature of the information governance system that helps the
organization to keep their data and information safe and secure from different troubles that can
harm their operations.
Reduce the Risk
This is main function of the information governance system to prevent various kind of
risk for the information system of the organization. It consists of different layers of security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
protocols that posses anti malware programs that are able to detect and eliminate those from the
system and prevent their impact on the information and data of patients and staff members.
Provide Better Experience to Patients
There are different people use the services provided by the Wallington Trust Hospital.
The confidentiality of their information is most important target of organization. Minor data or
information leak can cause major troubles to them and their patients. Information governance
consists of different regulations and policies that are capable to prevent any kind of breach in
their network. It helps them to provide better experience to them.
Role of Information Security Officer in Organization
Role of information security auditor is important for Wallington Trust Hospital. The
duties of the information security auditor is to evaluate the security concerns of organization
propose various plans that can help the organization to improve their security measures in
organization to prevent major security related troubles like social, ethical and legal troubles for
patient and organization (von Solms and von Solms, 2018). There are some legal, social and
ethical requirements organization needs to consider providing better satisfaction to the patients
and people who are working in company. The main role of the information security auditor to
evaluate the implication of the current measures of organization and and how the organization
can prevent the unauthorised access of malware, hacker or other issues to the information system
of Wallington Trust Hospital. This is duty of information security auditor to ensure the safety,
security and privacy of information that is hold by computer network of organization. There are
different measures are considered by the auditor to make system effective and safe for different
online and offline operations. By perform different tests they check the effectiveness of their
Information scurity management system.
This is Information security auditor can help the management of Wallington Trust
Hospital to maintain effective performance of information systems of company.
TASK 2
Approach Used for Information Security Management System
There are different approaches are possible for the information security management
system that is used in organization like Wallington Trust Hospital. In the hospital there is
different type of information is stored that is confidential and important for operations of
organization. For the operations and implementation of the Information security management
system and prevent their impact on the information and data of patients and staff members.
Provide Better Experience to Patients
There are different people use the services provided by the Wallington Trust Hospital.
The confidentiality of their information is most important target of organization. Minor data or
information leak can cause major troubles to them and their patients. Information governance
consists of different regulations and policies that are capable to prevent any kind of breach in
their network. It helps them to provide better experience to them.
Role of Information Security Officer in Organization
Role of information security auditor is important for Wallington Trust Hospital. The
duties of the information security auditor is to evaluate the security concerns of organization
propose various plans that can help the organization to improve their security measures in
organization to prevent major security related troubles like social, ethical and legal troubles for
patient and organization (von Solms and von Solms, 2018). There are some legal, social and
ethical requirements organization needs to consider providing better satisfaction to the patients
and people who are working in company. The main role of the information security auditor to
evaluate the implication of the current measures of organization and and how the organization
can prevent the unauthorised access of malware, hacker or other issues to the information system
of Wallington Trust Hospital. This is duty of information security auditor to ensure the safety,
security and privacy of information that is hold by computer network of organization. There are
different measures are considered by the auditor to make system effective and safe for different
online and offline operations. By perform different tests they check the effectiveness of their
Information scurity management system.
This is Information security auditor can help the management of Wallington Trust
Hospital to maintain effective performance of information systems of company.
TASK 2
Approach Used for Information Security Management System
There are different approaches are possible for the information security management
system that is used in organization like Wallington Trust Hospital. In the hospital there is
different type of information is stored that is confidential and important for operations of
organization. For the operations and implementation of the Information security management
system advance approach is used which is considered as one of the best approach to keep the
data and information of patients and staff members safe and secure (Bang, 2018). In this
approach the information that is stored in organization is categorised in different level. This
categorisation is depended on the importance and confidentiality of the information. This is how
by level of categories organization prioritised the level of information security. By this process
organization keep their information base secure from any external or internal breach. There is
also three layer protection is also used in order to prevent data breaches.
Scope of The Information Security Management System
Information security management systems are basically used in the organization to
improve the level of safety and privacy of data. While the organization are planning to
implementing information systems in their information system they consider different security
and safety measures to keep their private and confidential files safe and secure. The main scope
of the Information security management system is related to the protection of the confidential
information which is important for organization. By providing better security criteria
organization can provide better and effective service to patients and their relatives. This can help
them to improve their confidence and satisfaction level. By this process organization can
effectively improve the people experience. With help if this system organization can reduce the
level of risk in the information transfer process. It also helps the organization to provide better
effective management of information and data in organization. Information security management
system also provides the opportunities to the organization in order to make more improvement in
their security measures to protect their system from internal and external threats (Almuhammadi
and Alsaleh, 2017). The features of ISMS can help the organization to keep their information
secure for long term uses. This is the proposed information security system can help organization
to improve their data and information security measures. This system also able to mitigate the
risk factors of organization.
Content of the Information Security Management System
There are different information security and safety policies are used by the organization
in ISMS. These policies are more concerned about the handling of data with in the organization
network. The main purpose of the these policies is to improve the security measures during
transferring, collecting, storing and processing patient and organizational data. This is how the
policies of ISMS prevent the unauthorised handling and process of data and information that can
data and information of patients and staff members safe and secure (Bang, 2018). In this
approach the information that is stored in organization is categorised in different level. This
categorisation is depended on the importance and confidentiality of the information. This is how
by level of categories organization prioritised the level of information security. By this process
organization keep their information base secure from any external or internal breach. There is
also three layer protection is also used in order to prevent data breaches.
Scope of The Information Security Management System
Information security management systems are basically used in the organization to
improve the level of safety and privacy of data. While the organization are planning to
implementing information systems in their information system they consider different security
and safety measures to keep their private and confidential files safe and secure. The main scope
of the Information security management system is related to the protection of the confidential
information which is important for organization. By providing better security criteria
organization can provide better and effective service to patients and their relatives. This can help
them to improve their confidence and satisfaction level. By this process organization can
effectively improve the people experience. With help if this system organization can reduce the
level of risk in the information transfer process. It also helps the organization to provide better
effective management of information and data in organization. Information security management
system also provides the opportunities to the organization in order to make more improvement in
their security measures to protect their system from internal and external threats (Almuhammadi
and Alsaleh, 2017). The features of ISMS can help the organization to keep their information
secure for long term uses. This is the proposed information security system can help organization
to improve their data and information security measures. This system also able to mitigate the
risk factors of organization.
Content of the Information Security Management System
There are different information security and safety policies are used by the organization
in ISMS. These policies are more concerned about the handling of data with in the organization
network. The main purpose of the these policies is to improve the security measures during
transferring, collecting, storing and processing patient and organizational data. This is how the
policies of ISMS prevent the unauthorised handling and process of data and information that can
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
affect the data confidentiality of patients (Anderson, 2016). The Information Governance frame
work is a outline of the data safety and security measures that can help the organization to
manage data safety to the maximum level. This is really important for the organization to
manage the personal and professional data of patient and organization confidential to maintain
the effective data handling with in the organization (Gashgari, Walters and Wills, 2017).
Wallington Trust Hospital provides the secondary health services to the people and this is basic
need of health care organization to keep the data of people confidential in order to provide better
services to them.
TASK 3
Fundamental Fiduciary Doctor Patient Relationship
This is important for the health care organization to have better relationship between the
doctor and patient. This relationship is based on different factors. These factors also consists of
personal safety, security socially and ethically (Cavelty and Mauer, 2016). If the relationship
between patient and doctor is not good than it can cause negative impact on the services of
organization. So basically I is required for organization to maintain the confidence level of
patient high to develop better understanding between doctors and patients. This is possible by
ensure the patient about data safety and privacy. This is all about developing trust between
doctor and patient for effective transfer of information in order to provide better services to the
patient. This is important for the doctor to maintain the data base of information that is provided
by the patient. This can help them to draw better solution for their medical issue. This is how
information governance frame work can help the organization to improve the trust level of
patient and their family in organization.
Higher Data Quality
This is main function of the information governance system to maintain the quality od the
data that is stored in the data base of organization. There is different type of data and information
is stored in their data base. Information governance system helps the organization to maintain the
relevance and accuracy of the data base to draw better results in the end. This is difficult for the
organization like Wallington Trust hospital to maintain the data and information quality in order
to keep their operations and working effective and stay on their organization objectives. This is
how better data and information quality can help organization to provide better service to the
patients.
work is a outline of the data safety and security measures that can help the organization to
manage data safety to the maximum level. This is really important for the organization to
manage the personal and professional data of patient and organization confidential to maintain
the effective data handling with in the organization (Gashgari, Walters and Wills, 2017).
Wallington Trust Hospital provides the secondary health services to the people and this is basic
need of health care organization to keep the data of people confidential in order to provide better
services to them.
TASK 3
Fundamental Fiduciary Doctor Patient Relationship
This is important for the health care organization to have better relationship between the
doctor and patient. This relationship is based on different factors. These factors also consists of
personal safety, security socially and ethically (Cavelty and Mauer, 2016). If the relationship
between patient and doctor is not good than it can cause negative impact on the services of
organization. So basically I is required for organization to maintain the confidence level of
patient high to develop better understanding between doctors and patients. This is possible by
ensure the patient about data safety and privacy. This is all about developing trust between
doctor and patient for effective transfer of information in order to provide better services to the
patient. This is important for the doctor to maintain the data base of information that is provided
by the patient. This can help them to draw better solution for their medical issue. This is how
information governance frame work can help the organization to improve the trust level of
patient and their family in organization.
Higher Data Quality
This is main function of the information governance system to maintain the quality od the
data that is stored in the data base of organization. There is different type of data and information
is stored in their data base. Information governance system helps the organization to maintain the
relevance and accuracy of the data base to draw better results in the end. This is difficult for the
organization like Wallington Trust hospital to maintain the data and information quality in order
to keep their operations and working effective and stay on their organization objectives. This is
how better data and information quality can help organization to provide better service to the
patients.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Fairness and Transparency In Health Care System
Patients are mostly afraid of actions that are performed by the health care organization
and they possess certain confusion in their mind about the treatment they are taking in the
hospital. In this case information governance system help the organization maintain safety and
security of data along with certain level of transparency to provide better satisfaction to the
patient about the treatment they are taking in the health care facility. By this process of
information governance organization ca provide better services to the patients and their relatives.
This is how there are different benefits of using information governance framework in
order to maintain effective handling of data and information of organization and patients. This
benefits of information governance make it more crucial fir health care organization.
Risk Assessment Methodologies
There are two types of risk assessment methodologies can be used in the health care
organization like Wallington Trust Hospital organisation in order to maintain quality and
accuracy of data that is stored in the process. There are two types of risk assessment tools are
used in the organization in order to avoid the possible risks in the information handling process.
This assessment methods are classified in quantitative and quantitative assessment method. The
risk assessment tools that are used in the Wallington Trust Hospital are- Risk Categorization, risk
probability and impact assessment and SWOT analysis. These tools help the organization to
maintain least risk in information handling.
Risk Categorisation
In this process of risk evaluation various risks of the data and information are evaluated
on basis of their sources. This process help the Information security management system to
check the credibility of the information source. By this process Wallington Trust Hospital can
categories the sources on the basis of level of risk. In this process most exposed areas that are
ex[posed to the system are selected for further safety and security information data base.
Risk Probability and Impact Assessment
This is also a risk assessment process that can be used as qualitative risk assessment tool.
By using this process organization can investigate the probability of risk in the data handling
process. And through the risk impact helps the organization to assess the possible cost of that
particular risk on the data base of the organization. This how by calculating probability of risk
Patients are mostly afraid of actions that are performed by the health care organization
and they possess certain confusion in their mind about the treatment they are taking in the
hospital. In this case information governance system help the organization maintain safety and
security of data along with certain level of transparency to provide better satisfaction to the
patient about the treatment they are taking in the health care facility. By this process of
information governance organization ca provide better services to the patients and their relatives.
This is how there are different benefits of using information governance framework in
order to maintain effective handling of data and information of organization and patients. This
benefits of information governance make it more crucial fir health care organization.
Risk Assessment Methodologies
There are two types of risk assessment methodologies can be used in the health care
organization like Wallington Trust Hospital organisation in order to maintain quality and
accuracy of data that is stored in the process. There are two types of risk assessment tools are
used in the organization in order to avoid the possible risks in the information handling process.
This assessment methods are classified in quantitative and quantitative assessment method. The
risk assessment tools that are used in the Wallington Trust Hospital are- Risk Categorization, risk
probability and impact assessment and SWOT analysis. These tools help the organization to
maintain least risk in information handling.
Risk Categorisation
In this process of risk evaluation various risks of the data and information are evaluated
on basis of their sources. This process help the Information security management system to
check the credibility of the information source. By this process Wallington Trust Hospital can
categories the sources on the basis of level of risk. In this process most exposed areas that are
ex[posed to the system are selected for further safety and security information data base.
Risk Probability and Impact Assessment
This is also a risk assessment process that can be used as qualitative risk assessment tool.
By using this process organization can investigate the probability of risk in the data handling
process. And through the risk impact helps the organization to assess the possible cost of that
particular risk on the data base of the organization. This how by calculating probability of risk
and probable impact of risk organization can over come the issues in the data management and
security process.
Information Assets, Identify Threats Vulnerabilities and Risk Association
Information Assets
This can be consider as the body of knowledge that is available to the organization. This
type of information is managed and stored as single quality in data base. This also can be taken
as data packets stored in the data base of information system.
Threats
There are different threats in the data handling process. This risks are associated with the
data safety and privacy. a[part form the data privacy and safety the accuracy and relevancy of
data and information is also important for the organization. These some risks are need to be
considered by organization to prevent major impact on their performance and operation.
Vulnerabilities and Risk Association
There are four main type of vulnerabilities can be considered that can have impact on the
processing of the organization. Physical, social, economical and environmental vulnerabilities
can be considered in order to prevent the major issues in the information security management
system. There are also some risk are associated with this process and by considering this
measures organization can improve their work and performance.
TASK 4
Information governance is a process that is known as holistic approach that used by
corporation to manage information by implementing different processes, controls, roles and
metrics to make important information of business more valuable. There are different type of
frame works are used by the organizations to ensure the effective management of the data and
information. These frame works are consists of various kind of rules and regulations that can
protect data of organization and its clients. The main objective of this frame work is to keep data
private and protected in order to maintain the security in organization (Smallwood, 2018). The
Information governance frame work provides set of basic set of rules and processes that can help
to manage the security assets of organization. These frame work are used by various organization
to maintain the safety and security for the information and data base of company. Throughout
this process of implementing frame work for information governance key stakeholders of
organization are included in the process.
security process.
Information Assets, Identify Threats Vulnerabilities and Risk Association
Information Assets
This can be consider as the body of knowledge that is available to the organization. This
type of information is managed and stored as single quality in data base. This also can be taken
as data packets stored in the data base of information system.
Threats
There are different threats in the data handling process. This risks are associated with the
data safety and privacy. a[part form the data privacy and safety the accuracy and relevancy of
data and information is also important for the organization. These some risks are need to be
considered by organization to prevent major impact on their performance and operation.
Vulnerabilities and Risk Association
There are four main type of vulnerabilities can be considered that can have impact on the
processing of the organization. Physical, social, economical and environmental vulnerabilities
can be considered in order to prevent the major issues in the information security management
system. There are also some risk are associated with this process and by considering this
measures organization can improve their work and performance.
TASK 4
Information governance is a process that is known as holistic approach that used by
corporation to manage information by implementing different processes, controls, roles and
metrics to make important information of business more valuable. There are different type of
frame works are used by the organizations to ensure the effective management of the data and
information. These frame works are consists of various kind of rules and regulations that can
protect data of organization and its clients. The main objective of this frame work is to keep data
private and protected in order to maintain the security in organization (Smallwood, 2018). The
Information governance frame work provides set of basic set of rules and processes that can help
to manage the security assets of organization. These frame work are used by various organization
to maintain the safety and security for the information and data base of company. Throughout
this process of implementing frame work for information governance key stakeholders of
organization are included in the process.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
A Information Security Management Systems required different type of content to
manage the security of organization effectively. This content is used to justify the importance of
security operations that are performed by them. The content used in the information security
management system is known as a defined and effectively documented management system that
includes the policies, processes and systems to manage the security and privacy of the
information which is available in the data base of Wallington Trust Hospital.
Information Security policy
Importance of the Information Governance system for Wallington Trust Hospital can be
understand in different ways. There are mainly two areas are focused by the organization in the
data safety and security processes. These two criterion are data safety and data privacy. This is
how by considering certain factors health care organization can effectively manage information
and data safely. Some advantages of information governance system can justify its importance in
the health care organization like Wallington Trust Hospital.
Introduction
Information security policy (ISP) can be defined as set of policies that are issued by organization
in order to ensure that all information technology users within the domain of the organization or
within their network comply with rules, regulations and guidelines related to security of data or
information that is stored digitally within the network and within the boundaries of the
organization (Edaibat, Dever and Stuban, 2017). These policies are required to set a general plan
of implementation so that desired outcomes can be achieved that further helps in making
decisions. ISP helps in governing protection of data or information which is required to be
protected. It is important for all the organizations to develop an ISP plan in a logical manner so
that they can further enhance security of the information system which is being used by them and
for this they need to identify key users of their information security management system. this
will help them to identify areas of improvement of areas that are required to be focused on in
order to enhance security of their management system. there are many uses of ISP such as data
storage facility to store medical facilities data. In order to maintain integrity of clinical
management system of WTH hospital and provide privacy and confidentiality to all the digital
information of patients which is being stored within the system it is important for the
organization to develop a information security policy framework for all the users of the system
so that data present within the system can be secured and protected in a much better manner
manage the security of organization effectively. This content is used to justify the importance of
security operations that are performed by them. The content used in the information security
management system is known as a defined and effectively documented management system that
includes the policies, processes and systems to manage the security and privacy of the
information which is available in the data base of Wallington Trust Hospital.
Information Security policy
Importance of the Information Governance system for Wallington Trust Hospital can be
understand in different ways. There are mainly two areas are focused by the organization in the
data safety and security processes. These two criterion are data safety and data privacy. This is
how by considering certain factors health care organization can effectively manage information
and data safely. Some advantages of information governance system can justify its importance in
the health care organization like Wallington Trust Hospital.
Introduction
Information security policy (ISP) can be defined as set of policies that are issued by organization
in order to ensure that all information technology users within the domain of the organization or
within their network comply with rules, regulations and guidelines related to security of data or
information that is stored digitally within the network and within the boundaries of the
organization (Edaibat, Dever and Stuban, 2017). These policies are required to set a general plan
of implementation so that desired outcomes can be achieved that further helps in making
decisions. ISP helps in governing protection of data or information which is required to be
protected. It is important for all the organizations to develop an ISP plan in a logical manner so
that they can further enhance security of the information system which is being used by them and
for this they need to identify key users of their information security management system. this
will help them to identify areas of improvement of areas that are required to be focused on in
order to enhance security of their management system. there are many uses of ISP such as data
storage facility to store medical facilities data. In order to maintain integrity of clinical
management system of WTH hospital and provide privacy and confidentiality to all the digital
information of patients which is being stored within the system it is important for the
organization to develop a information security policy framework for all the users of the system
so that data present within the system can be secured and protected in a much better manner
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
(Zende, Patil and Patil, 2018). This Security policy might be different for different users for
example: staff members who communicate with patients of the organization are bound to never
ever share information until and unless higher authorized authorities have asked then to share a
particular information.
Information security policy manual of WTH hospital will help them to develop some policies for
all the users of information system so that they can comply with general rules, regulation and
guidelines of the system.
Purpose
There are variety of reasons due to which organizations create information security policy
such as:
In order to establish a general approach to information security of the system. It helps in setting
some guidelines for the users of the information system so that they can understand the basic
approach of the system to maintain information security(Fu, He and Dong, 2018).
To detect as well as protect compromise of information security for example: misuse of
networks, data, applications and computer system. it is one of the most important purpose of this
Information security purpose so that any kind of misuse of fraud can be prevented or protected.
For WTH it is important because any kind of misuse of information such as patient’s information
can result in serious complications.
To protect as well as maintain reputation of the organization in such a manner that it complies
with both legal and ethical responsibilities of the requirement (Wei, Ci and hang, 2018). For
organization like Wallington Trust Hospital (WTH) it is extremely important to maintain and
comply with ethical and legal responsibilities of the organization as it will help them to maintain
as well as protect their image or reputation.
To observe rights of their patients and deal with their complains or queries.
So, On the basis of this overview of purpose Information security policy of WTH are:
Observe and recognize professional practises of Information security management system.
Ensure system compliance with health standards and regulations like CMS, HIPAA and many
more.
On the basis of health unit create a standard system that comply with legal and ethical
requirements.
example: staff members who communicate with patients of the organization are bound to never
ever share information until and unless higher authorized authorities have asked then to share a
particular information.
Information security policy manual of WTH hospital will help them to develop some policies for
all the users of information system so that they can comply with general rules, regulation and
guidelines of the system.
Purpose
There are variety of reasons due to which organizations create information security policy
such as:
In order to establish a general approach to information security of the system. It helps in setting
some guidelines for the users of the information system so that they can understand the basic
approach of the system to maintain information security(Fu, He and Dong, 2018).
To detect as well as protect compromise of information security for example: misuse of
networks, data, applications and computer system. it is one of the most important purpose of this
Information security purpose so that any kind of misuse of fraud can be prevented or protected.
For WTH it is important because any kind of misuse of information such as patient’s information
can result in serious complications.
To protect as well as maintain reputation of the organization in such a manner that it complies
with both legal and ethical responsibilities of the requirement (Wei, Ci and hang, 2018). For
organization like Wallington Trust Hospital (WTH) it is extremely important to maintain and
comply with ethical and legal responsibilities of the organization as it will help them to maintain
as well as protect their image or reputation.
To observe rights of their patients and deal with their complains or queries.
So, On the basis of this overview of purpose Information security policy of WTH are:
Observe and recognize professional practises of Information security management system.
Ensure system compliance with health standards and regulations like CMS, HIPAA and many
more.
On the basis of health unit create a standard system that comply with legal and ethical
requirements.
Provide information or enhance knowledge of hospital staff for various functions of information
security management system so that they can comply with the needs and requirements of the
system and organization as well (Kazemi, Sadeghi and Akinci,2016).
To reduce chances of automatic or manual errors of the system by providing some specific
guidelines rather than completely relying on the system blindly.
Scope
Information security policy should be build in such a manner that it addresses all the programs,
data, facilities, systems, technical infrastructure including information system, third parties of the
organization without any kind of exception. It is one of the most important point which is
required to be covered in ISP manual so that readers can understand what is been covered in the
policy, resolve any kind of ambiguity, identify factors that are not required to be covered in the
policy (Grist, Porter and Stallard,2017). It also helps in identifying whether the policy covers all
the required and acceptable policies that are helpful for the business or not.
This ISP policy of WTH hospital applies to all the staff members, faculty, employees, patients,
trainees. For all the staff members that uses this information system to handle, view or deal with
information system, this ISP system deals with provision access through:
Staff members who uses the system manages authorization and authentication that are mainly
used to provide access to others users of the system in order to maintain security and privacy of
the system (Werker, Cascadden and Zmuda, 2017).
Integrate Information system providers in order to maintain digital medical records of the
patients.
Direct connectivity of network to service providers, administration functionalities including all
the components in connection such as firewall.
Integrate the information system as well as the processes of the system so that the overall quality
of the data submitted or saved with the system can be ensured.
Roles and responsibilities
It focuses on general rights roles and responsibilities of all the users of the information system
(Choi, Lee and Kim, 2020). In order to carry out implementation, knowledge of the information
security management system in a much better manner. it helps in defining roles and
responsibilities of all the users of the system so that theft of information can be protected, users
security management system so that they can comply with the needs and requirements of the
system and organization as well (Kazemi, Sadeghi and Akinci,2016).
To reduce chances of automatic or manual errors of the system by providing some specific
guidelines rather than completely relying on the system blindly.
Scope
Information security policy should be build in such a manner that it addresses all the programs,
data, facilities, systems, technical infrastructure including information system, third parties of the
organization without any kind of exception. It is one of the most important point which is
required to be covered in ISP manual so that readers can understand what is been covered in the
policy, resolve any kind of ambiguity, identify factors that are not required to be covered in the
policy (Grist, Porter and Stallard,2017). It also helps in identifying whether the policy covers all
the required and acceptable policies that are helpful for the business or not.
This ISP policy of WTH hospital applies to all the staff members, faculty, employees, patients,
trainees. For all the staff members that uses this information system to handle, view or deal with
information system, this ISP system deals with provision access through:
Staff members who uses the system manages authorization and authentication that are mainly
used to provide access to others users of the system in order to maintain security and privacy of
the system (Werker, Cascadden and Zmuda, 2017).
Integrate Information system providers in order to maintain digital medical records of the
patients.
Direct connectivity of network to service providers, administration functionalities including all
the components in connection such as firewall.
Integrate the information system as well as the processes of the system so that the overall quality
of the data submitted or saved with the system can be ensured.
Roles and responsibilities
It focuses on general rights roles and responsibilities of all the users of the information system
(Choi, Lee and Kim, 2020). In order to carry out implementation, knowledge of the information
security management system in a much better manner. it helps in defining roles and
responsibilities of all the users of the system so that theft of information can be protected, users
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.