Information Security and Risk Management

Question: Discuss about theInformation Security and Risk Management. Answer: Introduction As per the given scenario, Hillside Hospital is a 100 bed hospital and it provides various facilities to its patients such as emergency care, maternal and child health, chronic disease management with different specialists. Besides this, other facilities such as radiology, pharmacy, rehabilitation services are also provided by Hillside Hospital. For take care of patients, several healthcare providers are available in hospital such as specialist, registrars, medical officers, nurses and physiotherapist. It is also found that some of the staff members in the hospital are involved in medical research and clinical trial and for their research they need to use patients information from system. In this case, as a member of IT Expert Team, my team is concerned about management of security of information in hospitals environment. The sensitive information is stored into database, so it is necessary to maintain its security and privacy from unauthorized access of data. The purpose of making t his report is to design a security and risk management solution that can fulfill security requirements of hospital. The security and risk management plan will include Planning and Policy, Developing of Security Program, Risk Management and Protection Mechanism. Here in this report, we will discuss in detail planning and policy of security and risk management solution. Discussion The planning and policy of security and risk management solution should be effectively described so that it can be implemented effectively in hospital (Security Intelligence, 2017). Planning and Policy of Security and Risk Management Solution To protect information that is stored into hospitals database, we have made an effective plan that includes mission, vision, key components, policy, purpose, scope, information security requirements and policy details (Hinkel, 2017). Planning According to requirements of Hillside hospital for information security, we have planned to use security techniques such as cryptography to store encrypted data into database, implementation of strict security policies in hospitals, restricted access of database and periodic monitoring of database by administrator (Protectivesecurity.govt.nz, 2017). Mission The mission of Hillside hospital is to keep information with appropriate security and privacy with authorized access of data. It is matter of trust of people who have provided their information to store into hospitals database. Vision Hillside Hospital has vision to use advanced storage techniques in highly secure way to store huge amount of information. Besides this, hospital also wants to control security and privacy issues of information system at large extent by using advanced security tools and techniques (Nttsecurity.com, 2017). Key Components The key components of security and risk management solution are listed as below: Identification of assets that need to be protected such as customers information, critical business processes etc. and why protection is necessary of these assets? Identification of major threats to assets and what could happen with identified assets. Rank the identified threats by both probability and their impacts. Identify what types of controls will be suitable for protecting assets. Testing of accuracy and effectiveness of controls Proper monitoring of all process periodically (Securitymagazine.com, 2017). Policy The main policy that we would like to implement in Hillside hospital for information security is that system administrator must set unique login credentials for hospital employees for accessing database and different permissions should be accessed to all according to their post in hospital. Purpose The purpose of making above policy and planning is to enhance security level of hospitals database as much as possible by using modern intelligent security tools and techniques and it is also necessary to get protection from hacking attacks. Scope The scope of this planning and policy is wide because proper implementation of these policies will help every business organization, hospitals and other individuals to make their information secured for long time. Information Security Requirements The main requirements of information security are identification of issues of hospital that are affecting information security, proper organization of security policies and standards, train all employees to implement information security policies and standards and implementation of information security standards. Policy Details As we have provided a brief information about security policy for Hillside Hospital, here is detail about that policy. According to that policy by setting different login credentials for different level employees, low level employees will not have permission to access most sensitive information about top level staff members. This policy will reduce chances of leaking information. Besides this, every activity of employees on their computers while accessing information should be detected by using detection control systems. These systems have some advanced features such as if an employee will try to access unauthorized information from database from his computer then it will send message to administrator. References Security Intelligence. (2017). Key Components of a High-Performing Information Risk Management Program. [online] Available at: https://securityintelligence.com/key-components-of-a-high-performing-information-risk-management-program/ [Accessed 26 Apr. 2017]. Hinkel, T. (2017). 5 Key Elements of Risk Management | Compliance Guru FFIEC Guidance. [online] Complianceguru.com. Available at: https://complianceguru.com/2010/11/5-key-elements-of-risk-management/ [Accessed 26 Apr. 2017]. Betterhealth.vic.gov.au. (2017). Security and safety at hospital. [online] Available at: https://www.betterhealth.vic.gov.au/health/servicesandsupport/security-and-safety-at-hospital [Accessed 26 Apr. 2017]. Nttsecurity.com. (2017). Security Planning and Risk Assessment. [online] Available at: https://www.nttsecurity.com/en/what-we-do/security-planning-and-risk-assessment/ [Accessed 26 Apr. 2017]. Protectivesecurity.govt.nz. (2017). Protective Security Requirements | Information Security Management Protocol. [online] Available at: https://www.protectivesecurity.govt.nz/home/information-security-management-protocol/ [Accessed 26 Apr. 2017]. Securitymagazine.com. (2017). 5 Key Components of a Robust Travel Risk Management Program. [online] Available at: https://www.securitymagazine.com/articles/87898-key-components-of-a-robust-travel-risk-management-program [Accessed 26 Apr. 2017].