StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Principles of Information Security - Essay Example

Cite this document
Summary
This paper “Principles of information security” analyzes the state of an information system in a company before proposing various issue-specific policies capable of enhancing the efficiency and effectiveness of the system. Information policies influence the nature of the information systems in a company…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.9% of users find it useful
Principles of Information Security
Read Text Preview

Extract of sample "Principles of Information Security"

Principles of information security Introduction Information is one of the most important assets in most organizations. Companies invest billions of dollars in safeguarding their data and developing functional information systems to enable ease of access to the databases and the information they contain. The improvements in technologies provide appropriate ways of developing and maintaining appropriate and functional information systems (Gibson, 2011). However, the improvements in technology further increase the risks that databases and the entire information system face. An organization must develop appropriate policies capable of safeguarding and maintaining a reliable information system thus ensuring that the employees access the information in real time. Information policies influence the nature of the information systems in a company and the use of the information within the organization. This report analyzes the state of an information system in a company before proposing various issue-specific policies capable of enhancing the efficiency and effectiveness of the system. The report is a product of teamwork with the group members collaborating in the development of the various sections of the report including the selection of the issue-specific policies. The group selected New York Presbyterian Hospital as the organization of choice for the study. Information is a vital resource in the management of health facilities and the dispensation of services in the facilities. Health facilities strive to develop efficient and reliable information systems capable of providing real-time access to vital information that may always mean the death or life of a patient. The health facility provides an effective environment for assessing the importance of information systems thus formulating policies that would enhance service delivery in the facility. The members of the group carried out research on the health facility and interviewed some of its employees and managers who offered reliable information on the nature and importance of the information system. The research included studying and testing the various features of the facility’s information including the functionality of its website. The report has various sections that provide in-depth analysis of the information system in the facility, the proposition of the policies and their anticipated effects. Overview of the company is a key section of the report that provides adequate information about the existing information system of the hospital, its information needs and the need for functional information policies to guide the utilization of the system. Subsequent sections of the report address related topical issues including the existing information policy in the facility and the subsequent issue specific policies proposed after the study. Overview of the chosen company New York Presbyterian Hospital just as the name suggests is a health facility and a university hospital. The hospital has affiliations with Weill Cornell Medical College and Columbia Universitys College of Physicians and Surgeons. The hospital has a bed capacity of 2,478. The hospital has numerous departments that offer both inpatient and outpatient services a feature that compounds its need for information systems. The health facility offers various services including cancer treatments, neuroscience, orthopedic, rehabilitation medicine and children health care services among many others. As a teaching and referral hospital, New York Presbyterian Hospital has numerous departments that make the maintenance of a reliable and functional information system a difficult process. The hospital has more than two hundred doctors and about a thousand nurses. The management of information is a major function of the management with the hospital having a Chief Information Officer, who heads the department mandated with the management of information in the hospital. The hospital has seven main facilities spread throughout the city of New York. The seven include Columbia University Medical Center, Allen Hospital, Queens, Lower Manhattan Hospital, Westchester Division, Morgan Stanley Children’s Hospital and the Weill Cornell Medical Center. The facilities operate semi-autonomously but share the hospital’s database. Some patients seek help from more than one department a feature that makes sharing of information among the seven facilities vital. New York Presbyterian Hospital has hundreds of computers connected to its information systems. Each of the seven facilities has various departments each of which has installed computers, telephones, printers, a filing system and shredders among many other facilities contained in an information systems. The various computers in each department constitute functional workstations with information officers who coordinate the movement of patients and coordinate the operations of the doctors and patients to ensure that each obtains appropriate information to enhance service delivery. The doctors at the hospital have their personal laptops among other handheld devices through which they contain their personal information and may always use for their official duties at the hospital. They connect their laptops to the wireless Local Area Network belonging to the hospital and access specific data that relates to their duties at the hospital. The hospital has seven data centers each in its seven facilities. The data centers host the hospitals databases and run on an efficient network that share the information both locality in the seven facilities but with the other facilities in the various parts of the city. The data centers occupy strategic floors in the administrative buildings of the seven facilities. The buildings enjoy adequate security from the private security firm the hospital hires to guard its premises throughout the city. Additionally, the hospital has a team of information technology specialists mandated with the management of the security and integrity of the databases. The team employs various technologies to ensure the safety of the databases and that the information system runs efficiently thus enabling real-time access to patient records among other vital records in the facility. Besides the doctors and nurses, the hospital has numerous other employees including subordinate staff mandated with the cleanliness and security of the facilities. The management of the hospital requires an effective database and an equally efficient information system to manage the vital records for the various employees. In addition to the electronic information system, the hospital has an archiving department that consists of a functional library containing various records including patient and employees. The Enterprise Information Security Policy With such a reliable information system, the New York Presbyterian Hospital has various security policies that control the accessibility of the information from the databases through the system. The policies are sets of rules that influence the behaviors of the expected users, security personnel, system administrators and the management of the organization among other users. The policies at the hospital permit particular individuals to access particular parts of the databases. The hospital’s database contains various types of data including patient records, inventories of the hospital’s pharmacy among other departments, employee history, and records among many others. The policies ensure that each user of the network access the appropriate data. The information policy at the hospital encourages categorization of the database to enable orderly and effective access of information with the view to enhancing service delivery while increasing profitability. Doctors and nurses access patient records and data relating to medical research. Managers access data relating to the history of the employees of the hospital including the doctors, nurses and subordinates. They access records relating to their payments, promotions and issues affecting their productivity. The security policy permits security personnel to monitor and investigate the use of the information system. They strive to ensure that the system functions efficiently. In the case of breaches, they investigate and monitor personnel to ensure that they resolve the breaches and safeguard the security and functionality of the system. The security policies at the hospital strive to maintain orderliness, reliability and the integrity of the data they contain. The hospital maintains a strong security position through stringent data ownership, security controls and maintenance of the security infrastructure. The hospital owns its data. It ensures this by placing unique watermarks on its files and ensuring that it reserves the right to use the information in its database. The security policies encourage the various users to guard the information and discourage against sharing (Dhillon, 2007). The policies outline several behaviors the management considers unethical and illegal. The security personnel carries out dedicated surveillance of the information network to ensure that users do not share the information with unauthorized personnel. The policies mandate the information technology department with the management and the security of the information system. They maintain the infrastructure thus improving its efficiency and the security of the databases. The security policy of the information system in the hospital is functional and efficient, at least on paper. Users of the system continue to record failures and hurdles most of which point out to the need of a cohesive and holistic policies that will address the issues thereby providing a functional, safe and efficient system. The harmonization of patients’ record is a problem as doctors and nurses face difficulties accessing patient records. Five different issue specific policies Email Security Policy 1. Every user of the network should have a unique email addresses developed for them by the information technology department as part of the information system. The new policy restricts communication through the network to particular email addresses designed specifically for the network. The information technology team is to develop such email addresses as evelyn@health.NYPH.org for every doctor, nurse, and managers aiming other users of the network. The security team has the official mandate of monitoring and probing how the employees of the hospital use the network. By designing such unique email addresses, the policy restricts the use of the email addresses to official communication within the hospital thereby providing the users of the network with the liberty of retaining their private email address, which the policy prohibits to access the system (ICISS 2008, Sekar & Pujari, 2008). With such a security policy, the security personnel will easily monitor the activities of the various users thereby minimizing instances of security breaches since the users would not use such email addresses for personal affairs. Laptop Security Policy 2. The hospital will have workstations in every department accessible to every employee of the department with a unique username and password. The hospital outlaws linking personal laptops to the network. The use of personal laptops poses great security risks to the information system. Among such risks is the threat of viruses, which would easily jeopardize the integrity, and functionality of the information system by corrupting the information contained in the databases. By outlawing the use of personal laptops on the network, the policy strives to safeguard the integrity and safety of the database. The policy ensures that the management monitors the utilization of the network thus finding effective ways of addressing the problems that arise naturally from the network. The policy limits the accessibility of the network thus minimizing the security risks the network is likely to encounter. Wireless LAN Security Policy 3. The wireless LAN is a preserve of the information system and the inherent computers among other devices only. Unknown devices cannot access the network with the security team ensuring that they place several security features including passwords and firewalls to discourage external devices from accessing the network. The policy seeks to enhance accountability for the use of the network. It ensures that specific computers among other devices that constitute the information system access the network while preventing foreign devices thus minimizing external threats the network may face (Saeed & Pejas, 2005). The policy improves accountability since the security personnel will retain protocols to ensure that only computers that constitute the system access the network. Backup Security Policy 4. The security personnel will install a system that backs up the database automatically to the cyberspace. Backup is a fundamental aspect of information systems. Backup plays an important role in ensuring that the hospital accesses its database even after the network faces such threats as virus attack and theft of the equipment. Backing up databases on the cyberspace provides ease of access. The security team will regulate the accessibility of the backed up the database using passwords among other security features. Cyberspace provides an element of limitlessness that makes it reliable in backing up large amounts of data the universal accessibility of the database makes the backed up copy useful for the various facilities of the hospital since they would access them remotely. Physical Security Policy 5. The data center among other sensitive locations including the respective workstations throughout the hospital will remain out of bounce for non-concerned individuals. The physical security policy strives to minimize the risks of vandalism, theft and unauthorized access to the information system. The policy will ensure that security guards assess every individual striving to access the data center with the view to ensuring that unauthorized personnel do not access the center. By limiting accessibility of the data center, the policy will save the database from vandals and thieves among other individuals with malicious motives (Hawker, 2000). Additionally, the policy will ensure that doctors and nurses use passes to access the workstations and use their passwords to access the network as guards. Such basic security features will minimize the threats of vandalism and theft among others. Conclusion New York Presbyterian Hospital has a functional information system. However, the system faces numerous challenges including lack of comprehensive and consistent media of communication. Furthermore, some departments use physical record keeping techniques a feature that slows the functionality of the system. The system faces serious security threats arising from the structure of the network. Such threats include accidents, thefts, vandalism, fires and natural calamities that may cause the hospital to lose its vital records. The policy propositions above cover the various security threats to the network thus enhancing its safety, integrity and functionality. Successful implementation of the policies will create a reliable and safe system since the policies minimize the risks the network currently faces. References Dhillon, G. (2007). Principles of information systems security: Text and cases. Hoboken, NJ: Wiley. Gibson, D. (2011). Managing risk in information systems. Sudbury, MA: Jones & Bartlett Learning. Hawker, A. (2000). Security and Control in Information Systems: A Guide for Business and Accounting. New York: Psychology press. ICISS 2008, Sekar, R., & Pujari, A. K. (2008). Information systems security: 4th international conference, ICISS 2008, Hyderabad, India, December 16-20, 2008 : proceedings. Berlin: Springer. Saeed, K., & Pejas, J. (2005). Information Processing and Security Systems. Boston, MA: Springer Science+Business Media, Inc. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Principles of Information Security Essay Example | Topics and Well Written Essays - 2250 words”, n.d.)
Principles of Information Security Essay Example | Topics and Well Written Essays - 2250 words. Retrieved from https://studentshare.org/social-science/1702164-principles-of-information-security
(Principles of Information Security Essay Example | Topics and Well Written Essays - 2250 Words)
Principles of Information Security Essay Example | Topics and Well Written Essays - 2250 Words. https://studentshare.org/social-science/1702164-principles-of-information-security.
“Principles of Information Security Essay Example | Topics and Well Written Essays - 2250 Words”, n.d. https://studentshare.org/social-science/1702164-principles-of-information-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Principles of Information Security

Information Security in Technology

This concept of information security goes hand in hand with that of physical security because the idea of confidentiality is still applicable in many ways.... information security in Technology Institution Executive Summary information security is one of today's biggest threats in companies that depend on modern technology for storage of important information.... information security Project Plan There are many differences between physical security, and information security....
5 Pages (1250 words) Research Paper

Operations security and production controls

The organization that I work for has well defined rules to regulate operational security and production controls.... … The concept of security should encompass both the concepts of physical as well as intangible materials like information which can be orally compromised.... The operational security in the firm is maintained by both uniformed personnel members of the staff who are directly associated with ongoing projects.... One of the most important instructions that the security personnel adhere to, is that access to specific areas of the company is need based rather than designation based....
4 Pages (1000 words) Essay

Legal and ethical issue in information security

Principles of Information Security (4th ed.... Management of information security (3rd ed.... This paper is about the legal and ethical issue in information security.... Topic: Legal and ethical issue in information security With the installation of surveillance system in the factory, ethical concerns must arise.... security personnel and supervisors should not use the cameras to monitor the race or sex doing something or the location....
2 Pages (500 words) Case Study

Supporting Activity

Principles of Information Security.... information security: National Archives and Records Administration (NARA) Needs to Implement Key Program Elements and Controls.... onfidentiality is also another reason for increasing the security of the information especially from clients (whether high ranking, celebrities or just the local citizen).... information whether it is in digital form or not is important to the owner and hence protecting it from unauthorized access is the most important thing in an organization today and has been important ever since time immemorial....
1 Pages (250 words) Essay

Firewalls and Intrusion Detection Systems

rinciples of information security.... With an increase in the indulgence in IT systems, security hitches have increased.... Louis IT Company (2014) is of the assumption that security systems have become a mandatory requirement considering the vulnerable nature of IT systems.... In an example, Firewalls and intrusion Firewalls and intrusion detection systems affiliation Firewalls and intrusion detection systems The modern IT systems require effective protection system that may prevent distortion and poor security measures....
2 Pages (500 words) Assignment

The Role of Information Security

It includes the broad areas of information security management, computer, data, and network security (Whitman & Mattord, 2012).... Hence there is development of a more robust model of information security that addresses this threats ,the model consist of critical characteristics of information :availability,accuracy,authenticity , possession, integrity ,utility and confidentiality.... According to the committee on National Security System, information security is defined as the protection of information and its critical elements, including the system and hardware that use, store, and transit that information....
4 Pages (1000 words) Thesis

Entifying Information Assets, Threats, and Vulnerabilities in Top Information Security Breaches of the Decade

?Principles of Information Security.... Five of information security breach that occurred in the last decade include are: insider misuse, unauthorized access by insiders, spam, malware, and unauthorized access by outsiders. Insider INFORMATION SECURITY BREACHES A security breach or security violation is any occurrence that leads to un ized access of data, networks, services, devices, and/or applications by bypassing security mechanisms that exists.... Five of information security breach that occurred in the last decade include are: insider misuse, unauthorized access by insiders, spam, malware, and unauthorized access by outsiders....
2 Pages (500 words) Assignment

Disaster Recovery

Principles of Information Security.... Banks all over the world have been invaded by a cybercrime group being labeled ‘Carbanak gang' which has been stealing millions of dollars in cash from banks and personal accounts and dispensing some of it through ATMs at different times of the day....
1 Pages (250 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us