Login Signup
Verified Document

Security Programs Implementation Of Information Security Programs Essay

Related Topics:
Security Principles Database Security Security Program Evaluation
Open Document Cite Document

¶ … Security Programs Implementation of Information Security Programs

Information Security Programs are significantly growing with the present reforms in the United States agencies, due to the insecurity involved in the handling of data in most corporate infrastructure systems. Cases such as independent hackers accessing company databases and computerized systems, computer service attacks, malicious software such as viruses that attack the operating systems and many other issues are among the many issues experienced in the corporate arena, including government agencies like the U.S. Department of Health and Human Services. These cases have led to the necessity for more implementation of the information security programs, which provide counter measures for the information security threats.

The United States Department of Health and Human Services

The Department of Health and Human Services in the United States (HHS) is one of the principal agencies obliged to protect the health conditions of the entire American population and also providing the basic human services especially to the needy Americans (HHS.gov, 2012). The department works very closely with the local and state government, hence providing most of its services at both the county and state agencies. The HHS department is constituted of eleven different divisions, which are individual operations, eight of which represent agencies of Public Health Services, and the remaining four are agencies of human services (HHS.gov, 2012).

Security Area Responsible Party

The CSIRC, which is under the Chief Information Security Officer, has the primary responsibility of entering data related to the HHS department, including the maintenance of the IT security awareness, and also the overall determination of IT security position of the HHS. The office shall ensure that the HHS department is always aware of privacy and security vulnerability, any happenings that might have a direct negative impact to the security of information, the negative impacts in case of insecurity and the sharing of information to the relevant authorities. The office will also analyze the risks related to data handling and ensure measures are instituted to mitigate data loss or penetration by unintended persons (HHS.gov, 2012).

Vulnerabilities and risk mitigation strategies

Information in the Department of Health and Human Services is...

In severe situations, the information could be lost permanently, leading to disruptions in the normal functioning and department operations. The major risks also include the unintended disclosure of confidential information/data, and also unauthorized use of the same data. The Information security Programs, therefore, aim at the reduction of these risks, which come in different forms. The technical risks involved are; malicious distortion of data and tampering with stored information through destruction of storage capacities. Fraud could also be a risk, where the staff and those operating the data systems could decide to use the data in the wrong way, mostly for self-interests. Systems could also be damaged through the infection of viruses and worms. For the mitigation of these named risks, the department has to indulge in both prevention and management of the risks.
The focus of the information security program is to prevent, detect, verify and then respond to the different risks involved. The prevention entails the effective manipulation of processes, procedures, technology and the department responsibilities, so as to mitigate any potential threats. Detection in most cases involves the use of both the automated and manual mechanisms to identify and differentiate the risk and security issues. Currently, the HHS department could apply the detention strategy by monitoring passively and actively the procedures of the security programs. Verification phase ensures that all the necessary measures dealing with security are taken care of. This could include the use of monitoring tools and conduction of audit functions. The response strategy will only be implemented when the prevention approaches seem to be underperforming. The department will require rapid and efficient capabilities to respond to risks, including direct responses, triage and containment of hazardous security threats (Onsett International Corporation, 2001).

Acquisition of systems and Asset management

The HSS Department has the obligation to acquire and maintain the best systems that will help maintain the department's information. The department has to use specified systems, preferably a descriptive database, that will store records for all the property the department owns and controls. According't the principles governing the department (FRPC principles), there has to…

Continue Reading...
Sources used in this document:
References

Onsett International Corporation. (2001 September). Building Comprehensive Information Security Programs. Retrieved from www.onsett.com/.../...

HHS.gov. (2004 December 15). Information Security Program Policy. Retrieved from www.fas.org/sgp/othergov/hhs-infosec.pdf

SANS Institute: Security Laboratory. (2007 August 15). Configuration Management in the Security World. Retrieved from www.sans.edu/research/security-laboratory/.../meyer-config-manage

HHS.gov. (2010 April 5). Policy of Information Technology (IT): Security and Privacy Incident Reporting and Response. Retrieved from www.hhs.gov/ocio/policy/policydocs/hhs_ocio_policy_2010_0004.doc - 11k
HHS.gov. (2012 July 7). U.S. Department of Health and Human Services. Retrieved from http://www.dhhs.gov/
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Security for Networks With Internet Access
Words: 4420 Length: 12 Document Type: Term Paper

Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework

Read More
Essay
Security in Cloud Computing
Words: 3274 Length: 10 Document Type: Research Paper

Security in Cloud Computing Security issues associated with the cloud Cloud Security Controls Deterrent Controls Preventative Controls Corrective Controls Detective Controls Dimensions of cloud security Security and privacy Compliance Business continuity and data recovery Logs and audit trails Legal and contractual issues Public records The identified shortcomings in the cloud computing services and established opportunities for growth regarding security aspects are discussed in the current research. The security of services is regarded as the first obstacle. The opportunity for growth is provided as combination

Read More
Essay
Security Awareness the Weakest Link
Words: 8202 Length: 30 Document Type: Case Study

To offer an information security awareness training curriculum framework to promote consistency across government (15). Security awareness is needed to ensure the overall security of the information infrastructure. Security awareness programs is the can help organizations communicate their security information policies, as well as tips for users, to help keep systems secure, and the practices the entire organization should be utilizing. However, as Kolb and Abdullah reiterate, "security awareness is not

Read More
Essay
Security Information Is the Power. The Importance
Words: 5012 Length: 15 Document Type: Term Paper

Security Information is the Power. The importance of collecting, storing, processing and communicating the relevant information presently is viewed as crucial in order to achieve success in almost all the fields be it business firms, individuals or organizations. An integrated set of components assisting collection, store, process and communication of information is termed as information system. Increasing dependence on information systems is noticed in order to excel in the respective fields

Read More
Essay
Security Issues of Online Communities
Words: 15576 Length: 60 Document Type: Term Paper

This researcher rejects the existence of online communities because computer mediated group discussions cannot possibly meet this definition. Weinreich's view is that anyone with even a basic knowledge of sociology understands that information exchange in no way constitutes a community. For a cyber-place with an associated computer mediated group to be labeled as a virtual settlement it is necessary for it to meet a minimum set of conditions. These are:

Read More
Essay
Information Systems Multi-Chapter Case Study
Words: 3615 Length: 13 Document Type: Case Study

First, as Personal Trainer expands globally, the system will be available through web browsers anywhere in the world. Second, the ease of completing system upgrades across all users at the same time needs to be taken into consideration, and the use of the Web-based system architecture hosted on a Software-as-a-Service (SaaS) platform is critical. Third, by taking this approach Susan can b e assured there will be higher levels

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now