Note: Sample below may appear distorted but all corresponding word document files contain proper formattingExcerpt from Essay:
Implementation of Information Security Programs
Information Security Programs are significantly growing with the present reforms in the United States agencies, due to the insecurity involved in the handling of data in most corporate infrastructure systems. Cases such as independent hackers accessing company databases and computerized systems, computer service attacks, malicious software such as viruses that attack the operating systems and many other issues are among the many issues experienced in the corporate arena, including government agencies like the U.S. Department of Health and Human Services. These cases have led to the necessity for more implementation of the information security programs, which provide counter measures for the information security threats.
The United States Department of Health and Human Services
The Department of Health and Human Services in the United States (HHS) is one of the principal agencies obliged to protect the health conditions of the entire American population and also providing the basic human services especially to the needy Americans (HHS.gov, 2012). The department works very closely with the local and state government, hence providing most of its services at both the county and state agencies. The HHS department is constituted of eleven different divisions, which are individual operations, eight of which represent agencies of Public Health Services, and the remaining four are agencies of human services (HHS.gov, 2012).
Security Area Responsible Party
The CSIRC, which is under the Chief Information Security Officer, has the primary responsibility of entering data related to the HHS department, including the maintenance of the IT security awareness, and also the overall determination of IT security position of the HHS. The office shall ensure that the HHS department is always aware of privacy and security vulnerability, any happenings that might have a direct negative impact to the security of information, the negative impacts in case of insecurity and the sharing of information to the relevant authorities. The office will also analyze the risks related to data handling and ensure measures are instituted to mitigate data loss or penetration by unintended persons (HHS.gov, 2012).
Vulnerabilities and risk mitigation strategies
Information in the Department of Health and Human Services is prone to many risks that could lead to the distortion of very important information. In severe situations, the information could be lost permanently, leading to disruptions in the normal functioning and department operations. The major risks also include the unintended disclosure of confidential information/data, and also unauthorized use of the same data. The Information security Programs, therefore, aim at the reduction of these risks, which come in different forms. The technical risks involved are; malicious distortion of data and tampering with stored information through destruction of storage capacities. Fraud could also be a risk, where the staff and those operating the data systems could decide to use the data in the wrong way, mostly for self-interests. Systems could also be damaged through the infection of viruses and worms. For the mitigation of these named risks, the department has to indulge in both prevention and management of the risks.
The focus of the information security program is to prevent, detect, verify and then respond to the different risks involved. The prevention entails the effective manipulation of processes, procedures, technology and the department responsibilities, so as to mitigate any potential threats. Detection in most cases involves the use of both the automated and manual mechanisms to identify and differentiate the risk and security issues. Currently, the HHS department could apply the detention strategy by monitoring passively and actively the procedures of the security programs. Verification phase ensures that all the necessary measures dealing with security are taken care of. This could include the use of monitoring tools and conduction of audit functions. The response strategy will only be implemented when the prevention approaches seem to be underperforming. The department will require rapid and efficient capabilities to respond to risks, including direct responses, triage and containment of hazardous security threats (Onsett International Corporation, 2001).
Acquisition of systems and Asset management
The HSS Department has the obligation to acquire and maintain the best systems that will help maintain the department's information. The department has to use specified systems, preferably a descriptive database, that will store records for all the property the department owns and controls.…[continue]
"Security Programs Implementation Of Information Security Programs" (2012, July 08) Retrieved December 4, 2016, from http://www.paperdue.com/essay/security-programs-implementation-of-information-80974
"Security Programs Implementation Of Information Security Programs" 08 July 2012. Web.4 December. 2016. <http://www.paperdue.com/essay/security-programs-implementation-of-information-80974>
"Security Programs Implementation Of Information Security Programs", 08 July 2012, Accessed.4 December. 2016, http://www.paperdue.com/essay/security-programs-implementation-of-information-80974
Federal Information Security Management Act (FISMA) The Federal Information Security Management Act places emphasis on the importance of training and awareness program and states under section 3544 (b).(4).(A), (B) that "security awareness training to inform personnel, including contractors and other users of information systems that support the operations and assets of the agency of- information security risks associated with their activities; and their responsibilities in complying with agency policies and procedures
Security Management During the span of one's college career, a select number of courses become something more than a simple requirement to be satisfied to assure graduation; these are moments in a student's educational process which make the most lasting impacts. In my personal case, the lessons I have learned as part of my studies in ISSC680 will likely be remembered in those terms, as my eventual career will find
They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and
Security Breach Case Scenario 1: Security Breach Hospitals have the opportunity and responsibility to integrate sound policies and procedures in relation to the protection of the confidential client information (Rodwin, 2010). St. John's Hospital in no different to this notion has the organization seeks to enhance the security and confidentiality of the information of its clients. The organization is a role model to other institutions within the geographical area on the essential
Security Metrics Governance of Information Security: Why Metrics Do Not Necessarily Improve Security The objective of this study is to examine the concept that the use of various Metrics has tended to improve security however, Metrics alone may not necessarily improve security. This study will focus on two well-known metrics. The work of Barabanov, Kowalski and Yngstrom (2011) states that the greatest driver for information security development in the majority of organizations
ERP and Information Security Introduction to ERP Even though the plans of information security include the prevention of outsiders to gain access of internal network still the risk from the outsiders still exists. The outsiders can also represent themselves as authorized users in order to cause damage to the transactions of the business systems. Therefore, strict prevention measures should be taken to avoid such situations. The threats of both the hackers have been
Pharmacy Information Security Information Security in Pharmacies Information security is vital in many firms especially pharmacies and other sensitive fields. Security officers are, therefore, necessary to ensure both physical and logical safety. The Information Security Officer/Manager (ISO) will have different duties such as managing the information security functions in according to the firm's established guidelines and provisions/policies, providing reports to the firm's management at reasonable intervals, establishing and ensuring implementation of information