Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
¶ … Security Programs
Implementation of Information Security Programs
Information Security Programs are significantly growing with the present reforms in the United States agencies, due to the insecurity involved in the handling of data in most corporate infrastructure systems. Cases such as independent hackers accessing company databases and computerized systems, computer service attacks, malicious software such as viruses that attack the operating systems and many other issues are among the many issues experienced in the corporate arena, including government agencies like the U.S. Department of Health and Human Services. These cases have led to the necessity for more implementation of the information security programs, which provide counter measures for the information security threats.
The United States Department of Health and Human Services
The Department of Health and Human Services in the United States (HHS) is one of the principal agencies obliged to protect the health conditions of the entire American population and also providing the basic human services especially to the needy Americans (HHS.gov, 2012). The department works very closely with the local and state government, hence providing most of its services at both the county and state agencies. The HHS department is constituted of eleven different divisions, which are individual operations, eight of which represent agencies of Public Health Services, and the remaining four are agencies of human services (HHS.gov, 2012).
Security Area Responsible Party
The CSIRC, which is under the Chief Information Security Officer, has the primary responsibility of entering data related to the HHS department, including the maintenance of the IT security awareness, and also the overall determination of IT security position of the HHS. The office shall ensure that the HHS department is always aware of privacy and security vulnerability, any happenings that might have a direct negative impact to the security of information, the negative impacts in case of insecurity and the sharing of information to the relevant authorities. The office will also analyze the risks related to data handling and ensure measures are instituted to mitigate data loss or penetration by unintended persons (HHS.gov, 2012).
Vulnerabilities and risk mitigation strategies
Information in the Department of Health and Human Services is...
In severe situations, the information could be lost permanently, leading to disruptions in the normal functioning and department operations. The major risks also include the unintended disclosure of confidential information/data, and also unauthorized use of the same data. The Information security Programs, therefore, aim at the reduction of these risks, which come in different forms. The technical risks involved are; malicious distortion of data and tampering with stored information through destruction of storage capacities. Fraud could also be a risk, where the staff and those operating the data systems could decide to use the data in the wrong way, mostly for self-interests. Systems could also be damaged through the infection of viruses and worms. For the mitigation of these named risks, the department has to indulge in both prevention and management of the risks.
The focus of the information security program is to prevent, detect, verify and then respond to the different risks involved. The prevention entails the effective manipulation of processes, procedures, technology and the department responsibilities, so as to mitigate any potential threats. Detection in most cases involves the use of both the automated and manual mechanisms to identify and differentiate the risk and security issues. Currently, the HHS department could apply the detention strategy by monitoring passively and actively the procedures of the security programs. Verification phase ensures that all the necessary measures dealing with security are taken care of. This could include the use of monitoring tools and conduction of audit functions. The response strategy will only be implemented when the prevention approaches seem to be underperforming. The department will require rapid and efficient capabilities to respond to risks, including direct responses, triage and containment of hazardous security threats (Onsett International Corporation, 2001).
Acquisition of systems and Asset management
The HSS Department has the obligation to acquire and maintain the best systems that will help maintain the department's information. The department has to use specified systems, preferably a descriptive database, that will store records for all the property the department owns and controls. According't the principles governing the department (FRPC principles), there has to…
References
Onsett International Corporation. (2001 September). Building Comprehensive Information Security Programs. Retrieved from www.onsett.com/.../...
HHS.gov. (2004 December 15). Information Security Program Policy. Retrieved from www.fas.org/sgp/othergov/hhs-infosec.pdf
SANS Institute: Security Laboratory. (2007 August 15). Configuration Management in the Security World. Retrieved from www.sans.edu/research/security-laboratory/.../meyer-config-manage
HHS.gov. (2010 April 5). Policy of Information Technology (IT): Security and Privacy Incident Reporting and Response. Retrieved from www.hhs.gov/ocio/policy/policydocs/hhs_ocio_policy_2010_0004.doc - 11k
HHS.gov. (2012 July 7). U.S. Department of Health and Human Services. Retrieved from http://www.dhhs.gov/
Securities Regulation SECURITIES REGULARIZATIONS IN NON-PROFIT ORGANIZATIONS The ensuring of the fact that an organization is working as per regulations and is following the code of conduct, while keeping the interest of the public first, are matters which are becoming more and more complicated with the passage of time. Therefore, it can be said with some emphasis, that today one of the most basic issues of many organizations is the issue of
Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework
Security Breach Case Scenario 1: Security Breach Hospitals have the opportunity and responsibility to integrate sound policies and procedures in relation to the protection of the confidential client information (Rodwin, 2010). St. John's Hospital in no different to this notion has the organization seeks to enhance the security and confidentiality of the information of its clients. The organization is a role model to other institutions within the geographical area on the essential
C. Evaluation question(s) and aims. The primary question that will be addressed is to identify whether HCBS program is able to provide service to the target population. The evaluation questions will also be directed to the cost effectiveness of the program. The following evaluation questions are identified: 1. Is the program meet the budget requirements of the 1915 (b)? 2. Has the program generates cost saving? 3. Has the program has been able to
Security in Cloud Computing Security issues associated with the cloud Cloud Security Controls Deterrent Controls Preventative Controls Corrective Controls Detective Controls Dimensions of cloud security Security and privacy Compliance Business continuity and data recovery Logs and audit trails Legal and contractual issues Public records The identified shortcomings in the cloud computing services and established opportunities for growth regarding security aspects are discussed in the current research. The security of services is regarded as the first obstacle. The opportunity for growth is provided as combination
To offer an information security awareness training curriculum framework to promote consistency across government (15). Security awareness is needed to ensure the overall security of the information infrastructure. Security awareness programs is the can help organizations communicate their security information policies, as well as tips for users, to help keep systems secure, and the practices the entire organization should be utilizing. However, as Kolb and Abdullah reiterate, "security awareness is not