It Security Policies
Dealing with the it security challenges at Piedmont Healthcare
Having too many systems running in one organization creates a recipe for disaster. Reducing the number of systems would ensure that management of the systems is easy and devices that are connecting to the systems would also reduce. With the reduction of devices and systems, Piedmont Healthcare would be better placed to manage its systems and number of devices connecting to the systems Warren, 2001.
Keeping track of the devices and people who are connecting to the system becomes an easy task for the it team, thus ensuring security of the healthcare systems. Maintenance of the systems and devices is much easier too.
As there is no inventory of it assets, the first step would be to establish an inventory database and come up with a policy to ensure that any additional assets are entered into the inventory database automatically. The database would capture all the it assets, and their various configurations. Using a database it is much easy to keep track of the it assets and the person responsible for the asset. Any external device that would attempt to connect to their systems would be automatically denied access as only the devices that are in the database that would be allowed access.
Classification of the assets is best done in a hierarchical structure. Using this structure, Piedmont Healthcare would be able to group its assets using common or similar characteristics e.g. Computer group could have notebooks, desktops, and tablets. This classification would make it easy to retrieve information regarding a particular classification group in case one wants to do an analysis.
A clear reporting framework policy is required to cover the reporting elements that were left open to interpretation due to the Health Insurance Portability and Accountability Act. With a clear reporting policy standard, there will be less likelihood of reporting or report interpretation errors encountered.
What is the purpose of ISACA?
ISACA is dedicated to promoting and advance information security control and audit. Educating individuals to improve and develop their capabilities in the field of information systems control and audit is its primary purpose. ISACA encourages the exchange of information, and problem solving techniques amongst its members. Communication to information system professionals, management and system auditors the need to have necessary controls that ensure effective use of IS resources and organization. ISACA also promotes newsletters that ensure its members are kept informed of new trends in information security control and audit, which can be helpful to their employers and themselves.
Why should companies use COBIT?
COBIT is a governance framework for it that was developed by ISACA. It provides tools that help in bridging the gaps in business risks, technical issues and control requirements. Nowadays many business processes are dependent on it, thus to manage the risks that are posed by it systems effectively use of COBIT becomes paramount in every company. Companies should use COBIT throughout the company for it control to ensure that there are good practices and a clear policy development.
You’re 83% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.