Security Programs Implementation Of Information Security Programs Essay

Length: 4 pages Sources: 5 Subject: Education - Computers Type: Essay Paper: #50736542 Related Topics: Security Principles, Database Security, Security, Program Evaluation
Excerpt from Essay :

¶ … Security Programs

Implementation of Information Security Programs

Information Security Programs are significantly growing with the present reforms in the United States agencies, due to the insecurity involved in the handling of data in most corporate infrastructure systems. Cases such as independent hackers accessing company databases and computerized systems, computer service attacks, malicious software such as viruses that attack the operating systems and many other issues are among the many issues experienced in the corporate arena, including government agencies like the U.S. Department of Health and Human Services. These cases have led to the necessity for more implementation of the information security programs, which provide counter measures for the information security threats.

The United States Department of Health and Human Services

The Department of Health and Human Services in the United States (HHS) is one of the principal agencies obliged to protect the health conditions of the entire American population and also providing the basic human services especially to the needy Americans (, 2012). The department works very closely with the local and state government, hence providing most of its services at both the county and state agencies. The HHS department is constituted of eleven different divisions, which are individual operations, eight of which represent agencies of Public Health Services, and the remaining four are agencies of human services (, 2012).

Security Area Responsible Party

The CSIRC, which is under the Chief Information Security Officer, has the primary responsibility of entering data related to the HHS department, including the maintenance of the IT security awareness, and also the overall determination of IT security position of the HHS. The office shall ensure that the HHS department is always aware of privacy and security vulnerability, any happenings that might have a direct negative impact to the security of information, the


The office will also analyze the risks related to data handling and ensure measures are instituted to mitigate data loss or penetration by unintended persons (, 2012).

Vulnerabilities and risk mitigation strategies

Information in the Department of Health and Human Services is prone to many risks that could lead to the distortion of very important information. In severe situations, the information could be lost permanently, leading to disruptions in the normal functioning and department operations. The major risks also include the unintended disclosure of confidential information/data, and also unauthorized use of the same data. The Information security Programs, therefore, aim at the reduction of these risks, which come in different forms. The technical risks involved are; malicious distortion of data and tampering with stored information through destruction of storage capacities. Fraud could also be a risk, where the staff and those operating the data systems could decide to use the data in the wrong way, mostly for self-interests. Systems could also be damaged through the infection of viruses and worms. For the mitigation of these named risks, the department has to indulge in both prevention and management of the risks.

The focus of the information security program is to prevent, detect, verify and then respond to the different risks involved. The prevention entails the effective manipulation of processes, procedures, technology and the department responsibilities, so as to mitigate any potential threats. Detection in most cases involves the use of both the automated and manual mechanisms to identify and differentiate the risk and security issues. Currently, the HHS department could apply the detention strategy by monitoring passively and actively the procedures of the security programs. Verification phase ensures that all the necessary measures dealing with security are taken care of. This could include the use of monitoring tools and conduction of audit functions. The response strategy will only be implemented when the prevention approaches seem to be underperforming. The department will require rapid and efficient capabilities to respond to risks, including direct responses, triage and containment of hazardous security threats (Onsett International Corporation, 2001).

Acquisition of systems and Asset management

The HSS Department has the obligation to acquire and maintain the best systems that will help maintain the department's information. The department has to use specified systems, preferably a descriptive database, that will store records for all the property the department owns and controls.…

Sources Used in Documents:


Onsett International Corporation. (2001 September). Building Comprehensive Information Security Programs. Retrieved from (2004 December 15). Information Security Program Policy. Retrieved from

SANS Institute: Security Laboratory. (2007 August 15). Configuration Management in the Security World. Retrieved from (2010 April 5). Policy of Information Technology (IT): Security and Privacy Incident Reporting and Response. Retrieved from - 11k

Cite this Document:

"Security Programs Implementation Of Information Security Programs" (2012, July 08) Retrieved April 11, 2021, from

"Security Programs Implementation Of Information Security Programs" 08 July 2012. Web.11 April. 2021. <>

"Security Programs Implementation Of Information Security Programs", 08 July 2012, Accessed.11 April. 2021,

Related Documents
Securities Regulation of Nonprofit Organizations
Words: 12607 Length: 45 Pages Topic: Business - Management Paper #: 11212386

Securities Regulation SECURITIES REGULARIZATIONS IN NON-PROFIT ORGANIZATIONS The ensuring of the fact that an organization is working as per regulations and is following the code of conduct, while keeping the interest of the public first, are matters which are becoming more and more complicated with the passage of time. Therefore, it can be said with some emphasis, that today one of the most basic issues of many organizations is the issue of

Security for Networks With Internet Access
Words: 4420 Length: 12 Pages Topic: Education - Computers Paper #: 31313380

Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework

Security Breach Case Scenario 1: Security Breach
Words: 1969 Length: 7 Pages Topic: Business - Management Paper #: 21358624

Security Breach Case Scenario 1: Security Breach Hospitals have the opportunity and responsibility to integrate sound policies and procedures in relation to the protection of the confidential client information (Rodwin, 2010). St. John's Hospital in no different to this notion has the organization seeks to enhance the security and confidentiality of the information of its clients. The organization is a role model to other institutions within the geographical area on the essential

Program Evaluation Home and Community-Based
Words: 7215 Length: 25 Pages Topic: Healthcare Paper #: 51007613

C. Evaluation question(s) and aims. The primary question that will be addressed is to identify whether HCBS program is able to provide service to the target population. The evaluation questions will also be directed to the cost effectiveness of the program. The following evaluation questions are identified: 1. Is the program meet the budget requirements of the 1915 (b)? 2. Has the program generates cost saving? 3. Has the program has been able to

Security in Cloud Computing
Words: 3274 Length: 10 Pages Topic: Education - Computers Paper #: 13618479

Security in Cloud Computing Security issues associated with the cloud Cloud Security Controls Deterrent Controls Preventative Controls Corrective Controls Detective Controls Dimensions of cloud security Security and privacy Compliance Business continuity and data recovery Logs and audit trails Legal and contractual issues Public records The identified shortcomings in the cloud computing services and established opportunities for growth regarding security aspects are discussed in the current research. The security of services is regarded as the first obstacle. The opportunity for growth is provided as combination

Security Awareness the Weakest Link
Words: 8202 Length: 30 Pages Topic: Education - Computers Paper #: 52504223

To offer an information security awareness training curriculum framework to promote consistency across government (15). Security awareness is needed to ensure the overall security of the information infrastructure. Security awareness programs is the can help organizations communicate their security information policies, as well as tips for users, to help keep systems secure, and the practices the entire organization should be utilizing. However, as Kolb and Abdullah reiterate, "security awareness is not