April 21, 2014
Instructor James Stewart
Section 1: Information Security Management 3
Section 2: Security Program 6
Section 3: Security Policies-TBD 7
Section 4: Assessing Risk-TBD 8
Section 5: Controlling Risk-TBD 9
REFERENCE PAGE 10
Section 1: Information Security Management
I had mixed emotions on which organization I wanted to use for this assignment. Most choices were between the Houma Police Department or my sister organization that I get to work hand to hand with on a daily basis which is the Acadian Ambulance Service due to wanting to learn more about how they operate. The organization I have chosen to use for this ...view middle of the document...
Double keying is a method of verifying data by entering it twice, the data is entered by once person, then re-entered by a second this insures the accuracy of the data. Message authentication involves a short code to validate the origin of the message and assure that the message did not originate from a malicious source. Digital signatures also ensure that the message or data originated from a known sender, and can ensure whether or not the data was tampered with in transit.
This organization requires a security manager to oversee the implementation and maintenance of the security system and the support of an IT departments to ensure that the systems are up to date and protected from any potential dangers. The IT department will also be responsible for training the field supervisory group on proper methods for handling protected health information. The supervisory group will in turn instill a culture of security in the field medics and encourage good habits when handling protected health information. The field medics will be tasked with maintaining security standards at the lowest level, and should be required to change access passwords regularly. Field personnel should be expected to log out of programs involving protected health information when not in use. Safe guards should also be in place that automatically logs the person out after a period of inactivity.
The role of project management for the new security system is to research and develop a plan of implementation for the system. Researching a security system that best suits the needs of the organization involves contacting other organizations that are utilizing the electronic patient care report systems and get the input of their IT departments on specific programs and how they can be improved for use in this field. Once a list of programs and the pros and cons of each are compiled from the experiences of other organizations, the project manager should contact the companies the produce these programs and request a trial of the programs and ask if any of the concerns of the organizations have been addressed....