CLevel Concerns in IA Management - Essay Example

Thus for protection, organizations employ strict security measures to create a barrier to stop these codes entering the system and if they enter, provide a method to detect and destroy the code before it destroys the company. The first step of information protection is developing a security policy for the specific organization. Security policy often covers how the policy will be used inside the company, describes how the company would educate its employees about protecting the organizational assets such as its computer systems and information, terms and explanation of security enforcement, and also an evaluative feature in the policy so that it can be updated when required (Whatis, 2007).

In our health care facility, there is not such an extensive security policy, rather a general one. This security policy tells about how the employees are supposed to use the system, which users are restricted from accessing other higher levels of information, information regarding legal actions in case of breaching the code of confidentiality and policy updating mechanisms. Our security policy came into existence after several cases of breach of patient information which was used by marketers to advertise their products using patient telephone numbers and email addresses.

Since such information is easily available elsewhere, we first rejected patient's claims that such information leaking is coming from our side. However when such complains became common, an inquiry was conducted and it was found that one of the receptionist's computer systems was being hacked. At this point in time, our system administrator met with all information technology members in the organization and decided to implement a full-fledged policy to prevent such an incident from occurring again.

Developing and Implementing the PolicyThe first step in developing the strategy was to take permission from the manager and gets the funds allotted. This is easily done specially after the incident as the managers wanted to regain the lost image of the organization due to breach in patient information which is a requirement in the medical profession. A security memorandum was issued in response to the incident detailing of how security will be managed in the organization from then onwards.Industry StandardsKeeping the enormous need of patient information confidential, this policy was created and the ISO 17799 standard was integrated.

Doctors, nurses and other staff were given personal computers (where required) with personal passwords. Three levels of information was secured using these passwords, with senior doctors getting to the highest access level and the junior nurses/interns getting the least access level. In the policy, the guidelines for employee level updates are given and the permission of their access levels is clearly identified. (Shinder & Tittel, 2002)Password ProtectionThe password protection was applied throughout the intranet (internal network) of the organization.

The network administrator is responsible for setting up the user accounts, giving them access codes and setting up their personal systems. Also these passwords are supposed to be changed regularly.Installation GuidelinesFor the matter of security, no user is allowed to install any software of their system without informing the network adminis