Management of Information Security



Management of Information Security

Introduction

In this age of cutting edge technology, more and more companies have become dependent on technology in the form of information systems. These systems have many benefits for the organization. However, they also come with different types of direct and indirect risks. Hence, there is a need for security across the organization and management of information systems. The security exposures to an organization can be both internal and external. The paper discusses the management of information security of an organization that I would work for. However, the identity of the organization is concealed to maintain anonymity. The self assessment is made using the NIST Special Publication 800-26 as a guide.

About the organization

The ABC organization that has been selected for the information systems analysis in this assignment is a healthcare organization. It is one of the largest healthcare organizations in the US. The healthcare organization has a huge team of family physicians and family students from across the world. The organization is based on the philosophy of family medicine is both a science and art which does not only provide quality and cost effective options for healthcare delivery but also caters to all the members of the family.

The organization is using an information system by the name of Inpatient Care Management and other by the name of Trauma Systems Development. The healthcare organization that has been selected is an active member of American Academy of Family Physicians. The purpose of implementation of the system is to open the lines of communication between the care providers and the patients for better coordination and better delivery of healthcare.

Assessments

The selected organization has a very good implementation of controls. This is so because the organization has employees a holistic approach. People across the organization are involved and each one of them is working towards improvement of processes and mitigation of any issues with information systems technology.

Preliminary task

The preliminary task in self risk assessment is to analyze the level of effort being put in. the better the foundation, the stronger will be the security of information systems. The selected organization has already completed the early stages and is now in the analysis phase. This stage involves more work to be done on the part of the company then was being done earlier (Rodak, 2011). The first step in this stage is to distinguish for all the members of the organization between risk management and risk assessment. The risk assessment entails finding out the level of risks and the kind of risks that are faced by the organization and the ones that might be faced in future. On the other hand, the risks involved are then managed in a later stage. This means mitigating the risks altogether or decreasing their impact.

Formulation of risk statement

The company has formulated a pretty good risk statement for them. This includes the asset which is the sensitive information on patients. The threat to the organization is presented in the form of ...