INFORMATION SYSTEMS SECURITY

Technical Project Paper: Information Systems Security

Table of Contents

Introduction2

Discussion and Analysis3

Potential physical vulnerabilities and threats:5

Potential logical vulnerabilities and threats:6

Strategy for dealing with the identified logical threats and vulnerabilities:7

Strategy for dealing with the identified physical threats and vulnerabilities:7

Conclusion9

References10

Technical Project Paper: Information Systems Security

Introduction

The Information Security Systems within pharmacies require extensive insights and present considerable challenges, specifically for those who are in the middle of preliminary confusions that occur due to the recently automated process of medication-use. For addressing the preponderance of the transformations in operations that are driven by supporting systems of medication management, the Information Security Systems need to be capable of exchanging and communicating data multi-directionally, consistently, effectively, and accurately with different systems of medication, in addition to the systems that fall in the non-medication category, and, much significantly, be capable of using the information, which has been exchanged (Siska, 2006). This paper identifies the inherent risks associated with the pharmacy (mentioned in the case provided) and establishes logical and physical access control methods, which would mitigate the identified risks. Furthermore, the paper analyzes and identifies the potential physical as well as logical threats and vulnerabilities, which require consideration. In addition to this, the paper illustrates the potential impacts of all identified physical threats and vulnerabilities to the pharmacy and the network. Moreover, the paper proposes the strategy for dealing with the risk and develops controls for each of the physical and logical vulnerability and threat.

Discussion and Analysis

Automated information security systems in pharmacy have been in use for a number of years. These have evolved into very complex and sophisticated systems for meeting the numerous needs of pharmacies.

Within a pharmacy, an Information Management System must offer support for the below mentioned activities carried out within the pharmacy:

Billing, Pricing, and Charging;

Connectivity to other systems;

Medication administration;

Intervention Management;

Compounding and manufacturing;

Clinical monitoring;

Reporting (Financial, utilization and Workload);

Purchasing and Inventory management;

Outpatient dispensing, order entry, and management, and

Inpatient dispensing, order entry and management (Troiano, 1999).

In the operations of all businesses risk management is a vital step. Due to the fact that eradicating each threat it not possible, a business would occasionally carry out an analysis of risks for determining their potential exposure and the best ways or strategies for properly managing the risks at a level that is acceptable. The risk management concept is not new-fangled for health care related business, although carrying out an analysis of risks for IT could be difficult. In the year 2008, the CMMS (Centers for Medicaid and Medicare Services) while reporting on the compliance audits that it carried out stated the, “CEs [covered entities] did not understand….. ePHI risks throughout the organization existed” (CMMS, 2008).

A vulnerability assessment's objective is examining systems for each weakness, which can be made use of, and for determining the probabilities of a person attacking each of the identified weakness. A number of vulnerability types, both electronic and physical, are probable. All need to be documented and assessed; managing each of the identified risk linked to the systems' electronic access is arguable if a person can ...