The measures that the Information Security Division should take to prevent all staff members of NTN from handling information unethically (Week 5)
It is very necessary for an organisation to handle the different information of the patients effectively. This can be possible only when the particular organisation like NTN should follow all the necessary steps that can be used for handling information ethically (Parsons, et. al., 2014).
A proper code of ethics should be followed by the organisation so that the staff member of this organisation will not be able to do unethical works that can be accomplished in information handling of the different patients of this organisation. A suspension of the membership of the particular employee can be taken into action by the organisation if proper code of conduct for ethics is not followed by the employee of the organisation. The governing bodies should also check that the necessary code of ethics is being followed in the organisation or not. There should be proper guidelines that can be set by the particular organisation for themselves for handling a particular type of data (Safa, et. al., 2016). This will result in non breaking of the data by the organisation. This will be beneficial for the employees of the organisation to follow kind of ethical behaviour that is necessary for the particular organisation like NTN.
All the Intellectual Property Rights can be followed by the organisation so that there will not be the breaching of the important of the particular patient of this organisation. It is the accountability of this organisation if the medical information of the particular patient is leaked from this Nursing Home side. Therefore it is very necessary to make the employees accountable to the patient’s bye not to preaching the important information about the patients.
Employees of this organisation should be made aware about the deliberate and the accidental threat that can be possible in the organisation. The deliberate threat is accomplished by the employee of the organisation to the important information that is stored in the database of the organisation. Therefore it is very necessary to make the employees that it is also their organisation so they should not breach the important information of the organisation (Ab Rahman & Choo, 2015).
Each and every patient is having a legal right off the data privacy. There is different type of new employees that used to join the organisation. Many of the employees of the organisation are unaware about different threads and the information breaches that used to accomplish in such type of organisation. In the favour of some small amount of money they used to Breach information which can be a dangerous for any patient life. Therefore proper training in this regards is also necessary for the new employees (Ab Rahman & Choo, 2015). All the employees should be aware about the data privacy act for the patience of this organisation. This will be very useful in handling the important information of the patients. Therefore these are the suggested ways that can be accomplished by the employees of the organisation collectively with their organisation so that the effective heading of the information can be accomplished in the ethical manners and there will not a bitter situation of unethical thing in the organisation.
Components of InfoSec programs that you found (Week 6)
There can be different type of components that can be used for the management of effective information in a secure manner. The employment of the firewall can be accomplished so that they agree not with them leakage of information. There will not be the situation in which a bug that can be created for the important information that is stored in the database of this organisation. The intrusion prevention System Solution should also be accomplished by this organisation so that there will not be the situation of data leak (AlHogail, 2015). The latest bug fixes can be implemented and with interval it can be properly updated so that there cannot be the situation in which malicious activity can be possible to the database of this organisation. The up to date virus security software is maintained well by this organisation. If there is the situation in which software is being maintained by third party then there should be monitoring of the different activities should be accomplished by this organisation. This will be helpful in securing the important information and data of this organisation in the effective and easy manner.
A process of critical server vulnerability should also be accomplished in which scanning can be processed off the data. This will be very beneficial for this organisation to implement the component of information security for this organisation. There are different type of third party application that is necessary to use such as Adobe, Java and flash (AlHogail, 2015). Therefore a proper check on such type of application should also be accomplished by this organisation.
There is different type of common and Critical vulnerabilities can be possible in the data. This becomes a hurdle in the path of information security. therefore it is very necessary to implement an ongoing server hardening so that there will not be accomplished of such type of vulnerability at the time of information security and data processing of the important data that is stored in the database of this organisation (Ahmad, et. al., 2014).
Hosted DNS solution can also be accomplished so that there will not be the information breach and any threat that can be possible to the data. This is the component of information security that can be accomplished for the effective data storing of the organisation (Kolkowska & Dhillon, 2013). This will be helpful in detecting the different manner downloads that used to be possible in the database of this organisation that is NTN.
National and/or international InfoSec standards that these organisations follow (Week 7)
There are different types of standards that can be followed in managing the important information of the patience of NTN. In the Australian information security standard is set for the development of SOP so that there will not information breach of the important documents that are stored in the database of the different organisations. The principle on which the Australian information security standard works on is to manage and lead the different activities related to system operations that are accomplished in the particular organisation. This is called ITSM SOP.
Developing the SEO and hardening the SEO configuration is also very necessary to implement by this organisation which is having the important information of the patients (McIlwraith, 2016). Hardening of the SEO configuration results in not breaching of the important information that this organisation is sustaining. Hardening of the application configuration is also accomplished within this standard.
At the international level there are different types of standard that are implemented to secure the important information. These standards help in improving the information security in the effective manner. ISO/IEC 27001 is the standard that is accomplished to develop, painting and improves the information system that is necessary to secure the important data of the particular organisation. With the help of this standard planning, doing, checking and acting practices for the information security can be implemented as guidelines.
ISO 27002 standard provide the guidelines over the risk assessment and treatment of that particular information. The security policies at the international level are also provided in the form of guidelines under this policy. Organisation of the information security can be accomplished with the help of this is standard. The Asset Management can also be accomplished with the help of this is standard. The human resource security can be implemented with the help of this is standard. The axis and control to the important information regarding guideline is also provided under this standard. It is very necessary to do the acquisition of information that is with the particular organisation. There for the system acquisition can also be accomplished with the help of this is standard for the information. Therefore the development of the information can also be accomplished in the form by which the information can be used by concerning authorities that need the particular data from the information (Dreyer & Stang, 2013). The maintenance of the important information can also be accomplished with the help of this standard.
Standard to assist in the different plan is associated with the particular information. ISO/IEC 17799 provides the different type of techniques by which the management of the information security system can be accomplished in the affected and easy manner.
FIPS PUB 199 is the standard that provides important methods of information security that can be implemented by the different type of organisation according to their organisational work and organisational system (Information Security System, 2018). It is the federal information processing standards Publication that used to provide important type of methods to the different organisation.
- Ab Rahman, N. H., & Choo, K. K. R. (2015). A survey of information security incident handling in the cloud. Computers & Security, 49, 45-69.
- Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), 357-370.
- AlHogail, A. (2015). Design and validation of information security culture framework. Computers in Human Behavior, 49, 567-575.
- Dreyer, I., & Stang, G. (2013). Foresight in governments–practices and trends around the world. Yearbook of European Security YES, 7-32.
- Information Security System. (2018). Introduction to International Standards Organization Security Standards. [Online] Information Security System. Available at: http://www.infosectoday.com/Articles/27001.htm. [Accessed: 15 August 2018]
- Kolkowska, E., & Dhillon, G. (2013). Organizational power and information security rule compliance. Computers & Security, 33, 3-11.
- McIlwraith, A. (2016). Information security and employee behaviour: how to reduce risk through employee education, training and awareness. Routledge.
- Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Computers & Security, 42, 165-176.
- Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82.