We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

Health Body Wellness Center

essay
The whole doc is available only for registered users

A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteed

Order Now

Health Body Wellness Center (HBWC) promotes medical research, evaluation, and sharing of information between health care professionals. The HBWC’s Office of Grants Giveaway (OGG) provides for the distribution of federally supported medical grants. OGG uses a Microsoft Access database program called Small Hospital Tracking System (SHGTS) to manage the medical grant distribution process. A risk assessment of SHGTS was conducted to evaluate vulnerabilities and establish a baseline of potential threats. HBWC has not provided a written Information Security (IS) policy that can be reviewed at this time. Additional As-Is questions (2) are provided as a guide to assess the companies security posture. A. As-Is Question Set

Question
If yes, page number
If no, justification
Policy
Does a policy that addresses the need for risk management exist? Not Provided
No policies were provided for organization
Is the acceptable risk posture for the organization included in the policy? Not Provided
No policies were provided for organization
Does the policy include details about a risk assessment?
Not Provided
No policies were provided for organization
Is there a section in the policy that includes multi-perspectives on risk including the following:
• Threat
• Asset
• Vulnerability space
• Business impact assessment
Not Provided
No policies were provided for organization
Is there a section in the policy that includes reporting results of risk assessments? Not Provided
No policies were provided for organization
Is there a section in the policy that includes a remediation analysis report based on risk assessments (i.e., how to reduce risk or increase security posture)? Not Provided
No policies were provided for organization
Procedures
Is there a procedure in existence that describes how to implement and enforce risk management policies? Not Provided
No policies were provided for organization
Does the procedure include a breadth of scope? Does the breadth of scope include the following:
• Threat
• Asset
• Vulnerability space
Not Provided
No policies were provided for organization
Health Body Wellness Center
As-Is Question Set
File:FYT2_Task 3
By Thomas A. Groshong Sr
Page 2 of 3
• Business impact assessment
Does the procedure include depth of scope? Does the depth of scope include the following:
• Interviews (asking)
• Verification (seeing)
• Validation (hands-on)
Not Provided
No policies were provided for organization
Practice
Does the organization practice the procedures described above? Not Provided
No policies were provided for organization
B. Develop two additional question categories for the “As-Is Question Set”
1. Security Management (SM):
2. Prevention:
B1. Justification
The two additional categories that have been selected above should be included in the “As-Is Question Set”. These categories cover important topics that should be covered during any assessment or audit process. Security Management and Prevention are both ISO 27001 categories and are established industrial best practices for Information Security (IS). The creation and maintenance of an Information Security Management System (ISMS) are covered in ISO 27002. (Arnason, S, & Willett, K.D. 2008) A discussion of each category is covered below.

• Security Management: This category covers executive backing and management support for the companies IS policy. Articulation of security objectives, and having a formal IS process are essential to the ISMS process. The establishment of clear security roles, responsibility delineation, and review of security awareness policies are must be established and reviewed. Resources allocation, and risk assessments must be managed as part of the SM program. (Arnason, S, & Willett, K.D. 2008)

• Prevention: Policies to prevent compromise and the review of mean time between failure (MTBF) requirements are covered under the prevention category. The review of qualified personnel, serviced information technologies, and maintenance tasks are established and reviewed. Prevention covers the tracking, trending, and reporting of IT systems performance. (Arnason, S, & Willett, K.D. 2008) Both Security Management and Prevention are categories that should be included in any review or audit process of IT systems. SM reviews how security is managed from the top down. The how and if management supports the ISMS program is identified. The overall management of the company and how services are provided are essential. Prevention looks at the performance and maintenance of IT systems and the reporting of these processes. It is extremely important to have these categories as part of the ISMS process and any review of these processes.

Reference Page

Arnason, S, & Willett, K.D. (2008). How to achieve 27001 certification an example of applied compliance. New Auerbach Publications. Tipton, H, & Henry, K. (2007). Official (ISC)2 guide to the CISSP CBK. Boca Raton, FL: Auerbach Publications. Tipton, H, & Krause, M. (2007). Information security management handbook, Sixth Edition. Boca Raton, FL: Auerbach Publications.

Related Topics

We can write a custom essay

According to Your Specific Requirements

Order an essay
icon
300+
Materials Daily
icon
100,000+ Subjects
2000+ Topics
icon
Free Plagiarism
Checker
icon
All Materials
are Cataloged Well

Sorry, but copying text is forbidden on this website. If you need this or any other sample, we can send it to you via email.

By clicking "SEND", you agree to our terms of service and privacy policy. We'll occasionally send you account related and promo emails.
Sorry, but only registered users have full access

How about getting this access
immediately?

Your Answer Is Very Helpful For Us
Thank You A Lot!

logo

Emma Taylor

online

Hi there!
Would you like to get such a paper?
How about getting a customized one?

Can't find What you were Looking for?

Get access to our huge, continuously updated knowledge base

The next update will be in:
14 : 59 : 59