Essay on Implemention Plan

1384 Words6 Pages
Health Body Wellness Center ISMS Implementation Plan The Health Body Wellness Center has two basic core business objectives: 1. To make improvements of medical grants utilizing research that is federally funded. 2. Distribute a variety of medical grants to mostly small hospitals The HBWC will be implementing an ISMS plan to facilitate these business objectives in a more secure manner. Incorporating an ISMS plan will allow executive level employees the ability to determine problem areas in the organization’s infrastructure that could be preventing the Health Body Wellness Center from providing as much support for small hospitals as possible. The ISMS plan will also ensure that the financial information passed between hospitals is kept…show more content…
There are multiple security holes present that need to be addressed in order to deploy the new SHGTS system. The Healthy Body Wellness Center should immediately consider how they will meet the standards of the traditional view of the information security industry which will include the three cornerstones of information security: confidentiality, integrity, and availability, also known as the CIA of information security (Arnason and Willet 2007) The HWBC will need to have some processes immediately established that will help control the information and limit the amount of access that people will have to it. The first thing that the HWBC will need to remember is that security is a process, not the end goal (Arnason and Willet 2007). When an efficient ISMS is in place, management will be able to monitor protocols and control security while reducing business risks. Probably the main issue that the HWBC will need to address is access control. Currently there are no sign in logs for visitors into the computer room at the center. There needs to be some sort of access control to allow visitors entry that have provided verified contact information such as who they are, numbers address, etc. should an event happen and the organization needs to get a hold of the visitor. Also this will allow for proper logging of user activity. Secondly, administrative passwords should not only be changed periodically, they
Open Document