Essay about Information Security Officer for Small Pharmacy

Decent Essays
As the Information Security Officer (ISO) for a small pharmacy it is my responsibility to ensure both the physical and logical access controls to protect medication and funds that are maintained and located on the premises. In addition my responsibility would include maintaining the privacy of personal information of our customers. The ISO duties can include providing reports to the firm’s management, establishing information security procedures and standards, consulting and recommending to the pharmacy on issues of security enhancement. Potential physical vulnerabilities and threats that require consideration include; not allowing customers in after working hours, only employees will access the premises through the entrance after…show more content…
Also the lack of first aid kits within the pharmacy is also a physical threat. Other physical threats to consider may include; power loss, and an armed attack. Our next step is to identify and analyze any potential logical vulnerabilities and threats that require consideration. Logical risks or threats are those that are likely to affect the information that has to be protected. Most of the logical vulnerabilities and threats are concerned with software or programming errors, technical failures, web site intrusion and social engineering.
Logical security will provide a solution for protecting the information, and the location where the information is stored. This information includes a range of data to include our patient’s personal identifications, to the actual details of the pharmacy’s including its insurance data, patient prescriptions history, and other patient information that could be sensitive if it is exposed to the public The possible failure of communications services, and software or programming errors are also considered vulnerabilities. Additional vulnerabilities can be defects in the equipment, or mishandling of equipment during relocation, or our favorite is accidental spillage of liquids onto desktops or notebook computers. In addition to logical vulnerabilities at our location we need to be aware of logical vulnerabilities on our website. Some of the vulnerabilities on the web site would include the lack of
Get Access