Risk Analysis In Health Care

Security shall be a high priority requirement. Since this system is intended for a wide range of users, it shall be user-friendly, requiring limited training and assistance.

The analysis of the problem should take a day. At the analysis stage we determine the solution. The solution has been identified as the installation of the access control system. At this stage the system parts are identified; they include input, output, communication devices, power supplies, detection devices, intelligent panels, card readers, lock hardware, the actions and the response of the system in case of violation of the input requirements or failure of the system.

Other physical safeguards that will also be in place include visitor sign-in, proper destruction of electronic media that may contain PHI and 100% shred policy on all paperwork. All contractors that might be working at the hospital will only have access to the part of the facility where their work will be conducted and will escorted at all times while performing their duties.

That part of security concerned with physical measures designed to safeguard personnel, to prevent unauthorized access to equipment, installations, material, and documents and to safeguard them against espionage, sabotage, damage, and theft.

Areas containing sensitive information or equipment should have limited access. The server room and document storage areas are examples of rooms to be designated as high security areas. As such, access to these areas should be limited. Security measures should be implemented to guarantee the security of these areas. These security measures can include locked doors, biometric scanners, magnetic swipe cards entrance logs and any other means designated by the Security Manager.

These are a portion of the controls, for example, physical, regulatory, or specialized that can be implanted to avert, identify, as well as right these assaults and shield our associations from ransomware assaults, and truly, these practices have moved toward becoming standard in the venture.

Administrative access controls “define the human factors of security” (Red Hat, n.d.). An example would be having mandatory training before getting access to a certain room. If you do not complete the training, then you will not have access. Other examples of administrative access controls include personnel registration, recovery plans, and disaster preparedness. Physical access controls are “the implementation of security measures in a defined structure used to deter or prevent unauthorized access to sensitive material “and include restricted access rooms that require a badge, password, or some other special permission to enter (Red Hat, n.d.). An example of this would be not related to computers is a barhop standing at the door making sure only 21+ adults enter. In a computer or business example, this could be only letting the IT guy have access to the data center. He would have either a special card to let him in or he would have to make a phone call and use a special passphrase to be granted access into the otherwise locked room. Technical access controls use “technology as a basis for controlling the access and usage of sensitive data throughout a physical structure and over a network “ (Red Hat, n.d.). They include “tools used for identification, authentication, authorization, and accountability. They are software components that enforce access control measures for systems, programs, process, and information” (Harris, 2012). Technical access controls are

• Security equipment and procedures as they relate to physical security, internal control and the overall protection of guests and assets. • Protection of funds trough effective accounting control procedures ( credit procedures, computer security).

Above all physical security primary concern consist of restricting physical access by unauthorized people and intruders within controlled facilities; although there are other considerations and circumstances in which physical security measures are valuable. For example, limiting access within a facility and/or to specific assets, and environmental controls to reduce physical incidents such as flood and fires. Physical security is not uniquely human and it is also not a modern phenomenon. Whereas the private security industry is described by distinctions based on the proprietary or contractual nature of security departments, type of security provided (physical, information, or employment-related), services provided (e.g., guarding, armored

The organization should make sure that the severs, firewalls and mainframes should be placed in safe and secure area. So the following checklist should cover aspects pertaining to physical security like:

System has powerful logical access management in place, each user must be identified by login id and strict password policy is applied to secure the system

There are some procedures that Organization should follow to protect and maintain the security and integrity of its information systems which include infrastructure and software design, information processing, storage, transmission, retrieval and disposal.

The second area of cyber security that needs to be investigated is how to protect the integrity of the information (Wilson, 2013) on the device when staff are entering

Access control is the next component in hardening the security for this facility. Access control defines who has access to systems, data and dialogue using cryptographic protections (Boyle & Panko, 2013). An Access control system provides three main functions, authorization, authentication and auditing (Boyle & Panko, 2013). It is recommended that a directory server be installed to provide centralized authentication, authorization and auditing services for this facility.

System security comprises of the procurements and approaches received by a system executive to avoid and screen unapproved access, abuse, change, or dissent of a workstation system and system available assets. System security includes the approval of access to information in a system, which is controlled by the system head. Clients pick or are appointed an ID and secret word or other verifying data that permits them get to data and projects inside their power. System security blankets a mixture of machine systems, both open and private, that are utilized as a part of ordinary employments directing transactions and interchanges among organizations, government orgs and people. Systems could be private, for example, inside an organization, and others which may be interested in community. System security is included in associations, endeavors, and different sorts of organizations. It does as its title clarifies: It secures the system, and additionally ensuring and managing operations being carried out. The most well-known and straightforward method for securing a system asset is by relegating it a special name and a comparing watchword.