Security Policy Framework

2443 WordsMay 9, 201310 Pages
Information Security Policy Framework Information Security Policy Framework Information Security Policy Framework For the healthcare industry it is important to have an Information Security Policy Framework within the organization to protect information that is accessed across the network by staff personnel and patients. In accordance with ISO/IEC 27799:2008, we begin to define the guidelines to support the interpretation and implementation of healthcare information protection. ISO/IEC 27799:2008 references the basic controls and guidelines of ISO/IEC27002:2005 will provide the minimum protection necessary to meet organizational needs. Healthcare organizations that…show more content…
What defines how you will handle all of these devices? Can personal devices be used or only ones issued from the organization. Your information could be at risk if people are allowed that access to information with proper controls defined by policy. In the System/Access Domain people have the ability to collect and store information on the network from virtually any location. The issue of concern is the safety of the information. Does it contain viruses or malware? The next concern is private information or proprietary information leaving you facility. How can you prevent it? The concept of Data Loss Prevention (DLP) can assist with this process. DLP provides the ability to search policy and procedures to determine what is considered private or confidential information which assists with not allowing that information to be stored in unsafe locations. DLP also provides a perimeter check where data is checked when it is being transmitted to a CD burner. If unsafe information or company information is being passed then DLP has the ability to stop the transfer. One of the biggest challenges for implementing to concepts of security policy framework in the healthcare industry is following the requirements of HIPPA. Under HIPPA regulations there are two principles that must be followed; Standards for the privacy of Individually Identifiable Health Information (HIPPA Privacy rule) and the Security Standards for Individually Identifiable Health
Open Document