Security and As-is Question Set

787 WordsSep 30, 20144 Pages
Health Body Wellness Center As-Is Question Set File:FYT2_Task 3 By Thomas A. Groshong Sr Page 1 of 3 Health Body Wellness Center (HBWC) promotes medical research, evaluation, and sharing of information between health care professionals. The HBWC’s Office of Grants Giveaway (OGG) provides for the distribution of federally supported medical grants. OGG uses a Microsoft Access database program called Small Hospital Tracking System (SHGTS) to manage the medical grant distribution process. A risk assessment of SHGTS was conducted to evaluate vulnerabilities and establish a baseline of potential threats. HBWC has not provided a written Information Security (IS) policy that can be reviewed at this time. Additional As-Is questions (2) are…show more content…
Resources allocation, and risk assessments must be managed as part of the SM program. (Arnason, S, & Willett, K.D. 2008) • Prevention: Policies to prevent compromise and the review of mean time between failure (MTBF) requirements are covered under the prevention category. The review of qualified personnel, serviced information technologies, and maintenance tasks are established and reviewed. Prevention covers the tracking, trending, and reporting of IT systems performance. (Arnason, S, & Willett, K.D. 2008) Both Security Management and Prevention are categories that should be included in any review or audit process of IT systems. SM reviews how security is managed from the top down. The how and if management supports the ISMS program is identified. The overall management of the company and how services are provided are essential. Prevention looks at the performance and maintenance of IT systems and the reporting of these processes. It is extremely important to have these categories as part of the ISMS process and any review of these processes. Health Body Wellness Center As-Is Question Set File:FYT2_Task 3 By Thomas A. Groshong Sr Page 3 of 3 Reference Page Arnason, S, & Willett, K.D. (2008). How to achieve 27001 certification an example of applied compliance. New Auerbach Publications. Tipton, H, & Henry, K. (2007). Official (ISC)2 guide to the CISSP CBK. Boca Raton, FL: Auerbach
Open Document