Running Head: Policy Statements
Policy Statements Kevin Corey Western Governors University
Internationally security techniques and standards, such as ISO 17799, establish guidelines
that organizations must implement in order to maintain information security. Information must be protected from those without a readily need to know to perform organizational business functions. Unauthorized access to information can have a detrimental impact on an organization from a legal and operating perspective. One of the primary preventive controls that provide an organization with many operational benefits is continuous log management policies. In addition to helping solve network security related issues, logs…show more content… •
Policy Statements • •
NIST SP 800-53, Provides security and information assurance controls connected to the retention, inspection, and protection of log management records. NIST SP 800-66 helps direct professionals on implementing HIPAA security standards and stresses the need to perform mandatory audit log reviews. The regulation also cites that action documentation of reviews should be maintained for six years.
Information security and HIPAA policies should cover all the necessary access and control measures needed to secure information system resources and deter, shield and protect the organization from security breaches. The scenario demonstrates that the organizations overall information security posture is poor. The HIPAA, remote access and retention policies within the information management division need to be addressed due to the healthcare organizations legal obligation to ensure the privacy of protected information. Security safeguards can be addressed through vigilance and the implementation logical and administrative access controls. Properly administered HIPAA Privacy and remote access policies would not only help alleviate but quickly identify 3 undocumented accounts with global remote access. HIPAA security standards require any user with access to protected health information have a documented need to