IT Security Policy Framework
Darryl E. Gennie
Professor Kevin Jayne
Augusta
CIS 462
26 July 2015
Strayer University
For the healthcare insurance industry it is important to have an Information Security Policy Framework within the organization. This protects information that is accessed across the network by staff personnel and patients. ISO 27000 includes a series of international standards that provide a model for establishing, operating, maintaining, and improving an Information Security Management System (ISMS). ISO 27001 provides specific best practices for ISMS, which incorporate the information security requirements of many other regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley …show more content…
The user domain refers to any end user accessing information in any form (Johnson, 2011). A good way to ensure that your users are aware of all policies and practices is to provide training when they are hired. This training should address the acceptable use policy, e-mail policy, privacy policy and the system access policy (Johnson, 2011). Workstation domain is defined as any device that an end user utilizes to access information (Johnson, 2011). There should be some type of software management system that addresses inventory management, discovery management, patch management, helpdesk management, log management, and security management. This software is able to effectively manage access of who, what, where, and when on the network as well as provide support to users and provide security updates regularly (Johnson, …show more content…
It may include all or a combination of a hub, switch, router and firewall. A business LAN is much more complicated than a home LAN. They have either a flat network or a segmented network. In a flat network, there are few if any, controls to limit network traffic. When workstations connect to flat networks, they can see and attempt to connect to any other device on the network. These networks are considered to be the least secure. A segmented network limits the way in which computers can communicate with each other. By utilizing switches, firewalls, routers and other devices, network traffic can be restricted. This enables the ability to eliminate the number of threats to the network (Johnson, 2011). LAN-to-WAN is defined as the bridge between a LAN and a WAN. A LAN is utilized for connecting computers within offices or groups of building, while a WAN is used for connecting computers across the country or globally. It is essential to utilize firewalls on a WAN (Johnson,
Darryl E. Gennie
Professor Kevin Jayne
Augusta
CIS 462
26 July 2015
Strayer University
For the healthcare insurance industry it is important to have an Information Security Policy Framework within the organization. This protects information that is accessed across the network by staff personnel and patients. ISO 27000 includes a series of international standards that provide a model for establishing, operating, maintaining, and improving an Information Security Management System (ISMS). ISO 27001 provides specific best practices for ISMS, which incorporate the information security requirements of many other regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley …show more content…
The user domain refers to any end user accessing information in any form (Johnson, 2011). A good way to ensure that your users are aware of all policies and practices is to provide training when they are hired. This training should address the acceptable use policy, e-mail policy, privacy policy and the system access policy (Johnson, 2011). Workstation domain is defined as any device that an end user utilizes to access information (Johnson, 2011). There should be some type of software management system that addresses inventory management, discovery management, patch management, helpdesk management, log management, and security management. This software is able to effectively manage access of who, what, where, and when on the network as well as provide support to users and provide security updates regularly (Johnson, …show more content…
It may include all or a combination of a hub, switch, router and firewall. A business LAN is much more complicated than a home LAN. They have either a flat network or a segmented network. In a flat network, there are few if any, controls to limit network traffic. When workstations connect to flat networks, they can see and attempt to connect to any other device on the network. These networks are considered to be the least secure. A segmented network limits the way in which computers can communicate with each other. By utilizing switches, firewalls, routers and other devices, network traffic can be restricted. This enables the ability to eliminate the number of threats to the network (Johnson, 2011). LAN-to-WAN is defined as the bridge between a LAN and a WAN. A LAN is utilized for connecting computers within offices or groups of building, while a WAN is used for connecting computers across the country or globally. It is essential to utilize firewalls on a WAN (Johnson,