Tft2 - Heart Healthy Task 1 Essays

1517 Words Feb 3rd, 2013 7 Pages
Heart Healthy Information Security Policy

Due to personnel, policy and system changes, and audits, Heart Healthy has voluntarily updated their information security policy to be in-line with the current information security laws and regulations. Currently Heart-Healthy Insurance, a large insurance company, plans to review and provide recommendations for an updated information security policy in the area ‘s of: 1. Current New Users Policy – The current new user section of the policy states: “New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is
…show more content…
* If a password has been compromised, the password expiration will help to limit the time the cracker / hacker has access to Heart-Healthy’s internal networking system.

Heart-Healthy has embarked on a path to bring their information security posture regarding “Password Requirements” and “New Users” up-to-date. Heart-Healthy has used NIST (National Institute of Standards) and HIPAA ( Health Insurance Portability and Accounting Act) regulations in order to achieve their goal of providing the CIA (Confidentiality, Integrity, Authorization) triad for information security. The federal government has implemented a number of laws and regulations that pertain to the handling, reviewing and compliance assurance of private or confidential data. With respect to NIST, and HIPAA; although they do not specifically outline the methods in these documents, Heart-Healthy is obligated to make an attempt to implement reasonable standards in order to meet the current legal obligations outlined by these laws and regulations.

Heart-Healthy will focus on three main categories for their security posture: Physical, Technical, Administrative, * Physical Security - Heart-Healthy has designed their physical security around protecting computer systems that store confidential data. * Technical Security – Heart-Healthy has implemented software and security safeguards designed specifically to ensure access is controlled, and the integrity

Related Documents