IT Security Policy Framework

Superior Essays
IT Security Policy Framework
Darryl E. Gennie
Professor Kevin Jayne
Augusta
CIS 462
26 July 2015
Strayer University

For the healthcare insurance industry it is important to have an Information Security Policy Framework within the organization. This protects information that is accessed across the network by staff personnel and patients. ISO 27000 includes a series of international standards that provide a model for establishing, operating, maintaining, and improving an Information Security Management System (ISMS). ISO 27001 provides specific best practices for ISMS, which incorporate the information security requirements of many other regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley
…show more content…
The user domain refers to any end user accessing information in any form (Johnson, 2011). A good way to ensure that your users are aware of all policies and practices is to provide training when they are hired. This training should address the acceptable use policy, e-mail policy, privacy policy and the system access policy (Johnson, 2011). Workstation domain is defined as any device that an end user utilizes to access information (Johnson, 2011). There should be some type of software management system that addresses inventory management, discovery management, patch management, helpdesk management, log management, and security management. This software is able to effectively manage access of who, what, where, and when on the network as well as provide support to users and provide security updates regularly (Johnson, …show more content…
It may include all or a combination of a hub, switch, router and firewall. A business LAN is much more complicated than a home LAN. They have either a flat network or a segmented network. In a flat network, there are few if any, controls to limit network traffic. When workstations connect to flat networks, they can see and attempt to connect to any other device on the network. These networks are considered to be the least secure. A segmented network limits the way in which computers can communicate with each other. By utilizing switches, firewalls, routers and other devices, network traffic can be restricted. This enables the ability to eliminate the number of threats to the network (Johnson, 2011). LAN-to-WAN is defined as the bridge between a LAN and a WAN. A LAN is utilized for connecting computers within offices or groups of building, while a WAN is used for connecting computers across the country or globally. It is essential to utilize firewalls on a WAN (Johnson,

Related Documents

  • Improved Essays

    Business objectives in creation of establishing IT policies may have certain goals and an objective which serves as stepping stones for great accomplish. The hallmark of every successful safety and health program is top management’s active and aggressive commitment. Company that is successful in meeting goals and objectives can attract more investors or shareholders. Company’s statistics help gauge their success against competitors. Employees are provided to have freedom to carry out their job and make decision with defined boundaries.…

    • 723 Words
    • 3 Pages
    Improved Essays
  • Great Essays

    Nt1330 Unit 3 Assignment 1

    • 1044 Words
    • 5 Pages

    Additionally, when remote workers are employed by organizations it is important to provide the employee with a secure connection to the network and server. By using a VPN, the establishment of a safe connection can ensue. For example, when buying locks to keep homes or businesses safe there is a different key for every lock. This means like keys; the VPN establishes a secure connection that does not allow for intrusions to occur by using the Internet (Stewart 19). The remote connection is established by using a tunneling protocol which adds security by encrypting data.…

    • 1044 Words
    • 5 Pages
    Great Essays
  • Superior Essays

    Introduction The current information technology (IT) infrastructure consists of a mix of 2008 and 2008 R2 servers, with two legacy Windows 2000 servers, and four Windows Server 2012. In addition to the Windows server environment, the network consists of routers, switches, and security appliances, such as firewalls. The environment also consists of important services to ensure the security, and stability of the network.…

    • 922 Words
    • 4 Pages
    Superior Essays
  • Improved Essays

    VPNs are most often used by corporations to protect sensitive data being compromised by hackers. ¥ 1.4 Firewalls A firewall is a network security system, either hardware- or software-based, that uses rules to control incoming and outgoing network traffic. A firewall acts as a barrier between a trusted network and an untrusted network.…

    • 611 Words
    • 3 Pages
    Improved Essays
  • Decent Essays

    Information security policy is to protect the data and assets. We can apply policies to the users. What to access and what not to access. These security policies can protect the networks, computers, applications of the company.…

    • 342 Words
    • 2 Pages
    Decent Essays
  • Improved Essays

    Nt1310 Unit 3 Case Study

    • 835 Words
    • 4 Pages

    Every business owner should consider the below points before setting up a network and also businesses might get expanded or changed in future. Long term investments should be considered here for future growth as well. So we should have a proper planning before we establish. Number of Users – Number of network users, printers, scanners, servers, data centers and security measures. Types of Equipment – Highly sophisticated equipment that should be capable of handling large networks and flexibility for expanding the networks for future purpose.…

    • 835 Words
    • 4 Pages
    Improved Essays
  • Decent Essays

    Upon determining what should be in the intranet, what risk is the organization willing to tolerate should be tackled. An assessment of the privacy controls and security controls can be determined by using NIST Special Publication 800-53A: Assessing Security and Privacy Controls in Federal Information Systems and Organizations, Building Effective Assessment Plans as a guide along with NIST Special Publication 800-30, Rev-1, Guide for Conducting Risk Assessments (NIST SP 30-1, 800-53A). To truly understand this publication is prohibitive to fully explain; however, this step is critical and will impact your intranet dramatically. To simplify: you cannot always have the risk metric you desired because by doing so would make your system so slow and unusable you could not accomplish much.…

    • 428 Words
    • 2 Pages
    Decent Essays
  • Improved Essays

    List the classification of network in detail according to the area covered. Also explain each classification of network in detail with its application. LAN – (Local Area Network) A LAN is a network that covers a relatively small area. It is a network that mostly links computers within a single building.…

    • 546 Words
    • 3 Pages
    Improved Essays
  • Great Essays

    Itc431 Unit 1 Assignment

    • 1697 Words
    • 7 Pages

    Assignment 2 ITC431 - Networks and Communications Sidharth Arangadan House Jayarajan 11538368 1 1. Define and explain the following terminologies:  Computer networks: A computer network is a group of computer systems or other hardware computing devices which are linked together through a channel called communication channel to establishing communication between wide number of users and also for resource sharing between them.  Personal area networks (PANs): A personal area system - PAN - is a machine system sorted out around a distinctive individual.…

    • 1697 Words
    • 7 Pages
    Great Essays
  • Improved Essays

    From physical security to device security applications our network will be protected against both internal and external threats. The above mentioned architecture will step data through a variety of security configurations which will methodically mitigate the top four possible security threats. Additional support from the ISP may also be required when confronting DOS attacks as may attempt to overload security appliances. This will be mitigated by our multiple ISP connection but we must include information about DOS attacks in our service agreement with the ISP. Our network will prove to be more secure than other WWTC branches and will most likely become the security standard across the…

    • 707 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    This means that because the mesh network will go through all possible nodes to reach the destination, even if the most efficient route is corrupted, the mesh network will allow user to find different routes to the destination. Although the Mesh network topology makes it easy to classify faults and determine where they are, because of the size of the mesh topology it can be costly due to cabling of the mesh network, making the cost and instalment cost very high. Because the mesh network is very complex and most suited for big businesses/ or the internet itself controlling the mesh network can be extremely…

    • 2216 Words
    • 9 Pages
    Improved Essays
  • Decent Essays

    There are 7 different types of networks that you could work with, such as A LAN network (Local Area Network) or WAN network (Wide area network) those are the two most commonly used networks. The other included seven types are; • LAN (Local area network) this network is one that operates over and is limited to a relatively small area such as a school or office building. • WAN (Wide area network)…

    • 673 Words
    • 3 Pages
    Decent Essays
  • Superior Essays

    HIPAA Security and Privacy: Cases and Scenarios Brittany Stewart Herzing University Dr. Gary J. Hanney Abstract HIPAA security and privacy is an important aspect of healthcare delivery. Government influences greatly how legal issues are addressed in healthcare, including non-governmental entities. This essay will explain how the HIPAA privacy rule should be applied appropriately with protected health information.…

    • 945 Words
    • 4 Pages
    Superior Essays
  • Improved Essays

    IT security threats and cryptography 7/A. P1: Explain the different security threats that can affect the IT systems of originations. 7/A.M1: Assess the impact that IT security threats can have on organization's IT systems and business whilst taking account of the principles of information security and legal requirements In today's society data is a very valuable thing companies have to take in to account how to protect that data from the threats, Threats is a way in which the data is vulnerable and therefore rules and regulations have been put in place to stop these potential threats for example all will have adhere to the principles of information security this is a way in which data is protected, I have been working for a start-up company…

    • 1332 Words
    • 6 Pages
    Improved Essays
  • Improved Essays

    Nt1210 Unit 3 Assignment

    • 1204 Words
    • 5 Pages

    There are 3 (three) kinds of topology; Bus, Star and Ring topology for sharing data through computers. A Bus topology, also known as a line topology, is a network setup where each computer and network device are connected to a single cable. It is useful in small office networks since it uses less cable which is kind of advantage. But there is a very big disadvantage in using Bus topology which is if any of the segment in the network collapse it will also turn down all the other transmissions as well. In Figure 1 it shows a diagram of Bus…

    • 1204 Words
    • 5 Pages
    Improved Essays