Understand the Importance of Information Security
Every organization is unique with its own set of requirements and
concerns and must interpret the HIPAA Security standard in light
of the human, procedural, environmental, technical and cultural
impacts that can occur. The organization's IT assets are exposed
to various threats. It is estimated that more than 70% of the threat
comes from internal sources. Therefore we should start our assessments
from the inside - out.
However, that does not preclude the outside world from being as
equally threatening. The very moment we connect to the Internet,
transmit data, communicate via wireless technology and send an email
-- hackers, former employees, contractors, suppliers, competitors
and customers all become threats to our IT environment.
If you work in a high tech environment, you would hear constant
threats about virus's, worms, hackers and the like. However, if
you are not in high tech, these issues are closely held secrets.
Management is tight lipped about incidents and may push matters
under the carpet due to the fear of losing credibility with clients
or patients. In a competitive environment where IT systems are a
critical component to business operations, one cannot afford to
loose data and have a break down.
Building Awareness Is The Starting Point For A Strong IT Security
Culture
Educating top management on the need for effective Information
Security Management and the possible benefits is crucial for the
success of a project.
What Should We Consider While Implementing The
Standard
Here are 10 elements, which address key areas of Information Security
Management.
1. Information Security Policy for the organization
Do we have one? The policy cannot be a theoretical exercise. It
should reflect the needs of the actual users. It must be something
that can be implemented, easy to understand and must balance the
level of protection with productivity. The policy should cover all
the important areas like personnel, physical, procedural and technical.
2. Creation of information security infrastructure
A management structure needs to be established to initiate, implement
and control information security within the organization. There
needs to be proper procedures for approval of the information security
policy, assignment of the security roles and coordination of security
across the entire organization. This could be a new position - Security
Officer -- or a combined role with the Privacy Officer, depending
on the size and complexity of the organization.
<
Previous Page 1
2 3
4 Next
Page >
|