Health Body Wellness Center Essay Sample

Health Body Wellness Center ( HBWC ) promotes medical research. rating. and sharing of information between wellness attention professionals. The HBWC’s Office of Grants Giveaway ( OGG ) provides for the distribution of federally supported medical grants. OGG uses a Microsoft Access database plan called Small Hospital Tracking System ( SHGTS ) to pull off the medical grant distribution procedure. A hazard appraisal of SHGTS was conducted to measure exposures and set up a baseline of possible menaces. HBWC has non provided a written Information Security ( IS ) policy that can be reviewed at this clip. Extra As-Is inquiries ( 2 ) are provided as a usher to measure the companies security position. A. As-Is Question Set

Question
If yes. page figure
If no. justification
Policy
Does a policy that addresses the demand for hazard direction be? Not Provided
No policies were provided for organisation
Is the acceptable hazard position for the organisation included in the policy? Not Provided
No policies were provided for organisation
Does the policy include inside informations about a hazard appraisal?
Not Provided
No policies were provided for organisation
Is there a subdivision in the policy that includes multi-perspectives on hazard including the followers:
• Menace
• Asset
• Vulnerability infinite
• Business impact appraisal
Not Provided
No policies were provided for organisation
Is there a subdivision in the policy that includes describing consequences of hazard appraisals? Not Provided
No policies were provided for organisation
Is there a subdivision in the policy that includes a redress analysis study based on hazard appraisals ( i. e. . how to cut down hazard or increase security position ) ? Not Provided
No policies were provided for organisation
Procedures
Is there a process in being that describes how to implement and implement hazard direction policies? Not Provided
No policies were provided for organisation
Does the process include a comprehensiveness of range? Does the comprehensiveness of range include the followers:
• Menace
• Asset
• Vulnerability infinite
Not Provided
No policies were provided for organisation
Health Body Wellness Center
As-Is Question Set
File: FYT2_Task 3
By Thomas A. Groshong Sr
Page 2 of 3
• Business impact appraisal
Does the process include deepness of range? Does the deepness of range include the followers:
• Interviews ( inquiring )
• Verification ( seeing )
• Validation ( hands-on )
Not Provided
No policies were provided for organisation
Practice
Does the organisation pattern the processs described above? Not Provided
No policies were provided for organisation
B. Develop two extra inquiry classs for the “As-Is Question Set”
1. Security Management ( SM ) :
2. Prevention:
B1. Justification
The two extra classs that have been selected above should be included in the “As-Is Question Set” . These classs cover of import subjects that should be covered during any appraisal or audit procedure. Security Management and Prevention are both ISO 27001 classs and are established industrial best patterns for Information Security ( IS ) . The creative activity and care of an Information Security Management System ( ISMS ) are covered in ISO 27002. ( Arnason. S. & A ; Willett. K. D. 2008 ) A treatment of each class is covered below.

ALSO READ  The Vidsoft Triangle Essay Sample

• Security Management: This class covers executive backup and direction support for the companies IS policy. Articulation of security aims. and holding a formal IS procedure are indispensable to the ISMS procedure. The constitution of clear security functions. duty word picture. and reappraisal of security consciousness policies are must be established and reviewed. Resources allotment. and hazard appraisals must be managed as portion of the SM plan. ( Arnason. S. & A ; Willett. K. D. 2008 )

• Prevention: Policies to forestall via media and the reappraisal of average clip between failure ( MTBF ) demands are covered under the bar class. The reappraisal of qualified forces. serviced information engineerings. and care undertakings are established and reviewed. Prevention covers the trailing. swerving. and coverage of IT systems public presentation. ( Arnason. S. & A ; Willett. K. D. 2008 ) Both Security Management and Prevention are classs that should be included in any reappraisal or audit procedure of IT systems. SM reviews how security is managed from the top down. The how and if direction supports the ISMS plan is identified. The overall direction of the company and how services are provided are indispensable. Prevention looks at the public presentation and care of IT systems and the coverage of these procedures. It is highly of import to hold these classs as portion of the ISMS procedure and any reappraisal of these procedures.

Mention Page

Arnason. S. & A ; Willett. K. D. ( 2008 ) . How to accomplish 27001 enfranchisement an illustration of applied conformity. New Auerbach Publications. Tipton. H. & A ; Henry. K. ( 2007 ) . Official ( ISC ) 2 usher to the CISSP CBK. Boca Raton. Florida: Auerbach Publications. Tipton. H. & A ; Krause. M. ( 2007 ) . Information security direction enchiridion. Sixth Edition. Boca Raton. Florida: Auerbach Publications.

ALSO READ  Understand How To Manage A Team Essay Sample