Information Security Classification Essay

instruction aegis is simply the process of keeping teaching secure nourishing its availability, integrity, and privacy (Demopoulos). With the orgasm of computing devices, education has increasingly go away ready reck bingler stored. Marketing, sales, finance, production, poppycocks, etc argon various references of assets which atomic number 18 computer stored learning. A large infirmary is an origin which provides health cargon to forbearings. They argon staffed by doctors, nurses, and attendants. Like every large organization, a infirmary in like manner has huge amounts of selective fostering and study to store.infirmarys have increasingly become automated with computerized arrangings intentional to meet its knowledge needs. gibe to the Washtenaw Community College website, the following types of randomness are stored in a Hospital affected role role discipline Clinical laboratory, radiology, and patient observe Patient census and electric charge Staff ing and scheduling Outcomes assessment and quality dominate Pharmacy ordering, prescription handling, and pharmacopoeia information finale support Finance and greenbacking Supplies, inventory, maintenance, and orders attentionVir functions, worms and malware are the most harsh flagellums to information security system. In computers, a virus is a program or programming principle that replicates by being copied or initiating its copying to an new(prenominal) program, computer bang sector or document (Harris, 2006). diskette disks, USB drives, Internet, email are the most common ways a virus disseminations from one computer to another. Computer vir go fors have the latent to damage selective information, delete files or hit the hard disk. Many vir parts contain bugs which squirt cause system and operating system crashes. Computer worms are malicious bundle applications designed to spread via computer networks (Mitchell).They besides represent a expert flagellum t o information security. Email attachments or files assailable from emails that have executable files attached are the way worms spread. A Trojan is a network software application designed to remain hidden on an installed computer. computer software designed to supervise a psyches computer activity surreptitiously and which transmits that information over the internet is cognize as shop ware (Healan, 2005). give away ware monitors information using the forge on which it is installed. The information is transmitted to the confederacy for advertising purposes or sold to deuce-ace party clients.Identity theft and entropy breaches are two of the biggest problems facing selective information security managers. Hackers steal Social credential numbers, credit card information, bank account numbers and other data to inventory their operations. There are other say-so threats to the infirmary information like creator outages, bungling employees, equipment failure, saboteurs, natural disasters, etc. A large hospital requires an information variety constitution to ensure that information is utilize in appropriate and proper manner. The use of the information should be consistent with the hospitals policies, guidelines and procedures.It should be in amity with any state or federal laws. The hospitals information should be classified as follows 1. Restricted 2. hidden 3. overt Restricted information is that which bunghole adversely affect the hospital, doctors, nurses, staff members and patients. Its use is curtail to the employees of the hospital merely. Finance and accounting, supplies, inventory, maintenance, and orders guidance are restricted information which comes in this category. Confidential information take ons data on patients which must be protected at a high level.Patient information, clinical laboratory, radiology, and patient monitoring are whatsoever of the information which comes in this category. It domiciliate also include information whose disclosure can cause embarrassment or expiry of reputation (Taylor, 2004). Public information includes data which provides general information about the hospital, its services, facilities and expertise to the public. credential at this level is minimal. This type of information requires no special security system or rules for use and may be freely disseminated without potential harm (University of Newcastle, 2007). reading Classification Threat Justification Patient information Confidential revelation or remotion Any disclosure or remotion can cause serious consequences to the patient Clinical laboratory, radiology, and patient monitoring Confidential Disclosure or removal Any disclosure or removal can cause serious consequences to the patient Finance and accounting, supplies, inventory, maintenance, and orders management Restricted release or destruction Any detriment or destruction of this information could be very dangerous for the organization general in formation about the hospital, its services, facilities and expertise Public Low threat Low threat since the information is public. It would affect public dealings however.Research info Confidential Disclosure or removal This is confidential material since its exposure would cause serious consequences for the hospital Figure Classification table Information is an asset for the hospital. The above information sort policy defines acceptable use of information. They are based according to the sensitivity of the information.According to the government of Alberta information security guideline, in that respect are four criteria are the stand for deciding the security and access requirements for information assets. These criteria are Integrity information is current, make do and only authorize and accurate changes are made to information Availability authorized users have access to and can use the information when required Confidentiality information is only accessed by authorized i ndividuals, entities or processes and revalue intellectual property is protected, as needed.Information security must adequately can protection through out the feel span of the information. Depending on the security salmagundi, information assets will need different types of transshipment center procedures to ensure that the confidentiality, integrity, accessibility, and value of the information are protected. The hospital director must be responsible for the classification, reclassification and declassification of the hospitals information. The information security policy must be updated on a regular dry land and published as appropriate.Appropriate training must be provided to data owners, data custodians, network and system decision makers, and users. The information security policy must also include a virus prevention policy, impingement detective work policy and access reckon policy. A virus prevention policy would include the installation of a licenced anti virus sof tware on workstations and servers. The headers of emails would also be scanned by the anti virus software to prevent the spread of malicious programs like viruses. Intrusion detection systems must be installed on workstations and servers with captious, restricted and confidential data.There must be a weekly appraise of logs to monitor the number of login attempts made by users. Server, firewall, and critical system logs should be reviewed frequently. Where possible, automated review should be enabled and alerts should be transmitted to the administrator when a serious security onset is detected. Access to the network and servers and systems should be achieved by individual and unique logins, and should require authentication. stylemark includes the use of passwords, smart cards, biometrics, or other recognized forms of authentication.This policy is the access simpleness policy. It prevents unauthorized access to critical data. A large hospital like any organization today uses c omputers to store its information. The classification of its data is a very valuable goal to protect it from threats like viruses, Trojans, worms, spy ware, ad ware and hackers. Natural disasters and incompetent employees are another type of threats to the hospitals data. A proper information security policy can protect the organizations critical data from any external or infixed threat.BibliographyAllen, Julia H. (2001). The CERT Guide to System and Network security measures Practices. Boston, MA Addison-Wesley. 0-201-73723-X. Krutz, Ronald L. Russell Dean Vines (2003). The CISSP Prep Guide, gilt Edition, Indianapolis, IN Wiley. 0-471-26802-X. Layton, Timothy P. (2007). Information Security Design, Implementation, Measurement, and Compliance. Boca Raton, FL Auerbach publications. 978-0-8493-7087-8. McNab, Chris (2004). Network Security Assessment. Sebastopol, CA OReilly. 0-596-00611-X. Peltier, Thomas R. (2001). Information Security jeopardize Analysis. Boca Raton, FL Auerbac h publications. 0-8493-0880-1.