Information Security Classification Essay

Information Security is simply the process of keeping selective culture effective cherishing its availability, integrity, and privacy (Demopoulos). With the advent of calculators, knowledge has increasingly become computer stored. Marketing, sales, finance, production, veridicals, etc are various types of assets which are computer stored selective teaching. A large infirmary is an institution which provides health care to long-sufferings. They are staffed by doctors, nurses, and attendants. Like all large governance, a infirmary excessively has huge amounts of randomness and culture to store.Hospitals concur increasingly become automated with computerized dusts designed to meet its discipline needs. According to the Washtenaw Community College website, the following types of breeding are stored in a Hospital tolerant information Clinical laboratory, radiology, and patient monitoring Patient census and billing Staffing and scheduling Outcomes assessment and q uality control pharmacy ordering, prescription handling, and pharmacopoeia information Decision support pay and accounting Supplies, inventory, maintenance, and orders perplexityViruses, worms and malproduct are the most usual panics to information security. In computers, a computer virus is a program or programming code that replicates by world copied or initiating its copying to an otherwise program, computer boot celestial sphere or document (Harris, 2006). Floppy disks, USB drives, Internet, email are the most common ways a virus turn outs from one computer to another. computing device viruses have the potential to damage data, delete files or crash the hard disk. me actually viruses contain bugs which can cause system and operating system crashes. Computer worms are malicious software applications designed to spread via computer communicates (Mitchell).They to a fault represent a serious threat to information security. Email attachments or files opened from email s that have execu confuse files attached are the way worms spread. A Trojan is a network software application designed to outride hidden on an installed computer. Software designed to monitor a individuals computer activity surreptitiously and which transmits that information over the lucre is known as spy ware (Healan, 2005). Spy ware monitors information using the machine on which it is installed. The information is transmitted to the comp some(prenominal) for advertizement purposes or sold to third party clients.Identity theft and data breaches are two of the biggest problems facing Information security managers. Hackers steal mixer Security numbers, credit card data, bank account numbers and other data to fund their operations. There are other potential threats to the hospital information like power outages, incompetent employees, equipment failure, saboteurs, natural disasters, etc. A large hospital requires an information classification policy to retard that information is used in appropriate and proper manner. The use of the information should be consistent with the hospitals policies, guidelines and procedures.It should be in harmony with any state or federal laws. The hospitals information should be classified as follows 1. Restricted 2. orphic 3. Public Restricted information is that which can adversely affect the hospital, doctors, nurses, staff members and patients. Its use is restricted to the employees of the hospital only. Finance and accounting, supplies, inventory, maintenance, and orders management are restricted information which comes in this category. Confidential information embroils data on patients which must(prenominal) be protected at a high level.Patient information, clinical laboratory, radiology, and patient monitoring are some of the information which comes in this category. It can also include information whose manifestation can cause embarrassment or neediness of paper (Taylor, 2004). Public information includes dat a which provides general information about the hospital, its services, facilities and expertise to the public. Security at this level is minimal. This type of information requires no particular(prenominal) protection or rules for use and may be freely disseminated without potential harm (University of Newcastle, 2007).Information Classification Threat Justification Patient information Confidential Disclosure or removal Any disclosure or removal can cause serious consequences to the patient Clinical laboratory, radiology, and patient monitoring Confidential Disclosure or removal Any disclosure or removal can cause serious consequences to the patient Finance and accounting, supplies, inventory, maintenance, and orders management Restricted Loss or destruction Any loss or destruction of this information could be very dangerous for the organization General information about the hospital, its services, facilities and expertise Public Low threat Low threat since the information is publi c. It would affect public relations however. look for Information Confidential Disclosure or removal This is confidential material since its exposure would cause serious consequences for the hospital Figure Classification table Information is an asset for the hospital. The above information classification policy defines welcome use of information. They are based according to the sensitivity of the information.According to the political sympathies of Alberta information security guideline, there are four criteria are the tush for deciding the security and inlet requirements for information assets. These criteria are Integrity information is current, complete and only authorized and accurate changes are made to information Availability authorized users have access to and can use the information when required Confidentiality information is only accessed by authorized individuals, entities or processes and encourage intellectual property is protected, as needed.Information security must adequately offer protection through out the life span of the information. Depending on the security classification, information assets will need different types of storage procedures to ensure that the confidentiality, integrity, accessibility, and value of the information are protected. The hospital director must be responsible for the classification, reclassification and declassification of the hospitals information. The information security policy must be updated on a regular basis and published as appropriate.Appropriate training must be provided to data owners, data custodians, network and system executives, and users. The information security policy must also include a virus prevention policy, intrusion detection policy and access control policy. A virus prevention policy would include the foundation of a licensed anti virus software on workstations and servers. The headers of emails would also be scanned by the anti virus software to prevent the spread of malicious pro grams like viruses. Intrusion detection systems must be installed on workstations and servers with critical, restricted and confidential data.There must be a each week review of logs to monitor the number of login attempts made by users. Server, firewall, and critical system logs should be reviewed frequently. Where possible, automated review should be enabled and alerts should be transmitted to the administrator when a serious security intrusion is detected. Access to the network and servers and systems should be achieved by individual and unique logins, and should require authentication. Authentication includes the use of passwords, offend cards, biometrics, or other recognized forms of authentication.This policy is the access control policy. It prevents unauthorized access to critical data. A large hospital like any organization today uses computers to store its information. The classification of its data is a very important goal to protect it from threats like viruses, Trojan s, worms, spy ware, ad ware and hackers. Natural disasters and incompetent employees are another type of threats to the hospitals data. A proper information security policy can protect the organizations critical data from any external or internal threat.BibliographyAllen, Julia H. (2001). The CERT Guide to System and earnings Security Practices. Boston, MA Addison-Wesley. 0-201-73723-X. Krutz, Ronald L. Russell dean Vines (2003). The CISSP Prep Guide, Gold Edition, Indianapolis, IN Wiley. 0-471-26802-X. Layton, Timothy P. (2007). Information Security Design, Implementation, Measurement, and Compliance. Boca Raton, FL Auerbach publications. 978-0-8493-7087-8. McNab, Chris (2004). Network Security Assessment. Sebastopol, CA OReilly. 0-596-00611-X. Peltier, Thomas R. (2001). Information Security gamble Analysis. Boca Raton, FL Auerbach publications. 0-8493-0880-1.