Information Security Classification Essay Example for Free

selective entropy Security Classification EssayInformation Security is simply the process of keeping instruction secure protecting its availability, integrity, and privacy (Demopoulos). With the advent of computers, cultivation has increasingly become computer stored. Marketing, sales, finance, production, materials, etc argon various lineaments of assets which be computer stored teaching. A large infirmary is an institution which provides health c ar to patients. They atomic number 18 staffed by doctors, nurses, and attendants. Like any large constitution, a infirmary also has huge amounts of data and data to store.Hospitals assimilate increasingly become automated with computerized systems designed to adjoin its information needs. According to the Washtenaw Community College website, the following types of information are stored in a Hospital affected role information Clinical laboratory, radiology, and patient monitoring Patient census and billing Staffing a nd scheduling Outcomes assessment and eccentric control Pharmacy ordering, prescription handling, and pharmacopoeia information Decision support finance and accounting Supplies, inventory, maintenance, and orders managementVir employments, worms and malware are the most common threats to information security. In computers, a computer virus is a program or programing code that replicates by being copied or initiating its copying to another program, computer boot celestial sphere or document (Harris, 2006). Floppy disks, USB drives, Internet, email are the most common ways a virus spreads from one computer to another. Computer viruses have the potential to damage data, delete files or crash the problematical disk. Many viruses contain bugs which can construct system and operating system crashes. Computer worms are bitchy software applications designed to spread via computer mesh topologys (Mitchell).They also represent a serious threat to information security. Email attach ments or files opened from emails that have executable files attached are the way worms spread. A trojan horse is a network software application designed to remain hidden on an installed computer. Software designed to monitor a persons computer activity surreptitiously and which transmits that information over the internet is known as spy ware (Healan, 2005). Spy ware monitors information using the machine on which it is installed. The information is contractable to the company for advertising purposes or sold to third party clients.Identity theft and data breaches are two of the biggest problems facing Information security managers. Hackers steal Social Security numbers, credit card data, buzzword account numbers and other data to fund their operations. There are other potential threats to the hospital information care power outages, incompetent employees, equipment failure, saboteurs, natural disasters, etc. A large hospital requires an information classification policy to ensu re that information is used in appropriate and proper manner. The use of the information should be consistent with the hospitals policies, guidelines and procedures.It should be in harmony with any state or federal laws. The hospitals information should be classified as follows 1. Restricted 2. surreptitious 3. normal Restricted information is that which can adversely affect the hospital, doctors, nurses, staff members and patients. Its use is restricted to the employees of the hospital only. pay and accounting, supplies, inventory, maintenance, and orders management are restricted information which comes in this category. Confidential information involves data on patients which moldiness be protected at a high level.Patient information, clinical laboratory, radiology, and patient monitoring are some of the information which comes in this category. It can also include information whose disclosure can cause embarrassment or loss of reputation (Taylor, 2004). Public information in cludes data which provides general information astir(predicate) the hospital, its services, facilities and expertise to the public. Security at this level is minimal. This type of information requires no special testimonial or rules for use and may be freely disseminated without potential harm (University of Newcastle, 2007).Information Classification Threat justification Patient information Confidential Disclosure or removal Any disclosure or removal can cause serious consequences to the patient Clinical laboratory, radiology, and patient monitoring Confidential Disclosure or removal Any disclosure or removal can cause serious consequences to the patient Finance and accounting, supplies, inventory, maintenance, and orders management Restricted Loss or destruction Any loss or destruction of this information could be very dangerous for the organization General information about the hospital, its services, facilities and expertise Public number 1 threat Low threat since the infor mation is public. It would affect public relations however.Research Information Confidential Disclosure or removal This is confidential material since its exposure would cause serious consequences for the hospital framing Classification table Information is an asset for the hospital. The above information classification policy defines acceptable use of information. They are based according to the sensitivity of the information.According to the government of Alberta information security guideline, there are four criteria are the basis for deciding the security and access requirements for information assets. These criteria are Integrity information is current, complete and only authorized and accurate changes are made to information Availability authorized users have access to and can use the information when required Confidentiality information is only accessed by authorized individuals, entities or processes and Value intellectual property is protected, as needed.Information securi ty essential adequately offer protection through out the life span of the information. Depending on the security classification, information assets will need unalike types of storage procedures to ensure that the confidentiality, integrity, accessibility, and value of the information are protected. The hospital director must be prudent for the classification, reclassification and declassification of the hospitals information. The information security policy must be updated on a rhythmical basis and published as appropriate.Appropriate training must be provided to data owners, data custodians, network and system administrators, and users. The information security policy must also include a virus legal community policy, intrusion detection policy and access control policy. A virus prevention policy would include the installation of a licensed anti virus software on workstations and servers. The headers of emails would also be scanned by the anti virus software to prevent the spre ad of malicious programs like viruses. Intrusion detection systems must be installed on workstations and servers with critical, restricted and confidential data.There must be a weekly survey of logs to monitor the number of login attempts made by users. Server, firewall, and critical system logs should be reviewed frequently. Where possible, automated review should be enabled and alerts should be transmitted to the administrator when a serious security intrusion is detected. Access to the network and servers and systems should be achieved by individual and unique logins, and should require authentication. Authentication includes the use of passwords, smart cards, biometrics, or other recognized forms of authentication.This policy is the access control policy. It prevents unauthorized access to critical data. A large hospital like any organization today uses computers to store its information. The classification of its data is a very important finale to protect it from threats lik e viruses, Trojans, worms, spy ware, ad ware and hackers. Natural disasters and incompetent employees are another type of threats to the hospitals data. A proper information security policy can protect the organizations critical data from any external or internal threat.BibliographyAllen, Julia H. (2001). The CERT Guide to System and internet Security Practices. Boston, MA Addison-Wesley. 0-201-73723-X. Krutz, Ronald L. Russell Dean Vines (2003). The CISSP Prep Guide, Gold Edition, Indianapolis, IN Wiley. 0-471-26802-X. Layton, Timothy P. (2007). Information Security Design, Implementation, Measurement, and Compliance. Boca Raton, FL Auerbach publications. 978-0-8493-7087-8. McNab, Chris (2004). meshwork Security Assessment. Sebastopol, CA OReilly. 0-596-00611-X. Peltier, Thomas R. (2001). Information Security Risk Analysis. Boca Raton, FL Auerbach publications. 0-8493-0880-1.