Information Security at Al Nahda Hospital Essay

Information Security at Al Nahda Hospital - Essay Example This is because internet users are potential customers and suppliers, and potential threats, as well. In case information stored in the hospital premises is tampered with, serious, adverse effects may result, because there are so many people who are dependent on this information. It is the responsibility of management to liaise with other departments to protect an organization’s information assets. This report analyses and evaluates information security at Al Nahda Hospital. In this report, the main categories of information assets that may be at risk and have to be protected have been described. The report also appraises the actual and potential threats and vulnerabilities of Al Nahda Hospital’s information assets. The report then formulates a security plan that describes counter measures that will manage the threats that put Al Nahda Hospital’s information assets at risk from a risk management perspective. A comprehensive information security education and awar eness program for use by management, staff and contractors for Al Nahda Hospital is also provided in this report. The report also explores the social, legal, and ethical issues or constraints that may be associated with the implementation of the comprehensive information security plan at Al Nahda Hospital. Finally, the report recommends valid actions that can be taken to improve the information security situation of Al Nahda Hospital. Introduction Al Nahda Hospital is a government hospital which is located in Oman. The hospital has a client server application called â€Å"Health Information Management system (HIMS)† on a local network. It also has applications that have been developed with oracle database, forms and reports. Al Nahda Hospital’s medical staff users can access and use the system from a local network using desktops, Personal Computers, or they can use laptops with WIFI, during wards round. Also, this system is connected to the headquarters with MPLS line. Users have access to both the operating system username and password and the database username and password. After a careful assessment of the information security situation, a security plan for the protection of the information holdings of the Al Nahda Hospital is required. The security plan will ensure that the security personnel oversee the security of information from deliberate and accidental threats to the hospital so as to improve Al Nahda Hospital’s information security. 1.0: Main Categories of Information Assets that may be at Risk and have to be protected Al Nahda Hospital’s information assets may be at risk, as far as the information status is concerned. These assets may be categorized into information assets, software, hardware, systems and people. 1.1: Information Assets Information assets of Al Nahda Hospital that may be at risk and need to be protected include documented information. Documented information contains both printed or written information an d electronic information stored on the hospital’s servers, website, extranets and internets. Electronic information can be stored in laptops, personal computers, cell phones, CD ROM and USB sticks, among other devices. The information that may be threatened