Need Help With This Assignment?

Let Our Team of Professional Writers Write a PLAGIARISM-FREE Paper for You!

Organization Security Policy – Augusta Medical Hospital

Organization Security Policy – Augusta Medical Hospital

To ensure that the information systems and patient data at Augusta Medical Hospital are protected, the hospital has a threefold policy on data protection. Since patient data maintenance is an important and sensitive mission, and with the concern about the growing threats and risks the healthcare organization and its patients, staff, and other stakeholders face, this security policy designates several preventive and protective actions against both internal and external threats and risks. This policy covers the use of physical, administrative, and technical security measures in order to counter dangers from outside and inside the organization and increase the total security of the organization.

Acceptable User Policy

The Acceptable User Policy is intended to provide an understanding of user responsibilities to protect the information systems of Augusta Medical Hospital. This policy defines the use of computerized systems: e-mail, Internet, and software. Users should interact only with the information that is relevant to their duties and responsibilities, and the exchange of passwords and accounts is forbidden (Doherty et al., 2021). Security matters are expected to be reported by the employees to the IT security team as soon as they are observed or suspected. In addition, the personal use of the organizational resources should be minimal and should not hamper the duties of an employee.

Employee Onboarding and Offboarding Procedures

Augusta Medical Hospital’s orientation or onboarding process involves a pre-employment physical examination and a background check on all employees to establish their security clearance. In addition, there is overall security training in the course of orientation, including policy statements, standards, and threats. Accordant to the job responsibilities of the employees, the access rights to the systems are granted suitably, limiting their interface to only that much as is required for their line of work (Varshney, 2022). Further, whenever an employee of Augusta Medical Hospital is let go, whether through dismissal or through quitting jobs, the offboarding process is set off to ensure continuity of security measures. There is also access revocation, where all the systems and accounts previously used by the employee are denied access to avoid the chance of the employee indulging in unauthorized activities. These are conducted with the purpose of obtaining feedback.

Social Media Policy

Being aware of the significance of social media, Augusta Medical Hospital has established a social media policy for intra-organizational and extra-organizational use. Workers must be professional while engaging in matters concerning the hospital on social networks; they cannot share sensitive information or negative remarks about co-workers or the facility. Hospital representatives can only share content from the official social sites of the hospital, and all content to be posted must go through the relevant department (Stohl et al., 2017). Concerning personal accounts, employees should be careful of the opinions they give and should not give the impression that they are employees of the hospital or reveal information about the hospital. The policy stresses the importance of patient privacy, and speaking directly to patients or discussing their care on social media is not allowed.

Insider Threats

Another risk area is insider threats, or the risks coming from inside the organizational wall—employees, contractors, and partners included. These risks can stem from planned behavior where some employees with ill motives will siphon information or compromise systems, and through accidents where some employees who have not been trained in security or have taken shortcuts to ensure they are productive leak information. To prevent insider threats, Augusta Medical Hospital engages in security awareness and conducts training while encouraging everyone to be accountable for reporting any security incident.

Mobile Device Policy

Due to the growing use of mobile devices for accessing health information, the hospital has created a mobile device policy. Mobile devices allowed to connect to the hospitals’ information systems must be administered and sanctioned by the IT division. Password, encryption, and wipe-off features are some of the security options that must be observed. Individuals are expected to connect to the hospital’s network and are prohibited from using public Wi-Fi when working with such data. When the devices are lost or stolen, employees are required to inform the IT department to prevent any data loss.

Key Provisions of Common Standards

Augusta Medical Hospital follows a number of standard regulations and guidelines, which enhance the security of the information systems. HIPAA law and regulations should, therefore, be followed to the letter in order to safeguard patient information (Edemekong et al., 2024). The adoption of the NIST Cybersecurity Framework assists the organization in understanding, protecting, detecting, responding to, and recovering from cyberspace incidents (Crossmark, 2024). Further, compliance with the ISO 27001: 2013 international standard for Information Security Management Systems provides the framework for managing special data.

Conclusion

In summary, Augusta Medical Hospital’s security policy is used to safeguard patient information and maintain the authenticity of its information systems. As a result of formulating comprehensible policies on the acceptable use of computers in the workplace, orientation guidelines, social media, and guidelines for using mobile devices, the hospital intends to provide a safe space for both its employees and patients. Subsequently, the constant implementation of training and awareness programs will improve the security position, limiting the threats posed by insiders and other security threats. This commitment to security is neither perfunctory nor necessary merely because of passive regulation, but it is the essence of the organization’s mission to deliver the best quality of patient care and be responsive to the societal needs of the community served.

References

Crossmark. (2024). The NIST cybersecurity framework (CSF) 2.0. https://doi.org/10.6028/NIST.CSWP.29

Doherty, N. F., Anastasakis, L., & Fulford, H. (2021). Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy. International Journal of Information Management, 31(3), 201–209. https://doi.org/10.1016/J.IJINFOMGT.2010.06.001

Edemekong, P. F., Annamaraju, P., & Haydel, M. J. (2024). Health Insurance Portability and Accountability Act. Encyclopedia of Information Assurance, 1299–1309. https://doi.org/10.1081/e-eia-120046838

Stohl, C., Etter, M., Banghart, S., & Woo, D. J. (2017). Social media policies: Implications for contemporary notions of corporate social responsibility. Journal of Business Ethics, 142(3), 413–436. https://doi.org/10.1007/s10551-015-2743-9

Varshney, D. (2022). Understanding virtual employee onboarding (VEO): The new normal and beyond. Emirati Journal of Business, Economics and Social Studies, 1(1), 58–80. https://doi.org/10.54878/EJBESS.171

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question 


Develop the Organization Security Policy

There are many threats to an organization’s business application system or enterprise system. Some of the common threat vectors are external entities, but there are also internal entities. Internal threats are commonly from employees who are not trained on how to use the information security system. Using the Augusta Medical Hospital as your organization, develop a security policy that addresses different organizational security areas, including physical security, administrative security, and technical security.

Organization Security Policy - Augusta Medical Hospital

Organization Security Policy – Augusta Medical Hospital

In 750-1,000 words, develop an organization security policy for your employer and include the following:

  • Provide an introduction to the organization security policy.
  • Identify an acceptable user policy for information systems within the organization.
  • Describe employee onboarding and offboarding procedures.
  • Explain the organization’s social media policy inside and outside the organization.
  • Define insider threats.
  • Explain the mobile device policy.
  • List and describe key provisions of common standards.
  • Summarize the conclusion.

Support your policy with at least 4 scholarly resources.