CSIA 303 Assignment 1
University of Maryland University College
October 10, 2014
Information Systems Security Survey
The University of Nebraska Medical Center (UNMC) is an institution that was built back in the 19th century. UNMC’s mission is to improve the health of Nebraska through premier educational programs, innovative research, the highest quality patient care, and outreach to underserved populations (UNMC, 2004). As an institution with key interest to privacy of its students, staff and subordinate staff, UNMC has adopted various policy guidelines to ensure information security system. The Information Security Management Plan (ISMP) describes its safeguards to protect …show more content…
Personnel System Administrator Loss of data integrity Employees are only employed after exhibiting minimum security requirement. Information Security Addendum are to be signed for confidentiality purposes. An insider who ensures that all legal requirements are followed before access is granted must accompany outsiders accessing information.
Physical environment System Administrator Physical safety of the environment may be compromised through attacks and burglary No unauthorized personal is allowed within the data centre premises. The data centers are controlled by keycard access.
Policy Information Security Plan Coordinator
Policies may be misinterpreted by the employee The University’s security policy is enshrined in the Privacy, Confidentiality and Security of Patient Proprietary Information Policy and the Computer Use and Electronic Information Security Policy. The two policies require that authorized people can only access this information. The policies are reviewed every two years to make them in tandem with the prevailing circumstances.
Operations The Information Security Officer and the Infrastructure Team Failure for operations to comply with the system security policy An operation must fill a compliance Checklist or a Security Risk Assessment form for review to verify that no new risk is introduced to the enterprise.
Outsourcing System Administrator Unauthorized disclosure of security information by third parties Outsourced vendors must comply