Information Security Management of HealthScope

Question: Discuss about theInformation Security Management of HealthScope. Answer: Introduction: The main aim of the report is to discuss about an Australian company Healthscope that operates private hospitals, international pathology services and medical centres. It has 17000 employees working in different location for the organization. The information security department of the organization has several responsibilities for maintaining the security of the information system. Thus as a security manager the report is prepared and a brief analysis is done on the information system of Healthscope, the importance of identity access management for the organization is discussed and the development procedures are also discussed. Lastly some recommendation is provided to implement new IAM technology that would benefit the organization to mitigate the security issue. Analysis on Identity and Access Management (IAM) Significant advances in innovation, and in addition seismic movements in government control, have pushed the medicinal services industry into a time of interruption. Human services IT pioneers must explore a moving landscape of plausibility and danger. While innovative advances offer chances to enhance human services conveyance, the specialized and administrative scene represents a few difficulties (Torres, Nogueira Pujolle 2013). Medicinal services IT pioneers must deal with a huge number of uses and advances, including billing, electronic medical records (EMRs), client correspondences and that's only the tip of the iceberg. Most basically, they should guarantee that the data regarding the health of the patient is promptly accessible to the right individuals yet shielded from unapproved access (Uddin Preston 2015). The privacy is the most important priority of the health information system and the IT managers have the role to manage the system using technologies and maintain the s ystem keeping the system up for the users. As today's workforce turns out to be more portable, numerous associations are receiving another methodology Bring Your Own Device (BYOD) to give remote access to email, delicate or protection related information, and business applications (Thatchenkery 2013). The demand of the consumer for mobile application support is also driving the Healthscope organization for developing the mobile application to access their service. IAM is a solid empowering agent that works on (both for business to worker and business to buyer) and serves as a foundational segment in increasing the security in mobile computing. There are a couple ways IAM can help the Healthscope to actualize a more secure information security system: Security defends ordinarily set up for outside associations with a system might be impaired or actualized at a lessened level in light of the fact that the business might not have control over administration of these gadgets (particularly in a BYOD model) (Michael 2012). Accordingly, it is important that verification instruments are executed to affirm that the client of the gadget is approved to get to delicate resource. The Mobile gadgets permit organization staff to get to basic applications (counting security related information) at whatever time and from anyplace. On the off chance that a gadget is lost or stolen, device should be tracked and identified to report the client (Schorer 2014). The user authentication can also reduce the chance of potential fraud incident and detect the device location. Access controls ought to be outlined in view of ease of use; clients may evade excessively prohibitive and badly designed controls, bringing about potential information misfortune episodes (Stephen, Chukwudebe Ezenkwu 2015). A typical illustration is somebody sending actually identifiable or classified data decoded to an individual email account keeping in mind the end goal to get to it outside of the workplace. Importance of IAM The identity and access management is used to identify the impact of the information security system and the complexities that the IS system includes. It is used to identify the security state of the information system and resolve the complexity of the system (Torres, Nogueira Pujolle 2013). The IAM can be applied to a system to manage the technical service and limit the accessibility of the online resources. It can help to give a simplified user experience to the end users of the system and handle the access request and self service management program efficiently (Lodwick 2014). The IAM breaks down the barriers and can easily access the end users. It can apply authentication on the end users to increase the security of the system. Protection for the data residing in the information system is also implemented to secure the data (Uddin Preston 2015). The IAM solution can help to identify the risk and give mitigation technique for resolving the security issues associated with the inf ormation security system. The identity and access management helps to decrease the time of application development that helps to reinvent the authentication systems that are prone to cyber attacks. The IAM helps to implement new technologies in the Healthscope project that would help to identify the holes in the security management and resolve the risk related to the security in the information system and thus help the organization to continue its business process. Development of New IAM Technology IAM is used mostly in securing the data of the information system of an organization. It considers the continuous and future patterns in its advancing circle and empowers more grounded efforts to establish safety. The IAM business sector is predominantly impacted, driven and moulded by the expanding requirement for versatile appropriation and transitioning to distribute computing (Khansa Liginlal 2012). A portion of the most recent advancements and methodologies help associations conquer issues connected with information security. IAM can turn into a potential business-empowering influence for IT associations, with a legitimate key situation in computerized security space, bringing about fruitful conveyance of bleeding edge arrangements. Approaches to making IAM a noteworthy achievement: Keep Customization to the Minimum: predictable methods for IAM characterize building custom frameworks that include every one of the procedures important to allow verification and control. In spite of the fact that altered arrangements bring together components and appearance, they conceal the multifaceted nature underneath (Jrvelinen 2012). A configurable IAM arrangement offers more noteworthy esteem and minimizes the dependence on designers, alongside lessening the consumption. Diminishing Complexity: combined characters and provisioning approval like logins, SSO and review necessities offer a few advantages. Progressively the characters, more is the necessity for provisioning in various spots, and more are the passwords (Goth 2005). Distinguishing proof of a solitary source and actualizing it over the association is superior to the exertion required for recalling various passwords. Provisioning the Right Way: One steady thing in IAM is change. Change in the parts of individuals, new frameworks and procedures make re-provisioning and de-provisioning of clients a need. It is imperative to get the provisioning right with a sharp accentuation on setup (Jankovic 2012). A Business' Accountability: Although, IT assumes a key part in provisioning a record and assigning rights inside a framework, any particular line of business/space, if included, will be responsible if something turns out badly. Henceforth, the most recent IAM arrangements are worked by concentrating more on the business, rather giving 100% power to only it (Giessner, Horton Humborstad 2016). It gets to be simpler for the business to settle on choices about who ought to access what. In this way, provisioning happens consequently, with lesser reliance on IT. Empowering Automation: IAM carries with it the capacity to streamline and computerize awkward procedures, which is a major offering point for undertakings. Mechanizing an IT-driven and complex IAM approach that spares time and cash minimizes various blunders (Uddin Preston 2015). In this manner, an endeavour and end clients can do a few things for which they have dependably needed to depend on IT. The capacity of associations in embracing new innovations and advancing client requests has kept the prerequisite of IAM going. Traverse's IAM system addresses an expansive range of mission-basic needs to give fitting access crosswise over differing innovation situations and meet the constantly expanding consistence prerequisites (Torres, Nogueira Pujolle 2013). The IAM arrangements are business-adjusted and help ventures create full grown IAM abilities for their drives. Recommendation for Application of Recent IAM Technology in the Organization The application of the IAM technology must give the organization some benefit and the risk associated with the business must be resolved with the application. Thus to mitigate the risk of Healthscope and securing their information security system against any physical attacks or cyber attacks it is essential for the organization to implement new technology. The organization can choose the appropriate technology that meets the organizational needs. There are many technologies but according to the analysis it has been found that the integration of the IAM and information security management technologies can improve the management capabilities and deploy new capabilities in the system. SIEM technology can be applied to access the resources and monitor the health information of the system. It can also identify the identity of the users that are logged in the system. The application of SIEM requires a basic IAM policy to monitor the system. There are different vendors providing the SIEM ap plication such as IBM they integrate the SIEM application with IAM products and meet the requirement of the client and secures the network authentication services. The organization can employ SIEM for the monitoring activity and secure the network and the information system of the Healthscope organization. Conclusion The CISO (Chief information security officer) of the IT Security and Information department of Helathscope organization have prepare the report on the management of the information security system. Identity and Access management technique is applied for the proper analysis of the system. The system has become mobile and thus there is a problem regarding the identification of the user and unauthorised access of the data. The identity and access management is applied and importance of IAM to ensure the organizational security and development of new technology using the IAM methodology is discussed in the report. Recommendation is given regarding the application of recent IAM technologies in the Healthscope organization that would help to increase the security of the information system of the organization. References Giessner, S, Horton, K Humborstad, S 2016, "Identity Management during Organizational Mergers: Empirical Insights and Practical Advice", in , Social Issues and Policy Review, vol. 10, no. 1, pp. 47-81. Goth, G 2005, "Identity management, access specs are rolling along", in , IEEE Internet Computing, vol. 9, no. 1, pp. 9-11. Jankovic, M 2012, "Integrated Marketing Communications And Brand Identity Development", in , ManageFon, vol. 17, no. 63, pp. 91-97. Jrvelinen, J 2012, "Information security and business continuity management in interorganizational IT relationships", in , Info Mngmnt Comp Security, vol. 20, no. 5, pp. 332-349. Khansa, L Liginlal, D 2012, "Regulatory Influence and the Imperative of Innovation in Identity and Access Management", in , Information Resources Management Journal, vol. 25, no. 3, pp. 78-97. Lodwick, D 2014, "Access and Identity Management for Libraries: Controlling Access to Online Information", in , Technical Services Quarterly, vol. 32, no. 1, pp. 112-113. Michael, K 2012, "Security Risk Management: Building an Information Security Risk Management Program from the Ground Up", in , Computers Security, vol. 31, no. 2, pp. 249-250. Schorer, C 2014, "A Review of Access and Identity Management for Libraries: Controlling Access to Online Information", in , Journal of Access Services, vol. 11, no. 4, pp. 327-328. Stephen, B, Chukwudebe, G Ezenkwu, C 2015, "Integrated Identity and Access Management System for Tertiary Institutions in Developing Countries", in , Nigerian Journal of Technology, vol. 34, no. 4, p. 830. Thatchenkery, T 2013, "Initiating organisational transformation through Appreciative Intelligence", in , International Journal of Business Performance Management, vol. 14, no. 4, p. 332. Torres, J, Nogueira, M Pujolle, G 2013, "A Survey on Identity Management for the Future Network", in , IEEE Communications Surveys Tutorials, vol. 15, no. 2, pp. 787-802. Uddin, M Preston, D 2015, "Systematic Review of Identity Access Management in Information Security", in , JACN, vol. 3, no. 2, pp. 150-156.