Implemention Plan
Health Body Wellness Center ISMS Implementation Plan
The Health Body Wellness Center has two basic core business objectives:
1. To make improvements of medical grants utilizing research that is federally funded.
2. Distribute a variety of medical grants to mostly small hospitals
The HBWC will be implementing an ISMS plan to facilitate these business objectives in a more secure manner. Incorporating an ISMS plan will allow executive level employees the ability to determine problem areas in the organization’s infrastructure that could be preventing the Health Body Wellness Center from providing as much support for small hospitals as possible. The ISMS plan will also ensure that the financial information passed between hospitals is kept secure and outside organizations do not have access to financial data of competing hospitals.
To help coordinate the grants to various hospitals, the Health Body Wellness Center is implementing a Small Hospital Grant Tracking System (SHGTS).
The SHGTS will be used to track the small grants to a hospital for one month. Utilizing this tool, the Health Body Wellness Center will be able to effectively rotate funds to multiple hospitals without allocating excess funds to certain hospitals.
The Health Body Wellness Center will need to have an ISMS plan set in place to help support the lacking security principles that the organization currently is following. Some of those principles are:
1. The accounts of SHGTS users who no longer require access may not be deleted immediately from the system.
2. A system security plan (SSP) has not been developed for the SHGTS.
3. A disaster recovery plan (DRP) has not been developed for the SHGTS.
4. There are no sign-in logs for visitors accessing the computer room.
5. Passwords on the grants server are not required to be changed at least every ninety days.
6. There is no limit to the number of invalid access attempts that may occur for a given user.
7. Null session login may be possible.
The Health Body Wellness Center has two basic core business objectives:
1. To make improvements of medical grants utilizing research that is federally funded.
2. Distribute a variety of medical grants to mostly small hospitals
The HBWC will be implementing an ISMS plan to facilitate these business objectives in a more secure manner. Incorporating an ISMS plan will allow executive level employees the ability to determine problem areas in the organization’s infrastructure that could be preventing the Health Body Wellness Center from providing as much support for small hospitals as possible. The ISMS plan will also ensure that the financial information passed between hospitals is kept secure and outside organizations do not have access to financial data of competing hospitals.
To help coordinate the grants to various hospitals, the Health Body Wellness Center is implementing a Small Hospital Grant Tracking System (SHGTS).
The SHGTS will be used to track the small grants to a hospital for one month. Utilizing this tool, the Health Body Wellness Center will be able to effectively rotate funds to multiple hospitals without allocating excess funds to certain hospitals.
The Health Body Wellness Center will need to have an ISMS plan set in place to help support the lacking security principles that the organization currently is following. Some of those principles are:
1. The accounts of SHGTS users who no longer require access may not be deleted immediately from the system.
2. A system security plan (SSP) has not been developed for the SHGTS.
3. A disaster recovery plan (DRP) has not been developed for the SHGTS.
4. There are no sign-in logs for visitors accessing the computer room.
5. Passwords on the grants server are not required to be changed at least every ninety days.
6. There is no limit to the number of invalid access attempts that may occur for a given user.
7. Null session login may be possible.
References: Arnason, S. T. (2007). How to Achieve 27001 Certification an Example of Applied Compliance Management.. Hoboken: Taylor & Francis Ltd.. RFC-Editor Webpage. (n.d.). RFC-Editor Webpage. Retrieved January 3, 2012, from http://www.rfc-editor.org/rfc/rfc1918.txt TE. (n.d.). The Real Dirt on Whitelisting - Dark Reading. Dark Reading | Security | Protect The Business - Enable Access. Retrieved January 3, 2012, from http://www.darkreading.com/security/application-security/211201169/the-real-dirt-on-whitelisting.html