CSIA 303 Assignment 1
University of Maryland University College
October 10, 2014
Information Systems Security Survey
The University of Nebraska Medical Center (UNMC) is an institution that was built back in the 19th century. UNMC’s mission is to improve the health of Nebraska through premier educational programs, innovative research, the highest quality patient care, and outreach to underserved populations (UNMC, 2004). As an institution with key interest to privacy of its students, staff and subordinate staff, UNMC has adopted various policy guidelines to ensure information security system. The Information Security Management Plan (ISMP) describes its safeguards to protect confidential information. These safeguards are meant among another reason to:
Ensure the confidentiality of data
Ensure the integrity of data
Ensure the availability of data
Protect against anticipated threats or hazards to the security or integrity of the information
UNMC has adopted information security industry best practices to implement its information security system (UNMC, 2014). They have become so effective that during 2011, a Hitrust Gap assessment was performed, and no significant gaps were found within its security program. The worksheet below outlines how these programs have been rolled out by different offices in the university.
Worksheet: Information Security Program Survey
Security Area Responsible Party / Office of Primary Responsibility Known Vulnerabilities / Risks Countermeasures / Risk Mitigation Strategy
Acquisition (systems/services) Information Security Office Breach of the confidentiality clause All service providers must undergo an evaluation process to verify they are qualified. Contracts have a confidentiality clause whose breach terminates the contract.
Asset management System Administrator Poor asset management Proper policies and procedure in place to ensure effective asset management. Evaluation
References: UNMC. (March 2014) Strategic Plan 2010-2013. Retrieved from http://www.unmc.edu/wwwdocs/strategic-plan_06-10_v3-brochure1.pdf United States Government Accountability Office. (February 2010). ELECTRONIC PERSONAL HEALTH INFORMATION EXCHANGE: Health Care Entities ' Reported Disclosure Practices and Effects on Quality of Care. Retrieved from http://www.gao.gov/new.items/d10361.pdf UNMC. (February 9, 2004). Information Security Plan. Retrieved from http://www.unmc.edu/its/docs/UNMCInformationSecurityPlan-Sept2010.pdf