CS651_KristineCameron_IP4.doc

docx

School

Colorado Technical University *

*We aren’t endorsed by this school

Course

651

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

25

Uploaded by MinisterSeal8216

Report
Computer Systems Security Foundations: CS651 Security Management Document Kristine Cameron 26 January 2023
Security Management Document 2 Table of Contents Week 1: Introduction to Information Security ............................................................................................. 3 Company Description .............................................................................................................................. 3 Information Security Needs, Risks, and Benefits .................................................................................... 3 On-Site Consultant Challenges ................................................................................................................ 5 Company IPO Challenges ........................................................................................................................ 6 Week 2: Security Assessment ...................................................................................................................... 7 Typical Assets ......................................................................................................................................... 7 Current Non-Network Segregation Risks ................................................................................................ 8 Consultant Network Created Risks .......................................................................................................... 9 Risk Tests and Security Assessment ...................................................................................................... 10 Risk Mitigation ...................................................................................................................................... 11 Week 3: Access Controls and Security Mechanisms ................................................................................. 12 Access Control Mechanisms .................................................................................................................. 12 Access Control Protection ..................................................................................................................... 14 SSO and VPN Technology .................................................................................................................... 15 Week 4: Security Policies, Procedures, and Regulatory Compliance ........................................................ 17 Regulatory Requirements ...................................................................................................................... 17 Company Policies .................................................................................................................................. 19 Company Controls ................................................................................................................................. 20 Data at Rest / Data in Motion ................................................................................................................ 21 Week 5: Network Security ........................................................................................................................ 23 References ................................................................................................................................................. 24
Security Management Document 3 Week 1: Introduction to Information Security Company Description This Security Management Document will cover the information security needs, risks, and benefits for Jackson Purchase Medical Center located in the heart of Mayfield, Kentucky. This facility opened its doors in 1993 and offers 107 private rooms for its patients. Jackson Purchase offers both emergent and elective inpatient and outpatient services. These include a New Beginnings Birthing Center, an Advance Healing Wound Care Center, and a state-of-the-art Chest Pain Center ( Jackson Purchase Medical Center , n.d.). This medical center offers fourteen beds in its Emergency Department (ED), not including their triage room, and has set their goal to thirty minutes from the time the patient walks into the ED until they exit ( Jackson Purchase Medical Center , n.d.). While every situation is different, this is the goal that is set for Jackson Purchase and the eight counties that it provides quality care for. Information Security Needs, Risks, and Benefits A case study has been initiated for this growing medical center, showing that the security posture of the company is in need of updating due to its rapid growth over the last few years. This has led to an initial public offering (IPO) requiring new regulatory requirements to be met by the company. Thus a review of the current information security that is in place needs to be conducted in order to successfully expand the current infrastructure, enabling the company to operate more efficiently, and yet still maintain an environment that is secure. The need for an update of information security is greatly needed in the ED at Jackson Purchase Medical Center. Though the ED is set aside for emergency situations, this is no excuse for a
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 4 violation of the Heath Insurance Portability and Accountability Act (HIPAA) which protects the patients’ private health information. This act protects a patients’ private information, restricting who can have access to the medical records. In addition to the doctors and nurses that are providing care for the patients, various registrars also have access to this information. Often times in the ED, the registrars are the first point of contact that a patient sees who has full access to their records. To ensure public health and safety, HIPAA also recognizes other various authorities to have access to personal medical files. These can include public health authorities, such as the Centers for Disease Control and Prevention (CDC), foreign government agencies in collaboration with a public health authority, and any persons that may be in risk of spreading or contracting a disease ( Office for Civil Rights BULLETIN: HIPPA Privacy in Emergency Situations , 2014). There are numerous risks to information security at the Jackson Purchase Emergency Department due to the fact that it is such a high-volume traffic area. With the lack of medical facilities available to patients in the evenings and on weekends, most of these patients end up in their local emergency room. This tends to make the ED one of the most stressful and challenging areas in any hospital. Not only are the nurses and registrars challenged to ensure that all patient information is secure, they are also hidden security dangers that can come in the form of the individuals that come into the ED. Some of these risks are as follows ( Solving Emergency Department Security Challenges, 2020): Patients or visitors who are under the influence of drugs or alcohol. The circumstances that can arise from victims of gunshot wounds and/or gang violence. Patients suffering from mental health behaviors.
Security Management Document 5 Domestic violence patients who are followed into the ED by their abusers. Patients escorted into the ED by law enforcement officials. The ED can benefit from a new update of the security posture by implementing access controls that would limit the access of emergency patients from other parts of the hospital, keeping the ambulance entrance separated from the walk-in entrance and waiting room, providing a security staff to provide protection to the registrars, nurses, and other care providers, and having a rapid lockdown program in place in the event of emergencies ( Solving Emergency Department Security Challenges, 2020). On-Site Consultant Challenges While on-site consultants can bring their knowledge and expertise to a project such as this, their agenda oftentimes does not match that of the hospital staff that they are consulting. Because the consultant’s behavior may be influenced and driven by a variety of motives, it can be challenging for them to work with project managers without conflict arising (Davidson, 2009). Although one of the biggest challenges when it comes to on-site consultants in the ED is that this department is almost always constantly busy. With the tasks of checking in patients, running back to get paperwork signed, taking payments, and filling out countless forms, there isn’t time to breathe, let alone have the time to sit down with a consultant to discuss changes to the company’s IPO. Company IPO Challenges As with any IPO taking place, this process can be extremely complex and be faced with multiple challenges for the company. According to Deloitte, here is a list of a few of the challenges that
Security Management Document 6 Jackson Purchase Medical Center will face with the recent IPO taking place ( IPO Challenges and Sarbanes-Oxley Readiness , n.d.): There can be poor planning involved on the part of the company in meeting the new regulations and requirements. The company may not have sufficient funds at their disposal in order to meet the financial requirements of the IPO. Jackson Purchase may not have leadership in place with the experience necessary to manage the IPO process. The company’s internal controls may be too weak in order to manage all of the complexities that the new IPO brings to the table.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 7 Week 2: Security Assessment Typical Assets There are so many different assets that can be found within a single health care facility, and in that regard, Jackson Purchase Medical Center is no different. The largest portion of a hospital’s assets will fall into the category of fixed assets. This category of assets contains mostly the medical equipment that can be utilized in the diagnosis, treatment, surgeries, and recovery (SeventhQueen, 2022). These assets come in the form of patient monitors, respiratory machines, X-ray machines, diagnostic equipment, mobile beds, wheelchairs and many more. Of course a hospital’s assets do not just stop at medical equipment. There are physical infrastructures and systems that are also included in this category. Heating and air-conditioning units, refrigeration systems, ventilation systems, plumbing, electrical, generators and other systems ( How a Hospital Asset Management Plan Can Improve Quality Care – AkitaBox , 2020) are all assets that are found within Jackson Purchase. ( CenTrak / Optimized patient Flow with Human & Asset Tracking in the ER , n.d.)
Security Management Document 8 With all of these assets available to the medical center, there has to be a way to track all of them. This is why most hospitals, including Jackson Purchase, have an asset tracking program in place in order to keep track of their assets. This is especially true for the medical equipment that is utilized in the facility, which tends to be extremely expensive. The Emergency Department of the hospital is an area where asset tracking is extremely important due to the fast-pace activities that take place there. As one can see from the example above, there are a lot of moving parts and assets that are found in the ED. Current Non-Network Segregation Risks Network segregation is extremely important because it can isolate the hospital’s internal network from some external networks like the internet. By currently not having a segregated network, the organization is setting itself up for multiple risks to their security. Some of these risks can be seen below ( A Complete Overview of Network Segregation and Why It’s Crucial for Your Organization , 2022): Poor Operation Performance : Without a segregated network the system is danger of network congestion due to the inability to halt the traffic in one part of the systems’ network to another part. Inability to Limit Cyber Attack Damage : Without network segregation Jackson Purchase runs the risk of not being able to restrict how far an attack will be able to penetrate the system. This can run the risk of something like malware becoming unrestrained and spreading across multiple systems.
Security Management Document 9 Having Vulnerable Endpoints : Without the use of a segregated network, Jackson Purchase runs the risk of allowing damaging traffic to reach devices that find themselves unprotected. Consultant Network Created Risks With the new consultant network being created for Jackson Purchase Medical Center, there are a number of risks that can be created. First, there is a risk of receiving some bad advice from the consulting company. This could actually lead to damaging the hospital’s reputation when patients find that their personal data is not secure. The consultant company could be at risk for cybercrime and data breaches itself, which can lead to network security breaches at the hospital. These risks can include cyber extortion, financial burdens stemming from high recovery costs of lost data, and of course network security breaches. Another risk of the new consultant created network is third party damage in the form of financial burdens which can affect not just the patients, but the hospital’s stakeholders as well (deependra, 2023). Risk Tests and Security Assessment Testing for risks, and conducting a security assessment, are vital tasks that should be completed in order to allow the IT department to strengthen the Cybersecurity defenses of the hospital. A few of the risks test and security assessments for Jackson Purchase Medical Center are listed below (Gracy, 2023): Conducting a vulnerability assessment that will hopefully provide the organization with a list of security issues that require attention.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 10 Penetration testing should be conducted in order to find any weaknesses or vulnerabilities within the hospital’s network. This is accomplished by trying to hack into, or breach, the hospital’s security system. Weekly IT risk assessments should be conducted in order to evaluate what some acceptable risks levels are by identifying any potential risks and their overall impact on the hospital. A common risk level assessment can be seen here: (Gracy, 2023) Jackson Purchase should also conduct an IT audit in order to insure that the new network configuration is compliant with documented standards.
Security Management Document 11 Risk Mitigation According to Safety Culture, r isk mitigation is the process of understanding certain risks and threats, while also being able to accept that they exist. The organization must take the appropriate measures in order to reduce their effects in case they happen. This is a part of the   risk management   process which is necessary to prepare an organization for any threats to its operations and processes (Altomonte, 2022). There are various types of risk mitigation techniques that can be used, and to be successful, risk mitigation should be determined by the assessment of the organization’s risks assessments. Some of these risk mitigation types are risk transfer, risk acceptance, risk avoidance, and risk monitoring. Jackson Purchase Medical Center would have to conduct their risk mitigation by following these simple steps (Altomonte, 2022): Identifying all of the risks facing the company to include not only security breaches but also natural disasters and mechanical failures. After identifying the risks they need to be assessed to determine what the risk level is for each one found. The risks then need to be prioritized is order to see which ones need to be mitigated first, and which of those that are low risk and can wait. The risks need to be continually monitored for any changes so that the IT department can increase or decrease the priority of the risk. After the risk mitigation plan is created, it then needs to be implemented throughout the entire hospital through having all of the appropriate measures in place and conducting training for the hospital employees.
Security Management Document 12 Week 3: Access Controls and Security Mechanisms Access Control Mechanisms Some features of hardware or software that can detect and block the unauthorized access to sensitive information within the company’s system are referred to as access control mechanisms. These mechanisms are designed to receive the request for access from the user and then decide on what access decision needs to be made (Mezquita, 2019). For example, if someone with low- level security clearance attempts to access files or data that are top secret, the access control mechanism would disallow or block the user from interacting with these files. There are four different types of access control mechanisms available. These access control mechanisms are listed below (Hoffman, 2023): Mandatory Access Control (MAC) – In this model, the user does not possess any control over the settings that can provide someone privileges to specific data. These controls are only available to the owner or management custodian. Because of this, MAC has the highest access control and is most often seen in government or military privilege settings. Role-Based Access Control (RBAC) – In this model, the controlled access is given to job titles instead of to individual employees. This can save management a lot of time when implementing their access controls. Since all of the job titles already have access controls assigned to them, when a new employee fills one of these positions they are automatically given the access controls of their job position. Discretionary Access Control (DAC) – This is probably the least restrictive of all of the access controls. This control gives the user the ability to set the settings of their security level, as well as those of other users. This can cause all kinds of problems for the company, especially if someone inadvertently executes a virus like malware into the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 13 system. With all of the users given almost unrestricted access, this malware could potentially be spread throughout the system and maybe even into other systems. Rule-Based Access Control (RBAC or RB-RBAC) – This is also a highly restrictive set of access controls. In this model, each individual employee is assigned access control dependent upon what information that they will possibly need to do their job. While this may take longer due to each person having to be programmed into the system, it is much more effective than DAC or RBAC. An example of this rule-based access could be to give access to certain individuals for only certain times of day. This would impede the user from accessing files after their work day has been complete. Access Control Protection Hackers will often try to exploit different access control weaknesses in order obtain access to sensitive or private information within a company. There are a variety of ways in which the new expanded network can be protected through the use of access control. Developers should be able to mitigate most of their vulnerabilities by following the practices listed below ( Access Control: Understanding & Mitigating the Risks in Internal Network , n.d.): The implementation of strong authentication measures, such as multi-factor authentications and having policies in place that ensure users have strong passwords. To ensure that the end-users only have access to authorized files and data, authorization checks should be implanted in order to validate the roles and permissions of each user. In order to manage the sessions of the end-user, management should implement sessions that are more secure by including such things as session timeouts and secure cookie settings.
Security Management Document 14 Management should be continually working to patch and update the company’s software. This will allow them to find and address any vulnerabilities that they find in the system which will protect them against hackers attempting to exploit these weaknesses. Security code reviews should be conducted by the software developers in order to identify any weaknesses to their access control program. To help safeguard against SQL injections, secure data validation and sanitization should be implemented in order to help block the access of being able to manipulate unauthorized data. The management should always try to follow the rule of least privilege. This means that they should only grant the end-user the minimum privileges that they will need in order to effectively do their job, but prohibit them from accessing unauthorized data. By conducting regular auditing and security testing, the management can make sure that their software applications are protected and secured against any evolving security threats. These tests can be in the form of regular penetration testing, reviews of the code, and assessments in the software vulnerabilities. SSO and VPN Technology Single Sign-On (SSO) is a technology that is used in order to combine several different programs and login screens into one simple sign-on for the end-user (Cloudfare, n.d.). This technology has many advantages, such as the ability to use stronger passwords since multiple passwords are no longer required. It also helps to prevent the use of repeated passwords and have a much better password policy enforcement rules. Multi-factor authentication is also an advantage of using an
Security Management Document 15 SSO. This can be I the form of something simple as entering a code that the user received on their mobile device after entering their username and password. Single Sign-On (SSO) technology could most certainly be an asset to Jackson Purchase Medical Center. As it currently stands, each end-user must not only login to their computer, they also must login into each individual program that they need to use. This can waste a lot of time if the user needs access to multiple programs. In the Emergency Department, the users often need to be logged into multiple programs at the same time, maneuvering through each of them as needed, hoping one doesn’t time-out and require a fresh login. Some of these programs are MEDHOST, MEDITECH EHR Software, QUANUM Lab Service Manager, and Quest Diagnostics. It would be much easier and more secure to be able to login to all of these programs with one login page. A Virtual Private Network (VPN) is a connection that has been encrypted that goes between the network and a device (Cisco, 2019). This encryption helps to make sure that the data that is being transmitted remains secure. This means that unauthorized users will not be able to eavesdrop on the traffic that is being sent. As far as Jackson Purchase Medical Center is concerned, there are a couple of types of VPNs that could be utilized in order to help keep their patient’s data secure. For some of those employees who work remotely from home, either full-time or part-time, a remote access VPN would ensure that the connection between the hospital and the user’s device remained secure when transferring data and files to one another. A site-to-site VPN would also be helpful for this facility. Hospitals often have to send the medical records of their patients to different specialty
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 16 clinics or to their primary care physicians. The use of dedicated equipment in order to secure this data would definitely help to keep the patient’s records secure during transfers.
Security Management Document 17 Week 4: Security Policies, Procedures, and Regulatory Compliance Regulatory Requirements In the case of Jackson Purchase Medical Center, there are five main regulatory requirements introduced by the initial public offering (IPO) that need to be looked at. There are strict laws that govern these regulatory requirements due to the fact that the healthcare industry is very heavily regulated. Below is a brief look at each of these requirements (2023). The first regulation or law would have to be the Health Insurance Portability and Accountability Act (HIPPA). These HIPPA rules deal with the privacy of patients records, along with the patient’s rights to view their information and make the final decision as to how this information is used. This protected health information requires the hospital to provide the security measures that would protect these records (2023). Anti-Kickback Statues and the Stark Law are two more regulations that work hand-in-hand in order to prevent decisions for medical treatment to be determined by financial influences. For example, at Jackson Purchase, no matter the patient’s insurance or financial status, they cannot be refused treatment when they arrive at the Emergency Department (2023). There is also a regulation that was established by the Patient Safety Organization (PSO) that works to prevent any data that collect to be used against them in any lawsuits. This regulation is called the Patient Safety and Quality Improvement Act (PSQIA) (2023).
Security Management Document 18 The final regulatory requirement that this institution requires is the Affordable Care Act (ACA) which works to ensure that healthcare and healthcare insurance are available to more and more people. In fact, the ACA has created the Heath Insurance Marketplace in order to stop insurance companies from refusing to provide coverage for patients that have pre-existing health conditions (2023). Company Policies There are multiple polices that Jackson Purchase Medical Center needs. For the purpose of this document, five of the more important policies will be discussed. According to Resources for Employers “ Company policies are written guidelines that outline the practices and procedures of a business. They set expectations for employee behavior, actions, and processes in various scenarios. These policies are crucial as they ensure consistency, promote fairness, enhance efficiency, and help in compliance with legal regulations ” (BIKA, 2015). Health and Safety in the Workplace : Jackson Purchase is required to ensure that their employees work within a safe and healthy workplace. As was mention earlier, some of these safety requirements would include limiting the access that Emergency Room patients have to other parts of the facility, and providing security in order to protect the registrars and nurses that work there. Policies for Equal Opportunity: This law regulates the ability of a company to discriminate against hiring any employee based upon things like race, gender, age, etc… Adhering to this policy helps to keep a fair environment for employees who work at Jackson Purchase.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 19 Code of Conduct: This Code of Conduct should be in writing and all employees should have access to it. These rules govern how employees must act while employed at Jackson Purchase Medical Center. These rules can cover simple things such as attendance or more important items such as misunderstandings concerning job duties. This is especially true in the fast-paced world of the ED. Leave of Absence: This policy is needed in order to cover different types of time-ff for the employees. It covers sick days, personal time off, maternity leave, and vacations. Without this policy in place employees will have no way of knowing what is required of them when they need to be absent from the workplace. Disciplinary Action Policies for Employees: In a perfect world these disciplinary policies would not be needed, but this is not the case. There are always going to be problems that can arise in the workplace, and thus these policies are important. In order to ensure that each employee is treated fairly in different problematic situations, these policies must cover how to deal with these problems by following written step-by-step processes. Company Controls Jackson Purchase Medical Center must ensure that there are controls in place that will govern how these policies are implemented. There are three major controls that this healthcare facility needs to implement. The first control would be to manage how records are kept. By keeping better records, the hospital will be able to ensure that the patient files and medical records are kept confidential.
Security Management Document 20 Poor record keeping could lead to loss of information and in some cases, loss of life ( Establishing Internal Controls at Healthcare Organizations , 2015). Another company control would be to ensure that no one person has absolute control over any aspect of the hospital. There should be at least two people involved with any important hospital task in order to prevent fraud and any other suspicious activity ( Establishing Internal Controls at Healthcare Organizations , 2015). The final company control that Jackson Purchase needs to implement would be to ensure that they make sure their employees know to act first and think later. This means that if they see any suspicious activity they need to report it up the chain as soon as possible. In this way, all suspicious activity can be investigated in order to possibly stop any interference with their regulatory requirements and/or company policies ( Establishing Internal Controls at Healthcare Organizations , 2015). Data at Rest / Data in Motion There are actually three different states that data at Jackson Purchase can be in. These states are data at rest, data in use, and data in motion. This document is going to cover data at rest and date in motion specifically. Data is determined to be in motion when the data is being transferred via email, internet, messaging applications etc… (Andrada Coos, 2021). This happens all of the time in a medical facility like Jackson Purchase. Medical records often times need to be sent from the hospital to a
Security Management Document 21 patient’s primary care provider. This ensures that the patient’s doctor has all relevant medical information at their fingertips. This also poses a security issue for this data. With the medical information being sent though unsecured means, there is a chance that third parties could target this data and use if for personal gain. Data in motion is unavoidable in this industry so implementing security measures to protect this data must be implemented. By utilizing platforms such as Virtual Desktop Infrastructures (VDIs) and Desktop-as-a-Service (DaaS), Jackson Purchase can limit the sensitive data that is sent, thus helping to protect their patient’s records. (Andrada Coos, 2021). While data at rest is overall more secure than data in motion, it still has its own risks. Outside hackers can still gain access to a company’s servers and find ways to steal this data. In order to help prevent against this, the hospital can implement some Cybersecurity measures such as utilizing firewalls and antivirus software (Andrada Coos, 2021).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 22 Week 5: Network Security TBD
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 23 References (2023, October 31).  Regulatory Compliance in Healthcare  [Review of  Regulatory Compliance in Healthcare ]. RiskOptics. https://reciprocity.com/blog/regulatory-compliance-in- healthcare/ Access Control: Understanding & Mitigating the Risks in Internal Network . (n.d.). HackerWhite. https://hackerwhite.com/vulnerability101/internal-network/access-control-vulnerability A Complete Overview of Network Segregation and Why It’s Crucial for Your Organization . (2022, March 14). Server and Cloud Blog. https://www.parallels.com/blogs/ras/network- segregation/#The%20Importance%20of%20Network%20Segregation Altomonte, L. (2022, November 23).  What is Risk Mitigation & Why is it Important?  SafetyCulture. https://safetyculture.com/topics/risk-mitigation/ Andrada Coos. (2021, May 28).  Protecting Data at Rest vs Data in Motion . Endpoint Protector Blog. https://www.endpointprotector.com/blog/protecting-data-at-rest-vs-data-in-motion/ BIKA, N. (2015, December 10).  The 5 company policies you need to have in writing . Recruiting Resources: How to Recruit and Hire Better. https://resources.workable.com/tutorial/the- 5-company-policies-you-need-to-have-in-writing CenTrak | Optimized Patient Flow with Human & Asset Tracking in the ER . (n.d.). CenTrak. https://centrak.com/resources/blog/optimized-patient-flow-in-the-emergency-department Cisco. (2019).  What Is a VPN? - Virtual Private Network . Cisco. https://www.cisco.com/c/en/us/products/security/vpn-endpoint-security-clients/what-is- vpn.html Cloudflare. (n.d.). What is SSO? | How single sign-on works | Cloudflare.  Cloudflare . https://www.cloudflare.com/learning/access-management/what-is-sso/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 24 Davison, M. L. (2009, October 13).  Challenges - Managing External and Internal Consultants . Www.pmi.org. https://www.pmi.org/learning/library/challenges-managing-external- internal-consultants-6670 deependra. (2023, January 24).  5 Common Risks for Consulting Firms | Risk Management . BizCover. https://www.bizcover.com.au/consulting-business-risks/ Establishing Internal Controls at Healthcare Organizations . (2015, April 21). Resolver. https://www.resolver.com/blog/establishing-internal-controls-at-healthcare-organizations/ Gracy, M. (2023, October 4).  How to Conduct a Security Risk Assessment: A 9-Step Guide . Sprinto. https://sprinto.com/blog/security-assessment-guide/ Hoffman, B. (2023).  Access Control: Models and Methods | Types of Access Control . Delinea.com. https://delinea.com/blog/access-control-models-methods How a Hospital Asset Management Plan Can Improve Quality of Care – AkitaBox . (2020, February 25). Home.akitabox.com. https://home.akitabox.com/blog/hospital-asset- management-plan/ IPO Challenges and Sarbanes-Oxley Readiness . (n.d.). Deloitte United States. https://www2.deloitte.com/us/en/pages/advisory/articles/ipo-challenges-and-sox- compliance-for-newly-public-companies.html Jackson Purchase Medical Center . (n.d.). Jackson Purchase Medical Center. Retrieved January 4, 2024, from https://www.jacksonpurchase.com/ Mezquita, T. (2019, December 26).  Access Control Mechanism . CyberHoot. https://cyberhoot.com/cybrary/access-control-mechanism/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 25 Office for Civil Rights BULLETIN: HIPAA Privacy in Emergency Situations . (2014). https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/special/ emergency/hipaa-privacy-emergency-situations.pdf SeventhQueen. (2022, August 2).  All you need to know about Asset Management in Healthcare | Best Guide 2022 | Infraon . https://infraon.io/blog/key-benefits-asset-management-in- healthcare/#What_are_fixed_assets_in_a_hospital Solving emergency department security challenges . (2020, March 24). Www.mgma.com. https://www.mgma.com/articles/solving-emergency-department-security-challenges
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Security+ Exam.pptx
Problem set 1-Working with Excel as Visualization tool.pdf
Understanding digital citizenship, ribble 2015.pdf
CS651_KristineCameron_IP2.doc.docx
CS651_KristineCameron_IP3.doc.docx
CS651_KristineCameron_Final.doc.docx
12.21.23 Sec3 Hmwk Lab2 wrk with Tables.docx
12.18.23 Sec2 hmwk query editor features.docx
INF103Week2Assignment.docx
Discussion 6.docx
3-3 Milestone Paper Prototype.docx
Discussion 2.docx
Recommended textbooks for you
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS