It Security Policy Framework Within The Organization Essay

1143 Words Jul 26th, 2015 5 Pages
IT Security Policy Framework
Darryl E. Gennie
Professor Kevin Jayne
CIS 462
26 July 2015
Strayer University

For the healthcare insurance industry it is important to have an Information Security Policy Framework within the organization. This protects information that is accessed across the network by staff personnel and patients. ISO 27000 includes a series of international standards that provide a model for establishing, operating, maintaining, and improving an Information Security Management System (ISMS). ISO 27001 provides specific best practices for ISMS, which incorporate the information security requirements of many other regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act of 2002 (SOX), the California Senate Bill 1386, and the Federal Information Security Management Act (FISMA). ISO 27005 extends ISO 27001, providing a risk management framework in which to implement and manage an effective Information Risk Management (IRM) strategy (ISO/IEC 27000, n.d.). Healthcare insurance organizations that implement the security controls of the ISO will be able to provide the minimum security level necessary to maintain confidentiality, integrity, and availability of personal health care information. My policy framework for the health insurance company identifies and classifies assets, addresses asset protection, addresses asset management, addresses acceptable use, addresses vulnerability…

Related Documents