Question

More and more organizations are leveraging social media, including applications such as Twitter, Facebook, and LinkedIn, as part of their communication strategies. In addition to leveraging these applications, some organizations have gone further and have begun to implement a concept known as BYOD or "bring your own device." Discuss some of the IAS strategies, technologies, and methods you would recommend that a health care organization implement in order to mitigate the potential security risks created through the use of these new technologies and applications. Explain how you would approach a recommendation that attempts to discourage or reject the use of some of these tools, as having an imbalance between the benefits of the tool and the risks to the information assets of the organization by their use.

Answer 1

In today's Digital era, it has become imperative to use the social media leverage to attain a significant communication advantage.

However these tools also impose greater amount of risk if not being handled properly.

In order to mitigate the risk and create a balance between the benefit of the tool and risk being imposed by the use of these tools following strategies could be useful:

1. Awareness on following two points:

a. Understanding the current organizations current business condition with respect to Health care

b. Organization appetite and risk profile.

2. Define the IAS strategy and the goals behind implementation of this strategy- The goal of IAS strategy should complement the business goals/objectives.

An annual as well as three year rolling plan will have to be developed. Then after all the required capability has to be placed for proper functioning.

3. Strategy development: First thing we need to define the governance structure and functional capabilities and service. A reporting structure will also have to be developed.

4. Technologies adoption and implementation: In order to keep a check on information sharing, suitable technology can be adopted with restricted allowance given for usages of such tools or device while sharing information.

5. Implementation, monitoring and reproting: compliance need to be audited on frequent basis and this has to be integral part of IAS strategy.

Tools which are not having enough security features should be restricted for use and only secured device should be allowed to use. Software which ensure restricted sharing fetarues has to be used.

Technology like Clould access and security broker, End point detection and response, User and entity behaviour analytics could also play a very important role.