Question

Plan, Develop and Manage a Security Policy

Background:

Consider that the Commonwealth Government of Australia is planning to launch ‘My Health Record’ a secure online summary of an individual’s health information. The system is available to all Australians, My Health Record is an electronic summary of an individual’s key health information, drawn from their existing records and is designed to be integrated into existing local clinical systems.

The ‘My Health Record’ is driven by the need for the Health Industry to continue a process of reform to drive efficiencies into the health care system, improve the quality of patient care, whilst reducing several issues that were apparent from the lack of important information that is shared about patients e.g. reducing the rate of hospital admissions due to issues with prescribed medications. This reform is critical to address the escalating costs of healthcare that become unsustainable in the medium to long term.

Individuals will control what goes into their My Health Record, and who is allowed to access it. An individual’s My Health Record allows them and their doctors, hospitals and other healthcare providers to view and share the individual’s health information to provide the best possible care.

The 'My Health Record' is used by various staff such as System Administrator, Doctor, Nurse, Pathologist and Patient. In order to convey and demonstrate the rules and regulations to the users of this system, Commonwealth Government of Australia needs a security policy.

You are employed as the Security Advisor for the organisation. The task that is handed to you by the Chief Information Officer now is to create, develop and manage "System Access Security Policy" for atleast any 3 users of the system.

Plan a Security Policy

• Identify and explain the role of planning for security policy.
• Identify and discuss the best strategic planning for security policy.
• Explain the resources planning required for security policy.
• Anything else you think is reasonable to place into a Plan for Security Policy based on what you have learnt.

Develop a Security Policy

• Define the intent and rationale of the policy.
• Any definitions which are used through out the document.
• Responsibilities of individuals i.e. those who enforce the guideline.
• Scope of the policy i.e. who and what it effects.
• Anything else you think is reasonable to place into a Develop for Security Policy based on what you have learnt.

Manage a Security Policy

• Describe how to monitor policy.
• Explain how to control policy.
• Identify and explain the major outcome of policy.
• Explain how do you update policy time to time.
• Anything else you think is reasonable to place into a Manage for Security Policy based on what you have learnt.

Conclusion.

Answer 1