This preview has intentionally blurred parts. Sign up to view the full document

View Full Document

Unformatted Document Excerpt

Systems 1 Running Information head: INFORMATION SYSTEMS Information Systems Security at Kent General Hospital Amanda Ridgeway BAC 435 Mr. Chuck Donovan Aug. 15, 09 Information Systems 2 Information Systems Security at Kent General Hospital Information systems security evaluates the potential risks within the companys computer systems and software. These potential risks are weighted in whether they are detrimental or mediocre. Every company has precious information that competitors or thieves would profit from. Anywhere from account balances to personal information that would be caustic if stolen or lost. It is very important that the people in charge of creating the security systems have great knowledge of systems and creating a secure lock so others cant hack into this information. At Kent General Hospital the information systems (IS) team is responsible for analyzing vulnerabilities or threats, actions to take against these threats, what to do in a disastrous situation and aspects of the system its self. There is a cycle that the IS team should follow when making and maintaining a security system. Computer security systems are developed by applying the established methods of system analysis; design; implementation; and operation, evaluation, and control (p155). Systems analysis is the process of investigate the potential risks to the systems information if it was taken or lost. In a hospital there are many different files that need to be protected. There are accounting information files and patient files. The accounting information files contain all the financial information of the company like financial statements, patient finance, insurance payment documents, state or federal payment documents, and much more. The patient files include all patient information from address and social security numbers to procedures done. If these documents were tampered or lost this could be detrimental. The hospital keeps back-up files in order to prevent files from being lost. The system must be secure to ensure that hackers arent changing account amounts and so employees arent changing numbers in order to steal from the company. Security must be in place in order to keep the company safe from external Information Systems 3 and internal threats. The design is used to have different controls like password entry and limited access to different people. In the hospital not all workers are able to get to all files in the system. Every worker has an access account that is linked to them. This account is password protected and is programmed by IS. Each employee account has access to information pertaining to their job, rank, and need. For example, a unit secretary has access to inpatient accounts for patients in the hospital but limited to only seeing information for that specific stay in the hospital. They dont get access to all patient medical records for all procedures and stays in the hospital. In order to get information they must go through the medical records department. These employees have access to that information but can be limited on their position in that field. This is an implementation of the security design by showing that not only one person can have access to all files. The IS team at the hospital continually operates the system and tests in effectiveness and efficiency. They continually update and make proper changes to provide that the system is safe, secure, and proficient. Along with continually updating and changing the system is that they continually monitor the system. The information system team continually monitors activity in the system. They look for vulnerability and threats in the system. Active threats include information systems fraud and computer sabotage, and passive threats include systems faults, as well as natural disasters, such as earthquakes, floods, fires, and hurricanes (p157). The active threats are more important than the passive but passive threats dont go unnoticed. The hospital prepares for passive threats by maintaining reliable backup of the system and information. They also have an alternative plan if the systems shut down. For example, if the power goes out in the hospital, which shuts off the system, we go to all paper documentation. Most documentation is sent through the system and these paper documents will be scanned into the patient records once the system is restarted. Kent Information Systems 4 General Hospital just went to electronic documentation almost a year ago and the system can still have faults like freezes, online connection losses, and much more. The IS team works with this new system daily to make it more efficient. Active threats are usually by internal or external people. These threats are more severe and usually less predictable. Many companies dont disclose information about breach of their information systems. People caught doing computer based crimes are usually doing fraudulent acts. Statistics have shown that corporate losses due to fraud and embezzlement exceed total losses due to bribery, burglary, and shoplifting by a wide margin (p158). These crimes are kept secret to keep the public image of the company safe and they are a federal crime. The people who are a possible threat of these crimes are computer maintenance people, programmers, network operators, information systems administrative personnel, and data control clerks. Intruders and hackers can also pose as a threat. In the hospital the IS team has access to all parts of the system for the most part. They have the ability to change passwords, view individual computers screens, put potential glitches into the system, and much more. These people are very knowledgeable and have a lot of power at their fingers. Possible active threats are input manipulation, program alteration, direct file alteration, data theft, sabotage, viruses, and worms (p162). It is very important that IS team members have segregation of duties and access. The information systems security systems are implemented to prevent these problems. The security system consists of controls and backups to keep the system secure and safe. The most important is management philosophy operating and style. Practicing management philosophy is making sure you have good communication with your employees, maintain a good relationship with them, continue to monitor security rules and regulations, and watch the actions and mood of your employees. These actions will help prevent fraudulent thoughts or stop acts Information Systems 5 before they start. The employees should also be well trained on the security and rules of the system. They should know all the consequences that could happen if they attempt to break the rules. At the hospital there is a security department who watches over all operations like security cameras, IS computer system operations, employee traffic, and much more. They take their job very seriously and they maintain a safe environment for all hospital staff. Keeping an organized system is also important. The structure of the system must have clean lines of who is responsible for different functions and who has access to certain capabilities. For example, a nurse doesnt have access to the financial files of a patient, just what is needed to take care of them. But when making a system the IS department has to refer to the accounting department because they dont always know how the systems should be divided up. If payroll isnt able to access employee time sheets then they wouldnt be able to complete their job. This could cause problems if certain people get access to files they shouldnt. The Board of Directors oversees the audit committee who oversees the security officer. This is a method of checks and balances to make sure everyone is doing their job in a professional, ethical manner. Management overall in each department is responsible for keeping a record of all activities and budget of spending. They also control the budget which is over seen by the Board of Directors. Internal control is very important if finding faults in systems and possible fraudulent acts be employees. The computer security system must be audited constantly and then modified to meet changing needs (p167). The changes in the system must follow the rule and regulations of security policies. This is important so that there is a consistency in the systems. In these tests they should look at files and making sure master files havent been tampered with. In the hospitals it is important that there is consistence in systems from one unit to another. Currently Kent General is in the transition period where the systems Information Systems 6 dont match. It is different in each part of the hospital. The IS team is working on implementing the same upgraded system throughout the hospital. The nursing units where doing all paper charting and now have changed to computer charting but this charting doesnt match with other departments. Over the next year they are changing all systems to link but this takes time and education. Employees must be trained on the systems but should be segregated based on their jobs. There are different segregations in the hospital from finance, to nursing, to doctors, to janitorial. Each department and employee in each department has been trained based on their positions. The hospital also has to segregate people from different areas with badge access. For example, the unit secretary has access to all nursing capabilities but the drug cabinets and machines. These are checks put in place to keep not only the patients safe but protect against theft. Also with high alert medications it is important that two nurses sign off when this drug is being administered. Those different controls are appropriate for a hospital to run safely. Many other controls are put on the internet systems. The topic of Internet security deserves special attention because a companys connection to the Internet makes it a potential target for every hacker in the world (p174). The Web server is part of the operating system and if it is weak this will make it easier for hackers to enter that database. The hospital has both Internet and Intranet. Internet is the World Wide Web and it has access to all different pages. The Intranet is a secure site produced by the company with limited Web access and is only accessible from inside the companys network. Making both these Web servers secure is important so that the other information in the network is safe from hackers and viruses. These controls are not only monitored by internal control and security but also looked at by the state and federal law enforcers. Information Systems 7 State and Federal law enforcers have the job of going into a company and making sure all aspects of the company are following the law. There are groups of people who come into the hospital to test all parts of the system and there are groups who watch the staff to make sure they are doing their job right. Many state officials come in to examine the nurse to patient care to ensure nursing staff isnt harming the patient and to evaluate the facility. These state officials are responsible for passing or failing a hospital for state financial aid. This is a large percent of money that helps pay for the hospital expenses. The computer software programs must meet legal policies, if not they will be fined and can be taken to court. It is very important that the information system security meet company policies but state and federal as well. As technology advances every day it causes for the stress of better security. Many companies are centered around their software systems and important documents filed on their hard drives. The Information Systems Security must be updated constantly to keep up with hackers. Ways to keep safe are always have a back up of personal important information, keep financial documents backed up, have strict policies for employees when using these systems, and make sure to always check the system. Internal controls must be in place and continually tested for safety. Information System Security is very important in the hospital because they hold not only their company financials but a lot of confidential patient documents. If these systems are checked and tested continuously they should continue to work efficiently and safely. ... View Full Document

End of Preview

Sign up now to access the rest of the document