Essay Example on Heart-Health Insurance Information Security Policy

The past few decades have seen some of the biggest threats to Information Technology orchestrated by people with both malicious and harmless intent. In light of such attacks, it, therefore, imperative for all organizations to mitigate security vulnerabilities hence the importance of a security policy. Succinctly, a security policy is an essential record that endeavors to illustrate an extensive array of conceivable threats that can occur in a firm (Rouse, 2014). Additionally, the threats that do take place, the best arrangement and the group that needs to deal with a particular risk are clarified in this report. The policy also portrays the cutoff points of a representative inside the association (Barman, 2001). On the off chance that security arrangement is composed in a compelling way, it discovers the answer for every single conceivable danger. Subsequently, every organizations management is tasked with the oversight, review, design, and implementations of sustainable information security policies.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Outlining and review of a sustainable information security policy is a standout amongst the most imperative issues confronting associations today. Additionally, the review process ought to be a continuing procedure to guarantee that the policy remains relevant, clear, comprehensive, and suitable for the association's particular business targets, key objectives and culture needs. Successively, it is imperative to review the current Heart-Healthy Insurance Information Security Policy to ensure that it is line with the prevailing regulatory requirements and industry standards. The review process encompasses two recommendations that the health insurance company should adopt.

New User Account Creation

According to the current policy, new users are granted access taking into account the substance of access request where the submitter is necessitated to sign the request and specify the specific systems and level of access that they are seeking to access. Where the new user is seeking access to an administrators level, a manager has to approve the request. The current policy may be effective, but it is not sufficient as it falls short of all security requirements hence the need for a couple of revisions.

First, it is imperative for all new users requests to be reviewed against their access roles. These roles will determine the nature of information or systems that the underlying users will be cleared to access. The request process will include recommendations from the users managers and employees from the human resources department. Consequently, all members of staff and contractors are subject to the new policy changes hence the necessity to be fully accountable for the management of their Information Technology resources. To ensure a smooth transition and comprehension of the policy, all employees should undergo a mandatory training.

Additionally, it is imperative to review the scope and definition of the term new user whereby; the term should incorporate newly recruited employees, current employees who commence a new use of organizational frameworks, applications, or application modules, and contractors.

Password Management

The prevailing security policy dictates passwords to be no less than eight characters in length and contain a blend of upper and lowercase letters. Shared passwords are not allowed on any system that contains patient data. While resetting a password, a user is not authorized to reuse any of the past six passwords that were utilized. More than three failed login attempts by a user entering the wrong password leads to the user being locked out of the system for no less than 15 minutes before they can be reset the password.

Subsequently, effective password management incorporates aspects that proper nature password contrasts guidelines similar with user level and operational settings, build up necessary systems to guarantee responsibility, and moderate potential threats. The accompanying reviews are fundamental segments of Heart-Healthy Insurance password management policy. First, the adoption of a password manager will prove immensely valuable in ensuring that all passwords are strong and contain more than eight characters including uppercase and lowercase characters as well as digits and special characters. The prevailing password resetting procedures should also be maintained with all users required to change their password at least every 90 days. A two-factor authentication will also be required to grant remote access.

Conclusion.

In synopsis, the policy recommendations are aligned with the regulations stipulated by the Office of the National Coordinator for health Information Technology (HealthIT.gov, 2015). Successively, the reviews on new user account creation are also in compliance with Gramm-Leach-Bliley Act that implores the adoption of multiple user credentials and personal autonomy at the user level (Wells & Jackson, 1999).

References

Barman, S. (2001). Writing Information Security Policies. New York: New Riders Publishing.

HealthIT.gov. (2015, April). Guide to Privacy and Security of Electronic Health Information . Retrieved from HealthIT.gov: https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf

Rouse, M. (2014). Security Policy. Retrieved from Search Security: http://searchsecurity.techtarget.com/definition/security-policy

Wells, F. J., & Jackson, W. D. (1999). Major Financial Services Legislation, The Gramm-Leach-Bliley Act (P.L. 106-102): An Overview. CRS Report for Congress, 6-7.