An important responsibility of the information security
professional is planning and policy creation. The professional working
for a healthcare organization will be responsible for designing and
implementing extensive and complex plans related to security. These
plans are based on regulations that the healthcare organization must
comply with and on the organization’s assessment of its security needs.
Instructions
Create a Security Plan for your course project:
- Download the IAS5320 Plan and Policy Templates and use them in your assignment.
- The Security Plan will include an introduction followed by subsections describing each required policy.
- Include the required policy descriptions for the following areas:
- Business continuity.
- Disaster recovery.
- Access control and identity management.
- Training and awareness.
- Vulnerability and patch management.
- Configuration.
- Change management.
- Data disposal.
- Include the policies that are required for the same areas.
- Create a one-page policy on each area. These policies are based on regulations that the project organization must comply with.
- Place each policy as an appendix to the Security Plan.
- Include references for any resources you cite, including your book, Healthcare Information Security and Privacy.
