Cmgt 441 Week 2 Information Security Paper

1054 words 5 pages
Information Security: Detroit Hospital Security Breach
CMGT441: Introduction to Information Systems Security
TABLE OF CONTENTS

INTRODUCTION..................................................................................................................... 3

INCIDENT BACKGROUND................................................................................................... 3

REACTION TO INCIDENT.................................................................................................... 3

FUTURE RECOMMENDATIONS......................................................................................... 4 Training
…show more content…

1).
Future Recommendations While the staff at the Henry Ford hospital did take initial actions to stop future security breaches of this nature, other actions could have been performed. The following is a short list of further actions that can be taken by hospital staff to ensure that security breaches do not occur: training classes, secured property location, access cards, and electronic shut-down activation system.
Training Classes In an effort to keep employees up-to-date on changing security issues, quarterly security training classes should be made mandatory. This training can be split into multiple class dates to allow all personnel to attend. Sign-up rosters could be used to guarantee attendance; however, as an alternate method, computer sign-in with password and User ID could be used to prevent falsification of attendance recordings and guarantee that employees are attending the training sessions.
Secured Property Locations As with top secret military documents, property could be stored in a secured and electronically locked room. This property would then be accessed by an access card (discussed below), manager approval, or manned property clerk. As an item is required for work purposes, the employee would use their company identification card to “sign-out” the property. Because the property would be signed out to a specific employee, responsibility for the item could be maintained and suitable disciplinary actions could be taken in the

Related