Assignment: Potentially Hazardous Issues

Assignment: Potentially Hazardous Issues

NOW FOR AN ORIGINAL PAPER ASSIGNMENT:Assignment: Potentially Hazardous Issues

Another example of an important security threat to a corporate network is the malicious insider. This person can be a disgruntled or recently fired employee whose rights of access to the corporate network have not yet been removed. In the case of a recently fired employee, his or her network access should be suspended immediately upon notice of termination. To avoid the potentially hazardous issues created by malicious insiders, healthcare organizations need some type of policy and specific procedures to monitor employee activity to ensure that employees carry out only those duties that are part of their normal job. Separation of privileges is a common security tool; no one employee should be able to complete a task that could cause a critical event without the knowledge of another employee. For example, the employee who processes the checks and prints them should not be the same person who signs those checks. Similarly, the employee who alters pay rates and hours worked should be required to submit a weekly report to a supervisor before the changes take effect. Software that can track and monitor employee activity is also available. This software can log which files an employee accesses, whether changes were made to files, and whether the files were copied. Depending on the number of employees, organizations may also employ a full-time electronic auditor who does nothing but monitor activity logs. More than half of healthcare organizations have hired full-time employees to provide network security ( HIMSS, 2015 ). Additional strategies for securing networks suggested in this most recent HIMSS survey were mock cyberdefense exercises, sharing information between and among healthcare organizations, monitoring vendor intelligence feeds, and subscribing to security alerts and tips from US_CERT (United States Computer Emergency Readiness Team).

Security Tools

A wide range of tools are available to an organization to protect the organizational network and information. These tools can be either a software solution, such as  antivirus software , or a hardware tool, such as a proxy server. Such tools are effective only if they are used along with employee awareness training. The 2015 HIMSS Cybersecurity Survey results indicate that an average of 11 different software tools were used by respondents to provide network security, with antivirus technology, firewalls, and data encryption as the most common tools.