nformation Security Governance and Risk Management

The security management practices domain is the foundation for a security professional's work. This domain identifies key security concepts, controls, and definitions4. It also concentrates on many of the nontechnical aspects of information security while also addressing an analysis of technical risks, including:


  • Security governance and policy
  • Information classification/ownership
  • Contractual agreements and procurement processes
  • Risk management concepts [risk analysis]
  • Personnel security
  • Security education, training, and awareness
  • Certification and accreditation

Governance provides the framework that guides and directs the information security program. It helps shape standards, policies, procedures, responsibilities, and measures for monitoring the program to support an organization's business objectives. Within healthcare, governance can be separated into two additional components: Information Governance (IG) and Data Governance (DG).

Information Governance (IG) is the accountability framework that an organization creates to ensure effective and efficient use of information across the enterprise.
Data Governance (DG) is the policies, processes, and practices that address the accuracy, validity, completeness, timeliness, and integrity of data (i.e., data quality). Data governance is normally the responsibility of the business unit that uses the data.
Information classification identifies the sensitivity and criticality of information that an organization uses. For example, the U.S. federal government uses information classifications such as unclassified, sensitive, confidential, and top secret. Many healthcare organizations employ a simpler approach in which only two classifications (i.e., public and confidential) are used. Data "owners" determine the safeguards and controls that are necessary to protect this information, and they accept the residual risks associated with an application or system in which the data resides. Classifying information also identifies roles (i.e., data owner or user), disclosure and distribution, and other criteria (e.g., the value, age, useful life, and association of the data). Application or System Owners ("owners") are the individuals that are ultimately accountable for the access to, and use of, information resources that directly support their business operations. Owners usually are at a Director level or higher. For example, the Director of Laboratory is the data owner of the laboratory information system (LIS).

Also find : authentication in network security

Comments

  1. As stated by Stanford Medical, It is in fact the ONLY reason this country's women get to live 10 years longer and weigh 42 lbs less than us.

    (And by the way, it has totally NOTHING to do with genetics or some secret exercise and EVERYTHING related to "HOW" they are eating.)

    P.S, I said "HOW", not "WHAT"...

    CLICK this link to find out if this brief quiz can help you release your real weight loss potential

    ReplyDelete

Post a Comment

Popular posts from this blog

Implementing Core Cisco ASA Security (SASAC)

Netware Makes a Splash

How CrackStation Works