Assignment Part B Final Risk Assessment/Management Document Prepared for the Management of Denisovan

HBS 580
Subject Code: BIT361
Subject Name: Security Management and Governance
Introduction
ICT for Management of Denisovan play significant role to manage and keep the track of records related to different team members working for the organization. The inventory or the stock that is required to serve the requirements can be managed remotely by integrating the use of ICT in the organization. ICT help to improve the quality of care and also upgrade the security of the patients. ICT in health care can be streamlined in different sector like health and education, health research, hospital management and the management of the health data. The electronic storage of records is the major advantage of ICT in health care. Despite of so many pros there are some cons also of implementing ICT by Management of Denisovan. Such as number of security attacks, network
each and malicious activities related to data theft and manipulation. ICT system are prone to different kind of network attacks or intrusions, that can affect the sensitivity or privacy of the information stored in the centralized system. In this approach the policies that are required to manage the risks related to ICT implementation has been discussed, for this purpose a risk assessment and prevention plan is proposed.
A discussion of why policies are needed
Now a days to manage the risks related ICT a collaborative effort is required that include the planning and implementation of different policies that help to control and restrict the use of technology. It is necessary to define the policies and guidelines to manage the risks related to malware and data
each or network attack in the organization. Implementing the policies means that officials of the organization are in better position to achieve the strategic objective of the organization and SMART gaols can be defined on the basis of these policies (Amin, Schwartz & Hussain, 2013). To align the requirement with business operation the implementation of the policies related to use of ICT is required that help to foster the business objectives. By development of these policies all the aspects related to social and economical development of the organization can be configured efficiently. To outline the different activities and job roles performed the implementation of law and regulation is necessary
A discussion of what policy documents should look like
The policy document includes all the details related to mission, vision and goals of implementing the ICT policies. The guiding principles of the co
esponding policies is also included in this document. An effective management of human resources that are required to implement the policy is also described in this document. This document also includes the details of good governance and legal framework that need to followed to implement the ICT in the organization (Drevin, Kruger & Steyn, 2007). Following are the details of different sections that are involved in this policy document:
Table of Contents
i. Foreword
ii. Acknowledgement
iii. List of Acronyms
iv. List of a
eviations
1. Executive Summary
1.1. Vision
1.2. Goals
1.3. Background
2. Guidelines and Principles
3. Context of the policy
4. Defining the SMART goals
4.1. Strategies and objectives for specific Goal
4.2. Strategies and objectives for measurable Goal
4.3. Strategies and objectives for attainable Goal
4.4. Strategies and objectives for relevant Goal
4.5. Strategies and objectives for timely Goal
5. Expected outcomes
6. ANNEXURE 1 Plan of Action
A discussion of the types of policies needed for information security.
Security policy is defined as the strategy that is required manage the security or safety of the infrastructure. It helps manage the availability, confidentiality, value of asset and integrity of ICT infrastructure implemented in the organization. The protection from the unauthorised access, fraud and theft can also be offered by implementing security policies in the company (Group, 2022). additionally, it can be said that the prevention of malicious threats, accidental damages and technical failures is also offered by ICT policies that help to build a trust worthy relationship. Based on the NIST (national institute of standards and technology) the classification of policies can be done as followed:
1. Information security policies for enterprises: This is defined as engagement level document that help to define the scope, direction and guideline for implementing the security measure in the organization. This document describes the company belief and roles exist in the organization (Haluza & Jungwirth, 2015).
2. System specific security policies: unlike the Information security policies, system specific security policies are called as SysSP that provide the details related manual procedures for maintain and configuring the different system in the organization. For example, technical specification and managerial guidance are the documents falls under the category of this policy.
3. Issue-specific security policies: They are more common in different businesses and organizations because they include electronic emails and the use of the internet. The foremost objective of this policy is to assure the different employees and the member of the organization to explain about the different resources which can be used and which cannot be used. The agreement between the different parties also falls under this kind of security policy it helps to make good faith between the different clients...