The conspicuous themes among the organizational policies used in Beth Israel, Mayo, and Georgetown include the concept encouraging proper application of technological applications, access/retrieval fundamentals of information resources, and the implementation of significant information privacy controls and security applications. For instance, on the element of significant privacy controls, this remains a right of all the three organizations; hence, the users have limited rights in regulating the disclosure of personal information transmitted across the networks. In the second instance, the issue of using technological resources and applications by third parties also shows significant similarities among the three organizations.
Do any of the policies differ significantly between organizations?
Mayo has a policy dispensation prescribing the utilization of antivirus controls as a significant security measure, which appears elementally different from Beth Israel and Georgetown. This gives system administrators the duty of overseeing the implementation, maintenance and approval of virus protection software, technical feasibility, and personal systems existing in a network (Health Information and Management Society, 2007). In other organization’s policy frameworks no mention is given on account of anti-virus software in as much as this may appear to have been mentioned under the technological applications domain.
Moreover, in the case of the Mayo policy framework there significant variation from the others in terms of the provision of backup with an aim of protecting information resources. In this policy description, multiple levels of storage and backup and are essentially provided for critical information, files and programs are indexed and labeled to facilitate recovery options, provision of alternate fire zone facilities, and personal responsibility of all users on backup of locally stored information (Health Information and Management Society, 2007). This is fundamentally important as it prevents the total collapse of the system in case of security infringement or data loss.
Identify what key security principles and elements you feel are most important and describe why.
The policy on monitoring internet use and access as described in the policy framework for Beth Israel is fundamentally important on account of the potential for communication over the internet to tamper with security especially from unsigned or unverified serves and other network portals. For instance, BIDC has systems and software in place to monitor and record internet usage with regard to website visited, chat forums, e-mail messaging, file transfers, and usage patterns (Health Information and Management Society, 2007). This is important in the identification of potential sources of security threat in case an attack occurs.
The policy provision necessitating the introduction of user accounts for generic access to critical information databases is an important security features. In this case, “Requests for generic access to information stored in databases are made to the database administrators. If the request meets standards, the database administrator will establish an account. If the request is not within the scope of standards, the requestor may ask the information security officer for a variance” (Health Information and Management Society, 2007). This is fundamentally seen in the Mayo case, and has a good impact in terms of protecting unauthorized access to generic information, and even if access has been granted there is still significant monitoring of the access fundamentals.