August 24, 2011
Identify at least three steps that the CIO could have taken to reduce the likelihood of the system failure.
The chief information officer is the executive who manages the IT department and leads the organization in their efforts to develop and advance IT strategies. The role of the CIO in health care organizations is to: set visions and strategies, integrate information technology for business success, and make changes when necessary, build technological confidence, partner with customers, ensure information technology talent, and build networks and community. They should also establish and maintain good working relationships with the members of the organization’s leadership team and communicate IT performance. It is the CIO’s job to manage and led the IT department to achieve organizational excellence and success (Wager, Lee, & Glaser, 2009).
When it comes to the disaster recovery case study, three steps the CIO could have taken to reduce the likelihood of the system failure are; risk analysis, risk management lead by the chief security officer, and security system evaluation. These three activities are part of the organizations administrative safeguards that can be used to improve the HCO’s information security program (Wager, Lee, & Glaser, 2009). Risk analysis and management process has eight steps; boundary definition, vulnerability identification, security control analysis, risk likelihood determination, impact analysis, risk determination, and security control recommendations. Through the risk analysis, policies and procedure are developed and a security risk management program is put in place. The CSO, chief security officer, is in charge if administering and managing the program. Security system evaluations should be periodically performed, by the CSO, to evaluate the risk currently no adopted technical security standards designed for health care information systems, which makes security evaluations difficult. The International Organization for Standardization (ISO) has developed general standards for security techniques, which allows HCO’s to use a common set of requirements to compare independent security evaluation results. The CIO is ultimately in charge of managing and leading the IT team to perform the risk analysis, risk management, and security evaluation processes (Wager, Lee, & Glaser, 2009). What plans and changes could JRMC make to reduce the likelihood of a future system failure?
JRMC implemented their current system, TechMed, in 1995 and they are concerned about the fragility of the application because the technology is obsolete. They are in the process of replacing the TechMed system in two years, but with the recent system failure they may want to change the date. It would be wise for JRMC to replace the system as soon as possible to help prevent further operational problems. They should also make sure they hold security awareness and training programs for all employees. The training should include periodic security reminders and address protection from malicious software, log in monitoring, and password management. They should perform information system activity reviews that periodically check records of information system activity, such as audit logs, access reports, and security incident tracking reports (Wager, Lee, & Glaser, 2009). JRMC should have a contingency plan in place that address the data backup plan, disaster recovery plan, emergency mode operation plan, testing and revision procedures, and applications and data criticality analysis. There should be a process for allowing facility access to support the restoration of lost data under the disaster recovery plan and emergency mode operation plan. A facility security plan should also be in place to safeguard the facility and its equipment from unauthorized access, tampering, and theft. These are just a few...