Standards and Legal Issues: The ISO-IEC 27002 Security Standard

Only available on StudyMode
  • Download(s) : 111
  • Published : January 21, 2013
Open Document
Text Preview

Standards and Legal Issues

Standards and Legal Issues
During a recent audit of the electronic health record (EHR) it had been discovered that the system was vulnerable to threats, misuse, and theft because no security controls had been placed before accounts were created. To help meet legal and industry standards, the company can implement the ISO/IEC 27002 (International Organization for Standardization). The ISO/IEC 27002 security standard is an international standard that was created by the ISO to provide privacy for all forms of data, documents, communications, conversations, messages, recordings, and photographs. ISO is the world’s largest developer of voluntary International Standards (ISO, 2012). The ISO has members from 164 countries and 3,335 technical bodies that are involved in the development of the ISO standards. The ISO/IEC 27002 standard has control policies that are critical in protecting information in the health, public, financial and IT sectors. Implementing the three policies below can help prevent future breaches and will help the company meet industry standards and legal requirements.

Users Account Policy:
All managers or department heads must submit a user account request application form for each employee, contractor, and vender to the IT Department. Each user will be issued a uniquely assigned user ID, for authentication and accountability. Managers are to assure that the level of access is based on the need to access this information to perform one’s job responsibilities. Managers must also notify the IT Department of an employee rotation of job duties or termination. The access rights of all employees, contractors and venders to information systems will be removed upon termination of their employment.

Remote Access Policy:

All remote access will be accomplished via a secure method, i.e., strong authentication and encryption. Remote access sessions will time out...
tracking img