Tft2 - Heart Healthy Task 1

Only available on StudyMode
  • Download(s) : 1382
  • Published : February 19, 2013
Open Document
Text Preview
Heart Healthy Information Security Policy

Due to personnel, policy and system changes, and audits, Heart Healthy has voluntarily updated their information security policy to be in-line with the current information security laws and regulations. Currently Heart-Healthy Insurance, a large insurance company, plans to review and provide recommendations for an updated information security policy in the area ‘s of: 1. Current New Users Policy – The current new user section of the policy states:

“New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator access.”(Heart-Healthy Insurance Information Security Policy)

2. Current Password Requirements – The current password requirements section of the policy states:
“Passwords must be at least eight characters long and contain a combination of upper- and lowercase letters. Shared passwords are not permitted on any system that contains patient information. When resetting a password, users cannot reuse any of the previous six passwords that were used. Users entering an incorrect password more than three times will be locked out for at least 15 minutes before the password can be reset.”(Heart-Healthy Insurance Information Security Policy)

Heart Healthy Insurance Information Security Policy and Update

Proposed User Access Policy
The purpose of the User Access Policy is to provide access to Heart-Healthy’s network infrastructure and to ensure appropriate access to all of Heart-Healthy’s information resources. The purpose of Heart-Healthy’s “Network Access Policy” is to establish the appropriate level of user access to Heart-Healthy’s network infrastructure. Heart-Healthy’s network access rules are necessary in order to preserve the confidentiality, Integrity and availability of Heart-Healthy’s proprietary information.

Heart-Healthy’s Information Security Office will be responsible for management and administration of Heart-Healthy’s information security function(s). Heart-Healthy’s Information Security Office will be the chief point of contact for any and all security related functions. User Access Policy

* Heart-Healthy users will be permitted access based on the principle of least privileges’ * Remote access or dial-in-services will be requested by Manager level positions and up, and approved by the Information Security Department. * End users are not allowed to re-transmit or extend any of Heart-Healthy’s network services. E.g. users will not attach hubs, switches, firewalls, access points to Heart-Healthy’s network without prior written authorization. * Users are not allowed to install any additional hardware or software without the express written consent from the Heart-Healthy information technology department. * All Heart-Healthy computer systems will conform to agency standards * End users are not allowed to download, install or run any programs that could potentially reveal or undermine Heart-Healthy’s in-place security system, e.g. packet sniffers, password crackers or network mapping tools are strictly forbidden. All Heart-Healthy employees, 3rd party contractors are responsible for managing their information resources and will be held accountable for any information security violations or infractions Current Password Policies and Requirements

“Passwords must be at least eight characters long and contain a combination of upper- and lowercase letters. Shared passwords are not permitted on any system that contains patient information. When resetting a password, users cannot reuse any of the previous six passwords that were used. Users entering an incorrect password more than three times will be locked out for at least 15 minutes before the password can be reset”(Heart-Healthy Insurance Group Information...
tracking img