Health Body
Information security management system/vlt2-task2
Student Name
University Affiliation
Information security management system/vlt2-task2
Health Body Wellness Centre (HBWC) is a health facility that sponsors and encourages medical evaluation, research and dissemination of information among health care experts. At HBWC, the department of Office Grants Giveaway is mandated with to distribute medical grants that are supported by the federal government. The Office of Grants and Giveaways achieves the process of medical funding circulation using Microsoft Access database system that is normally referred to as the Small Hospital Tracking Systems (SHGTS). A risk assessment of a small hospital tracking system was carried out to …show more content…
The management should first come up with a guidance procedure for the ISMS committee to enhance an updated security protocol. Additionally, a holistic risk and exposure assessment is imperative so as to identify the prevailing threats so that a plan of action can be created to address them (Computer security act, 1987). Further, a chronological order of execution will be implemented, verified and defined as the measure of the ISMS process.
A.4 Information system
The range of Information system comprised in the ISMS includes servers, routers, workstations, switches and modems. The diagram below shows the “As-is Network drawing” that demonstrates the prevailing state of HBWC network prior to execution of the ISMS programs and procedures. The ISMS committee will establish innovations to the system that will be comprised of bug fixes/ patches, implementation processes such as;Demilitarized zones (DMZ), Active Directory (AD) and Virtual Private Network (VPN) among other processes (Arnason &Willet,2008). The committee will also identify upgraded OS. Additionally, Access Control Lists (ACLs) will also be thoroughly assessed and reviewed to meet present authorization and verification requirements.
A.5 IT infrastructure
The ISMS blueprint will interrogate the flow of information and suggest the procedures that convert the existing flow of data so as to enhance security of the network and the shared information. Further, network