Uroš Grilc (2012) Security policy development in health area. EngD thesis.
Abstract
In the following assignment, we will research the concepts of information security and information security management system in a business environment. Then we will try to develop an actual information security management system for an organization, active in healthcare area, which will be specified by restrictions, introduced by the current state legislation for the healthcare area. In the developing information security management system, we will first try to define the desired system's scope and its objectives, then we will make an inventory of organization's IT assets, following by the analysis of business processes requirements on the subject. We will then review current information security precautions in the organization, ending with the evaluation and the assessment of the possible risks to the system. Given results will then be used for developing security policy documentation, work practices and necessary performance controls. In the end, we will also look at the next steps, security policy development group will have to take, while finishing implementation of the new made system.
Actions (login required)