This task presents an analysis of a health care facility that is facing challenges with maintaining impenetrable security measures to its information system. The analysis comprises a technology evaluation of a security control concerning the data corruption the health coordination project.
The evaluation
This evaluation exercise is conducted with the chief intention of acknowledging the information security issues of the facility and thereafter, proposing methods of improvements in order to enhance the sharing of information between healthcare providers and patients. The evaluation is to include the capabilities, costs, maintenance requirements, the flexibility, and feasibility of implementing the technological solution to the presented data threats. Also included in the evaluation are pros and cons, potential barriers to success, vulnerabilities, and convergence issues of the proposed solutions.
The Problem statement
The healthcare facility is facing challenges in maintaining confidentiality, integrity and accessibility of the information. This evaluation is therefore, intended to propose a solution to the challenge.
Security gap number three (Data corruption)
This problem involves accessing the organization’s information storage facilities by individuals who are neither staff members nor patients. The issue deprives, the organization and employees, of privacy. The information therefore loses its value the moment it falls in the hands of strangers. Data corruption can occur through the following activities: alteration of the original content, removal of a sensitive information or inclusion of false information (Gupta, 2011).
The proposed solutions
Alteration of the original content of information can be minimized by apportioning and designating a section of the organization for accessing information. The selected zone should be convenient to the staff members and patients. Thereafter, restriction of unauthorized entry into the selected zones should be implemented. The zones should be protected by security personnel whose chief duty would be to prevent any spotted unauthorized entry. The third proposal is the restriction of user access to the database using authentication processes. This process involves the verification of employee identity. The process may involve the use of a password, pin number, fingerprint, retinal scan or handwriting. Using this process, only the individuals who have passed the verification stage are granted access to the database. The verification procedure could be facilitated through the implementation of access control software. The software is designed to restrict unauthorized access and alteration of data. This strategy would restrict access to computerized systems. The computer is capable of maintaining an internal list of acceptable login identifications and a matching set of access rules for each login detail. The access rules identify the information resource that the holder of the logon identification is trying to retrieve. Thereafter, the system initiates user authorization and grant access of information. The last proposal involves the introduction of an electronic gate pass that contains an employee’s personal details and duty schedule. This gate pass should contain the care provider’s passport size photograph, the security number, full names and position in the organization. This gate pass would therefore, electronically indicate the details of the care provider who enters in the information room at any given time. The records of this process should be kept for monitoring purposes. That is, to monitor who enters where and at what time. In addition, every care provider should be entitled to one gate pass (Oz, 2009).
For this process to be successful, the organization should have full employee information and a system that controls employee position. The human resource department should preserve information about each of the facility’s staff member for the purpose of administration. A section of the employee’s information system should be a set of human resource personal data. A staff profile usually contains individual information such as the address, citizenship, marital status, seniority data, previous experience, employment history within the organization, education and training, and the salary level. Geographical locations and work schedule are some of the information that might be provided in employee inventory. Employee skills inventory would be the other component of a worker’s information structure. This element holds information about every worker, such as job interest, special skills and capabilities. The position control system involves the definition of the tasks performed by an employee. The significance of this system is to help recognize every position in an organization, the work title for each position, and the worker who is holding the position. Reference to this system facilitates identification of unfilled individuals. Lastly, each employee should be provided with a password (Shajahan & Priyadharshini, 2004).
The implementation of the restricted-zone strategy would help minimize movements of people towards the sensitive areas of the organization. The only cost associated with this strategy is the insignificant budget allocation to create a space and install computer hardware and software. The second relevant cost is the salary of the security officer whose work is to guard the information. The third relevant cost is for outsourcing the security pass technology and the service cost of the technicians. The last relevant cost of this process would be for acquiring a human resource data system software. This software enhances the process of integrating the human resource file database. Employee files and other files are engineered in a coordinated manner using data management system software. This integrated system facilitates the production of reports from all integrated files (Gupta, 2011).
Maintenance requirements for this process would involve updating of the computer hardware according to the technological changes, to maintain and restore effectiveness and efficiency. The human resource information system software needs to be updated consistently to match up with the organization’s efficiency requirements. There should be a specific interval for the renewal of the employee security pass in order to confiscate the less responsive set. The general response system for the security pass should be replaced after a specific period to integrate the new technology releases. The whole replacement process is intended at improving the accessibility and enhancing the efficiency of the security system. The process is highly flexible. For instance, the requisite computer hardware and software can be easily replaced to conform to the new technological advancement. In addition, the security pass can be easily replaced to reflect the organizations state of technology. The easier it is for a system to be modified to reflect or incorporate additional interests, the more flexible it is. Concerning the feasibility, the entire process is practical. That is, it possible to introduce the security pass for every employee of the organization. It is also possible to successfully implement the human resource information system software (Bocchino, 1972).
Some of the advantages of this proposal are that it is highly effective when it comes to the prevention of unauthorized entry. The human resource information system facilitates identification of any unauthorized entry. The authentication system minimizes information exposure through selecting sets of data that a user is entitled to access at any given time. The password system would minimize the risk of accessing sensitive information thus reduce the level of data corruption. The risk is reduced in this manner: the organization’s data is used to make sensitive decisions on patient treatment and other organization’s financial strategy. If this information were corrupted, the foundation for decision-making would be wrong. A wrong decision regarding patient treatment could result in loss of life. Concisely, patients’ lives are dependent on the accuracy of the organization’s information. On the other hand, financial information is used to make management decisions. Falsifying this information could put the organization out of operation (Lucey, 2004).
However, the system has some pitfalls. First, the electronic gate pass could fail to function due to technical errors. Secondly, the entire system is dependent on electricity, therefore, during blackouts, it would be impossible to access the required information. Thirdly, the system is computerized, as a result, threats to computer systems such as worms, operating system crash and cyber attack are imminent. Lastly, a password can be overridden through computer crimes. Therefore, it is not a reliable safety measure (Bocchino, 1972).
Human error is a major challenge to the strategy. The strategy requires a strict protocol observation that not every employee can. Secondly, the passwords are easily forgotten. These issues could present barriers to successful implementation of the strategy. The strategy is vulnerable to technological change and cyber crimes. A relevant convergence issue in this case would be computer crime. Computer crime comprises software piracy and various computer sabotage activities. The technology has been implemented in numerous organizations where it has helped minimize data corruption (Gupta, 2011).
References
Bocchino, W. A. (1972). Management information systems: Tools and techniques. Englewood Cliffs, N.J: Prentice-Hall.
Gupta, H. (2011). Management information system: (an insight). New Delhi: International Book House.
Lucey, T. (2004). Management information systems. London: Thomson Learning.
Oz, E. (2009). Management information systems. Boston, Mass: Thomson/Course Technology.
Shajahan, S., & Priyadharshini, R. (2004). Management information systems. New Delhi: New Age International.