Discuss How Information Security Governance Has Been Challenged with the Evolution of the Digital World. Why Does Maintaining Information Security Governance Matter?
The evolution of the digital world challenged information security governance, as almost all devices can be operated wirelessly. There are two ways to manipulate smartphones, cars, computers, and even implanted devices used for health-related purposes: short-range wireless (Bluetooth and Wi-Fi) and long-range wireless (cellular network and radio station) (Rubin, 2013). From this perspective, there are no devices that could not be hacked and exploited, which requires additional effort for introducing security initiatives and protecting personal information as well as valuable data.
That is why there are several ways to underpin the significance of maintaining information security governance. First and foremost, it guarantees the safety of personal and corporate data, thus reducing the risks of financial, branding, and health-related losses. Moreover, it is essential for preventing incidents, especially in health care – the sector with the excessive implementation of electronic health records and implanted devices (Bowen, Hash, & Wilson, 2006). Finally, information security governance is critical for mitigating the risks of non-compliance with safety regulations and achieving a sustainable level of integrity, confidentiality, and availability (Gelbstein, 2012).
Analyze Five Governance Challenges Related to the Health Care Industry. Do These Challenges Impact Your Practice? If So, How?
The initial challenge related to the health care industry is the confidentiality of personal data, which is highly subjective, context-dependent, and unstable, as it shifts over a patient’s lifetime. It is determined by the impossibility to identify the sensitivity and availability of personal information because although it is marked as confidential, nurses, health care professionals, heads of departments, and other officials still can access it. In addition, identifying the borders of confidentiality is challenging, as some information should be open for statistical purposes, but, at the same time, should not be available for other uses.
Moreover, there is a challenge of guaranteeing the integrity of information security programs, which was aggravated by the introduction of electronic health records. Furthermore, health information security is vulnerable because of being chronically underfunded and operated by incompetent users. Finally, there is the issue of data protection and transborder flows of personal data, which is related to both compliances with security regulations and the integration of health-informatics systems (Hamidovic & Kabil, 2011). Still, the challenge of constant underfunding is the problem, which has the most detrimental impact on practice, as it makes organizations vulnerable to other risks mentioned above.
Consider the following: In Today’s Health Care Environment, Who Should Be Most Concerned with Maintaining Information Security Governance?
In the modern health care industry, every participant of the governance system should be responsible for maintaining information security. For instance, patients are responsible for providing relevant personal data. The same is true for health care professionals, who should pay significant attention to the accurate input of patient data. Moreover, heads of departments and senior executives should focus on developing strategies and information security programs, which would comply with the organization’s goals, legal requirements, and corporate governance (Information Systems Audit and Control Association, 2015).
Still, it is essential to identify people, who would be responsible for the adequate operation of information systems and their protection. From this, perspective, they are the most concerned with maintaining information security, as they are the foundation of the whole system.
Discuss the Different Roles and Responsibilities of Each Involved Party. How Should These Responsibilities Trickle Downward? Be Sure to Include the Relationship of Information Security Governance to Management Responsibilities
There are several parties involved in maintaining information security governance. Board and senior management are responsible for developing programs and ways to guarantee that they comply with the organization’s strategic objectives and stakeholders’ needs as well as allocating resources necessary for implementing designed strategies. One more party is leaders and managers, who organize health care professionals and those responsible for the operation of security systems. In addition, there are information security officials, who run the systems and perform security duties (Möntmann, n.d.).
Finally, chief enterprise architects find options for connecting technologies and business alignments. There are as well some related roles such as financial officers and inspector generals, but their duties can be performed by the board and security officials (Bowen et al., 2006). These responsibilities should be trickled downward, as the board and senior executives are in charge of financing security systems, while leaders and managers are accountable for estimating performance, and other officers are concerned with the adequate operation of the provided systems. So, the pattern is the following: responsibilities are distributed from top management and the board to individuals.
References
Bowen, P., Hash, J., & Wilson, M. (2006). Information security handbook: A guide for managers. Gaithersburg, MD: National Institute of Standards and Technology.
Gelbstein, E. (2012). Strengthening information security governance. Web.
Hamidovic, H., & Kabil, J. (2011). JOnline: An introduction to information security management in health care organizations. Web.
Information Systems Audit and Control Association. (2015). CISM review manual (14th ed.). Rolling Meadows, IL: Author.
Möntmann, R. (n.d.). Information security. Coral Gables, FL: University of Miami.
Rubin, A. (2013). All your devices can be hacked. Web.