Introduction
Information system security is an important aspect of any organization. Numerous threats face information systems, and the organization must put up measures and policies to address these emerging issues. The most important issue in information systems is data privacy and security. An organization must ensure that it has stronger systems and protocols that can help protect the data. Technology has rapidly advanced with information systems and computer-based networks taking over traditional methods of doing things. All the sectors have embraced the use of technology and healthcare is one of the fields where technology has transformed the way of doing things. The use of technology networks is affected by insecurities which put privacy, availability, and confidentiality of data at risk. As technology advances, so as the tactics and strategies used by hackers to infiltrate systems and launch attacks. As such, organizations must develop comprehensive plans for addressing system security. The Heart-Healthy Insurance Information Security Policy provides a case scenario of improving data system security. In this case, the focus on new users and password requirements in an information system advance the issue of system security within the organization.
New Users
As the organization grows and expands through the recruitment of new employees, it must also admit these new users into the information system. The system grows both in the number of users and the information entering and leaving the system. New users can pose a threat to an information system, and the organization must regulate how new users are admitted and the kind of information they are allowed to access. Security measures must be put in place to ensure that systems are secure and users will ill motives do not get the opportunity to infiltrate the system. A clear policy should be put in place to regulate how new users are admitted and the kind of information they are allowed to access. It will further provide a guideline of procedures that should be followed by new users.
- The system administrator is the only person under which new users should place their request to join the system.
- The system administrator must ensure that all new users provide accurate information. The accuracy of information should be used only in approving the requests.
- Upon approval, new users must sign in to the systems with information sent to the organization's email accounts. Upon login, they should change their passwords promptly.
- The new users must agree to information systems regulations which would allow them to continue using the system. They are encouraged to read through the policy before proceeding to agree.
- New users who engage in activities that amount to threats to information systems will have their profiles deactivated and subjected to disciplinary procedures as provided by the policy and company laws.
Justification
The proposed policies provide a guideline under which new users can be approved into a system. A formal request to the system administrator indicates the user's desire to access important organizational information that allows them to work. The approval by the administrator is critical as it helps to authenticate the requests in line with users recruited by the organization (Balcik, Gahler & Abeykoon, 2017). It is the administrator who can identify fake requests that could have put the system under threat. The signing in process and change of passwords helps in securing the system and attaching responsibility to the new user. Passwords generated by the system are not safe, and change of password is important (Schwalbe, 2015). The agreement by the user attaches responsibility to the approval request. The warning on any violation helps to remind employees the need to follow organizational policies relating to the use of information systems.
Password Requirements
Passwords authenticate the use of information systems. System administrators must ensure that users sign in with unique passwords any time they want to access the system. Passwords must be strong, unique and not shared. The password policy below guides how passwords should be used in the organization.
- All passwords must be unique and should not contain suggestive names.
- Passwords must contain at least eight characters with uppercase and lowercase letters, numbers, and symbols.
- Passwords must be changed every two weeks. Users must not use previous passwords anytime they make changes.
- Passwords should not be written or stored anywhere.
- Passwords are personal and should not be shared with anyone whatsoever.
Justification
Passwords provide secure access to systems and can also pose a risk to the same systems if used by unauthorized persons. Passwords should be unique and strong and should not be suggestive in any manner (Abdellaoui, Khamlichi & Chaoui, 2016). Some people tend to use their names which increases the risk of being used by unauthorized persons. The choice to use letters, numbers, and symbols ensures that a password is hard to predict. A change of password from time to time makes it harder for hackers (Schwalbe, 2015). Passwords are personal and should not be shared which attaches responsibility to the user. When these guidelines are implemented, system security will be enhanced.
References
Abdellaoui, A., Khamlichi, Y. I., & Chaoui, H. (2016). A novel strong password generator for improving cloud authentication. Procedia Computer Science, 85, 293-300. Retrieved from https://www.sciencedirect.com/science/article/pii/S1877050916305841
Balcik, J., Gahler, L., & Abeykoon, T. (2017). U.S. Patent Application No. 14/798,847. Retrieved from https://patents.google.com/patent/US20170019416A1/en
Schwalbe, K. (2015). Information technology project management. Cengage Learning. Retrieved from https://books.google.co.ke/books?hl=en&lr=&id=mPeoBAAAQBAJ&oi=fnd&pg=PR7&dq=+importance+of+a+user+details+to+an+information+systems&ots=FMot-r1S5k&sig=_YyxEJoFVPlUkyQa_PmNeMaNuP8&redir_esc=y#v=onepage&q=importance%20of%20a%20user%20details%20to%20an%20information%20systems&f=false
Cite this page
Essay Sample on Information Security in Organizations. (2022, Dec 04). Retrieved from https://proessays.net/essays/essay-sample-on-information-security-in-organizations
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- Rebel Leadership Essay
- Accountable Care Organizations Model Paper Example
- Organizations: Enhancing Cybersecurity With ML & AI - Annotated Bibliography
- Essay on Codes of Conduct: Internal Guidelines and External Statements of Values
- Project Leadership: Communicating Ethically in the Face of Politics - Essay Sample
- Supply Chain Management: Key to Business Success - Essay Sample
- Involvement and Learning - Research Paper Example