Introduction
Information management is one of the most important parts of any organization. To ensure continuity of an organization, proper record keeping should be encouraged.
In addition, proper documentation and record keeping of events, personnel information among other things in an organization ensures that the entity is assured of accountability (Raggad, 2010). Effective record keeping, maintenance, and management eases up the audit process for any organization.
It is important to note that management of data and proper maintenance of records is a very crucial process to the success of the organization. With this in mind, organizations have developed proper record keeping methods and processes (Tipton & Nozaki, 2008).
As an aspect of organizational structure, information management has seen the emergence of new methods meant to enhance the effectiveness and convenience of managing records and data. In this case study, various issues touching on security with regard to iTrust organization are addressed.
The iTrust Security Issue
In the past, organizations relied on manual systems of information management. The systems were prone to human error and involved a very rigorous storage and retrieval process. Modernization has seen the introduction of technology into the information management arena.
Technology has helped revolutionize the whole information management arena in a major way. It has improved the effectiveness and efficacy of information systems. It has also improved the speed of retrieving data, as well as the security of the same.
It has reduced risks of damage to data (Raggad, 2010). Information systems are developed to suit the growing need for technological information management and improve the rather historical process of keeping records.
Although they are not one hundred percent efficient or secure, they do come quite close to the optimal standards. They ensure effective and hassle free management of information (Tipton & Nozaki, 2008).
In medical institutions, the need to manage information cannot be underestimated. Medical facilities contain a lot of confidential information on individuals.
They also contain information on treatment plans and prescriptions. Such information should be safeguarded to ensure it does not fall into the wrong hands.
iTrust is a hypothetical information systems software that allows medical facilities to maintain records on drug inventory and other bits of information. It is a role-based healthcare web application through which patients can manage their medical records (Tipton & Nozaki, 2008).
Similarly, medical personnel are provided with a platform through which they can monitor the progress of their patients by managing their medical records. Medical personnel can also receive alerts on missing immunization or signs of chronic illnesses.
In this case study, the susceptibility of the iTrust information management software is brought to question. The case study embarks on identifying the threats faced by the iTrust system, as well as the areas that may render the system vulnerable to security lapses.
If the system is vulnerable in any way, its effectiveness is compromised. The cases study will look into the areas of vulnerability and identify ways through which these threats and vulnerabilities can be addressed (Raggad, 2010).
Review of the Case Study
In the process of identifying the threats faced by the system, one cannot ignore the new requirements of the iTrust software.
The first, Add role emergency responder, allows for the fire, police, and emergency medical technicians to look at the records of a particular patient prior to taking any action.
Addition of these new requirements will allow for easy access to the emergency report that contains crucial information. Such information includes patient’s blood type, prescription history, allergies, diagnosis of chronic illness, immunization history, as well as long and short term diagnoses.
The second requirement is finding a qualified and licensed healthcare professional. Such a provision will make it possible for patients to find qualified and licensed healthcare professionals to help them in the treatment of specific health conditions.
The patient simply selects the diagnosis and chooses a professional who has experience in handling such cases.
The third requirement is the update of the code table. As far as this is concerned, ICD-10 code is used in place of ICD-9CM. The new code is then saved for use with the iTrust application.
The fourth requirement is the ability to view the access logs. The patient is able to look at a list of all the medical professionals who have updated their medical records.
Review of the New Requirements
Although these new requirements are supposed to increase the efficiency of the system, they also create security loopholes that third parties can exploit (Raggad, 2010). The vulnerability of the system is increased with an increase in the number of visitors.
Similarly, the threat and vulnerability levels are increased with a rise in the amount of information made available in the database. If the information is quite sensitive and potentially beneficial to some people, then they can try to obtain it, causing a security breach (Tipton & Nozaki, 2008).
Each new requirement could lead to the occurrence of such a situation. Therefore, there is need to reevaluate these new requirements in a way that guarantees the safety of the system
Suggestions to Mitigate the Vulnerability of the System to Security Threats
There are numerous ways through which security threats and vulnerability issues can be solved. However, not all of these methods are applicable to the iTrust case.
The management can make a decision on the best method by determining the sensitivity of the data handled by the iTrust database. Medical information is quite sensitive. Therefore, the safety of the iTrust system is paramount.
With this in mind, it is noted that there are specific measures that the management can take to mitigate potential threats to the system.
First is the use of an elaborately generated password protection system. Such a system ensures that there is controlled access to the database and only authorized personnel can access information stored therein.
Password security system is also essential in tracking down suspects in the case of a security breach.
Encryption system to protect the uploaded files is also a useful tool in safeguarding the stored information (Raggad, 2010). Encryption makes it hard for hackers to target and obtain specific information from the system.
In addition, encryption makes it hard for ordinary systems to read data from the system. As such, the use of encrypted data is limited to specialized machinery. Another viable method of protecting information in a database like iTrust’s is mounting it on a website that is secured.
Such a move will make it difficult, or even impossible, for data thieves to copy passwords from the site. In turn, the information is protected from theft, damage, or any other risk (Tipton & Nozaki, 2008).
Conclusion
Such technological innovations as iTrust database are quite phenomenal in the management and protection of stored data. However, they are also prone to threats and vulnerable to circumstances. Organizations should take measures to enhance the security of their information.
The organization should ensure there are no loopholes that hackers can exploit to destroy or steal the information stored in the database. System upgrades, though useful, can also create loopholes that third parties with malicious intentions can exploit.
As such, the organization should take a lot of care when carrying out system upgrades. If this is not possible, all system upgrades should be followed up with a security review in a bid to ensure that they do not create potential security breach points.
If the above areas are addressed, the security, threat, and vulnerability situation of the iTrust database can be reviewed and fixed.
Information management systems are very effective in the handling of stored data. It is important to note that such effectiveness can only be achieved if these systems are secure. Organizations should place emphasis on the security aspect of their information management processes.
In fact, security should be a major consideration during the development of such programs. iTrust is one of the information management systems that organizations can use to enhance the security of their records.
However, there are several security concerns that need to be promptly addressed for the system to prove as effective and as efficient as the developers would want it to be. The points highlighted in this case study should serve as a major asset in guiding developers and helping them to achieve this.
References
Raggad, B. (2010). Information security management. Boca Raton, FL: CRC Press/Taylor & Francis.
Tipton, H., & Nozaki, M. (2008). Information security management handbook. Boca Raton, Fla.: Auerbach.