Policy Characteristics
Overall, any policy is aimed at defining why certain things should be done. Therefore, the key seven characteristics of a decent policy are the endorsement, relevance, realism, attainability, adaptability, enforcement, and inclusiveness (Murphy 29). Consequently, if the policy is endorsed, it means that the administration fully supports it; if the policy is relevant, it means that the policy can be applied at an organizational level; if the policy is realistic, it means that the policy is reasonable; if the policy is attainable, it means that the management of the organization approves the implementation of the policy; if the policy is adaptable, it means that it is able to adjust to the external and internal modifications; if the policy is enforceable, it means that everything about the policy is legal; and if the policy is inclusive, it means that its core objective relates to all the contributing parties (Koontz 84). An example of a realistic policy may be the requirement to have passwords on all the computers in the organization so as to minimize the possibility of a breach or data theft.
Singular and Consolidated Policy
There are several advantages that are characteristic of a singular and consolidated information security policy. First, they provide a definite assignment for the designated department of the organization (Herzig et al. 101). Second, these policies are designed by the experts in the field who possess specific knowledge in information systems. Regardless, there are several important disadvantages. Ultimately, this policy type is considered to be a balanced version between the individual and comprehensive policies. Similarly, there are some disadvantages that are typical for a singular and consolidated information security policy. These include the complications that may transpire throughout the management process and high costs of the implementation (Johnson 66). It is necessary to include procedures, baselines, standards, and guidelines in this policy document because the employees should be aware of the essential postulates of the policy and understand the principles embodied in this fundamental document.
PLAIN Language
The organization should store at least 24 of the last user’s passwords. You should change the password at least one time in 40 days. The minimum length for a password is 7 characters. The password should be in line with complexity requirements. The system will not use reversible encryption to store the password.
Understanding CIA
Confidentiality is a synonym for privacy. Its major goal is to protect sensitive information and restrict the access to the data so that only the right persons would have access to the data (Gamon and Wolfe 52). An example from healthcare may be the issue of storing the data concerning mental health treatment. This data should be carefully protected so that no one could access it if they do not have the authority to do so (Riskin et al. 137).
The term integrity relates to the trustworthiness of the data. This information cannot be changed during a transaction or accessed by unauthorized individuals. Data integrity also relates to version control and file permissions (Gamon and Wolfe 52). A banking transaction may be considered a perfect example of a situation when the loss of integrity may harm the parties involved in the event (cancellation of the results of the transaction, monetary losses, transfer of incorrect data).
Availability mostly relates to the hardware and its correct maintenance. This should be done in order to eliminate all the possible software-hardware conflicts and minimize the possibility of failovers (Gamon and Wolfe 53). An example of the situation when availability is more important than the other two aspects (integrity and confidentiality) is an important update at the website of a major company. The update will drive traffic to the website, and the IT department will have to ensure that the downtime is minimal and every user is able to access the desired information.
Works Cited
Gamon, Joel, and Kayla Wolfe. IT Policy and Ethics: Concepts, Methodologies, Tools, and Applications. Information Science Reference, 2013.
Herzig, Terrell, et al. Implementing Information Security in Healthcare: Building a Security Program. HIMSS, 2013.
Johnson, Rob. Security Policies and Implementation Issues. Jones & Bartlett Learning, 2015.
Koontz, Linda. Information Privacy in the Evolving Healthcare Environment. CRC Press, 2016.
Murphy, Sean. Healthcare Information Security and Privacy. McGraw-Hill, 2015.
Riskin, L., et al. “Re-Examining health IT policy: what will it take to derive value from our investment?” Journal of the American Medical Informatics Association, vol. 3, no. 14, 2014, pp. 132–140.