Security is a fundamental management responsibility of data protection concerned with determining the access control of genuine entities and also with the protection of computer systems from internal or external threats (Margariti et al, 2007).
Today, more than ever before, organizations are increasingly investing more resources in information security with the aim to reduce the risks and impacts of system susceptibilities and risks to a level that could be considered as acceptable (Walters, 2007).
This paper purposes to describe some of the basic steps that could be taken for the physical security of computers used by physicians and other practitioners in an urgent care center to remotely access patient data and their email system through a virtual private network.
According to Etzioni (2011), the first layer of security organizations need to take into consideration is the physical security of the computer systems.
This type of security needs to consider not only the individuals who have direct physical access to the computers, but also if they are allowed to have access to the machines and how these systems could be set to limit illegitimate tampering. As such, the steps taken to ensure physical security of computer systems must have the capacity to decrease the possibility of success for any kind of illegitimate access or attacks (Walters, 2007).
One of the ways through which physical security of computer systems could be enhanced is to restrict access to areas where the computers are kept to those in possession of appropriate identification badge and/or any other form of authorization (Albuquerque, Krumm & Geus, 2010).
Such restriction, according to the authors, not only decrease the ease with which an individual could access sensitive documents stored in the computers, but also reduces the possibility of an individual to physically tamper with the computer systems.
Second, physical security of computer systems could be enhanced through the use of passwords and other system features such as computer locks (Albuquerque et al, 2010). In passwords, physicians and other health practitioners using the system to access sensitive patient data should be encouraged to memorize their passwords instead of writing them down to prevent any instances where the paper with the password falls into the wrong hands.
In computer locks, it is imperative to note that most modern computers include a locking feature, which can be used to prevent someone from stealing your computer or manipulating the computer hardware configurations. Case locks can also be used to prevent attackers from rebooting a computer system from their own disk drives or other hardware (Etzioni, 2011).
The urgent care center can also decide to invest in trained security personnel to protect the computers and other physical aspects from theft. Installation of alarm systems and surveillance using dogs can also assist to protect the computer systems from theft or illegitimate access (Whitman & Mattord, 2011).
It should be noted that patient health data is sensitive in nature thus the need to include trained security personnel and alarm systems in any plan aimed at protecting the physical infrastructure of the computer systems. The training aspect of the security personnel is important to enable them detect any form of threats or attacks to the computer systems.
Fourth, all physicians and other health practitioners using the VPN to access patient data should undergo some form of security training since physical security is intrinsically dependent on the human training (Whitman & Mattord, 2011).
The consultants should be trained on the best way to protect the information in the systems from illegal access and on how to protect the computer systems from theft. According to Walters (2007), employees should also be trained in how to prepare electronic storage media for discarding using available techniques such as purging to completely erase files which may have been deleted but not overwritten with other data.
Doors leading to the computer systems should always be kept under lock and key, and windows sufficiently grilled to prevent any instances of unauthorized entry or theft of computers. This is a particularly important aspect of the physical security since all the other aspects will inarguably depend on how secure the physical environment is from internal or external threats (Walters, 2007).
Consequently, there should be a policy that ensures the physical environment is kept under lock and key and the windows are sufficiently reinforced to prevent any instances of illegal access, malicious attacks, and theft of critical information.
Lastly, it is prudent for the urgent care center to protect the computer systems from environmental factors, which include fire, floods, extremely high temperatures, water, and electricity fluctuations, among others (Margariti et al, 2007).
All these hazards, according to the authors, have profound negative affect on the computer systems that inarguably result in the loss of use and loss of productivity of these systems. A simple occurrence such as power fluctuation can cause the server to shut down and malfunction, hence the need to make investments in backup devices such as UPS (Uninterrupted Power Supply) or a power generator since computer systems necessitate redundancy in power availability (Etzioni, 2011).
Albuquerque, J., Krumm, H., & Geus, P. (2010). Formal validation of automated policy refinement in the management of network security systems. International Journal of Information Security, 9(2), 99-125. Retrieved from Academic Search Premier Database
Etzioni, A. (2011). Cybersecurity in the private sector. Issues in Science & Technology, 28(1), 58-62. Retrieved from MasterFILE Premier Database
Margariti, S.V., Meletiou, G., Stergiou, E., Vasiliadis, D.C., & Rizos, G.E. (2007). Security systems consideration: A total security approach. AIP Conference Proceedings, 963(2), 954-958. Retrieved from Academic Search Premier Database
Walters, L.M. (2007). A draft of an information systems security and control course. Journal of Information Systems, 21(1), 123-148. Retrieved from MasterFILE Premier Database
Whitman, M.E., & Mattord, H.J. (2011). Principles of information security. 4th ed. Boston, MA: Cengage Learning