Risk vs. Costs of using a template or custom IT Security policy


Example IT security policy power point presentation:


You were just hired as the CISO for ABC Medical Services, a large, hospital chain that:

  • provides services in six hospitals within the New England area,
  • has IT systems supporting both administrative (e.g., email, accounting systems, etc.) and critical life support medical services,
  • accepts credit card payments for hospital services,
  • does not have an IT Security Policy, and
  • did not previously have a dedicated IT Security function.

The hospital’s Board of Directors is composed of only medical professionals, with no IT background, but the C level officers (e.g., CEO, CIO, CFO, etc.) are all very proficient in their specialties.  The Board of Directors and the C level officers only have a superficial understanding of IT security.

IT Security Policy Template Objectives:

  1. Policy must present a clear understanding of their roles and responsibilities in regards to the hospital’s IT Security program.
  2. The Policy must reflect a high level comparison showing the pros and cons for the buy template and customize versus internally develop from scratch options for acquiring and implementing an IT Security Policy, and
  3. Your recommendation for which one of the three security policy options, identified above, to pursue (purchase template or internally develop, if purchase, which template) and the major justification for your recommendation, and Recommend and provide supporting evidence for which industry regulation (i.e., HIPAA or PCI DSS) should be the highest priority for the hospital chain to pursue.

123 4 5 6 7 8 9

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.