Example IT security policy power point presentation:
You were just hired as the CISO for ABC Medical Services, a large, hospital chain that:
- provides services in six hospitals within the New England area,
- has IT systems supporting both administrative (e.g., email, accounting systems, etc.) and critical life support medical services,
- accepts credit card payments for hospital services,
- does not have an IT Security Policy, and
- did not previously have a dedicated IT Security function.
The hospital’s Board of Directors is composed of only medical professionals, with no IT background, but the C level officers (e.g., CEO, CIO, CFO, etc.) are all very proficient in their specialties. The Board of Directors and the C level officers only have a superficial understanding of IT security.
IT Security Policy Template Objectives:
- Policy must present a clear understanding of their roles and responsibilities in regards to the hospital’s IT Security program.
- The Policy must reflect a high level comparison showing the pros and cons for the buy template and customize versus internally develop from scratch options for acquiring and implementing an IT Security Policy, and
- Your recommendation for which one of the three security policy options, identified above, to pursue (purchase template or internally develop, if purchase, which template) and the major justification for your recommendation, and Recommend and provide supporting evidence for which industry regulation (i.e., HIPAA or PCI DSS) should be the highest priority for the hospital chain to pursue.