IT Write-up Test Solution
Executive Summary:
This report was written by the security Manager to CISO of Healthscope. It covers the working of the IT Department of Healthscope, especially IAM. The objective of the report is to state the significance of IAM Working and recommend strategies for implementation of IAM in Healthscope. The analysis shows that as per current development in the field of Information Technology, it is the basic need of Healthscope to protect its systems and data from falling into the wrong hands. For personal security, it is strongly recommended that the data must be organized into groups, and ready-made plans should be available to handle in case of any risky situation. Continuous checks and balances should be kept on all employees working; an identity and authentication system should be made strict.
Key points:
This report covers the following key areas:
- Objectives of IAM IN Healthscope organization
- Description of IAM
- Significance of IAM
- Latest IAM Technologies
- Recommendations and implementation strategy
Objectives:
The objective of the report are:
- To analyze the role of IAM for the security of the Healthscope organization
- To state the significance of IAM for the organization
- To recommend some strategies based on the latest IAM technological developments
and its implementation in the organization
Introduction:
Identity Access Management (IAM) is an essential part of the Healthscope organization. It guards the organizational data, which is straightforwardly connected to the organization’s status, official and monetary welfare. It is an Australian organization which is running private hospitals and health care centers. It is playing an essential role in the field of medicine. It is a large organization, and it has a large workforce of 17000 individuals with 46 sanatoriums and 52 health care centers. The IT Security & Information Assurance department (ISIA) is responsible for taking care of the multiple departments of the Healthscope organization. For fulfilling these crucial responsibilities, the Chief Information Security Officer (CISO) assigned a report to the security manager to analyze the role of Identity and Access Management of Healthscope, state its significance and give recommendations for utilizing the latest IAM technological developments for its implementation in the organization.
Description:
Identity Access Management consists of fields of management. One is identity management, and the other is access management. Both are very closely related to each other. Identity Management mainly deals with the jobs related to electronic identities like provisioning, de-provisioning, or any editing in both aspects. It creates identities, characteristics for these identities, which may be used by other applications to authenticate a person’s credentials when access is demanded and also get back the attributes of that individual. As far as Access Management is concerned, it deals with giving access to the authenticated person to available items or sources. To cut short, we can say that both of these make sure valid access to a credible person to a range of information resources of the organization. It deals with policies, processes and tools which are needed to handle a person’s access rights and authentication. Hence, identity management is responsible for the authentication of electronic identities, and access management is responsible for authorization, and its combination is known as Identity Access Management (IAM).
Significance:
In modern times, all the famous and largest organizations working internationally, they all needed data security systems to prevent any leakage of secret information. Confidentiality is something significant in every organization. This leakage of data serves as a disaster for the organization. Identity Access Management helps the organization from facing such kind of circumstances. Thus, it develops guiding principles for access to the information at different levels of the organization and handling that the user has access only to the authorized data. Healthscope is also needed IAM for preventing its details and information from going into unauthenticated hands. Cybersecurity is paramount in this age of cybercrime. Healthscope provides mobile services for the enhancement of its competence and production. Thus, IAM has to offer secure access to employees to visit consultants for the provision of services to the patients. IAM has to keep an eye on all the security measurements.
The requirements of IAM Technology in Healthscope:
IT Department of Healthscope has not only to secure the organizational data, but they also have to face double challenges like to support the employees to work through software and to protect the sensitive information of the patients connected to them. They have to secure the data from any illegal or unwanted use. Thus, in this situation, it is a difficult job for the IT Department to give access to data according to the role of the employee in the organization.
Identity and Access Management (IAM) in medical organizations tackle various work challenges. The appearance of cloud-based IAM has an additional and outstanding share on the business. The ever-strict policies for information safety are directing SMEs and big organizations to use identity and access management systems, to save their secret data and applications with access handling, identity control and security rules implementation.
Recommendations for the implementation of IAM:
Following are a few recommendations for the implementation of IAM in Healthscope:
- All the irrelevant material should be deleted. This will help to organize the data more
effectively.
- Divide the data according to the needs and nature of it.
- There must be a vision of areas where unauthenticated source can create problem like
secret data related to strategies, finance, workouts, planning and legal restrictions etc.
- Create profiles and accounts for all employees, patients and other related people.
- Information provided by the employees should be verified first.
- An advisory commission should be established so that in case of handling any
emergency, they help to devise or edit IAM rules and processes.
- Identity criteria should be made stricter, and data should be managed in such a
hieratical way so that the employees also cannot get anything to download or save to
any other system.
- There must be a regular check and balance over employees’ activities.
- The system should be made efficient by creating need-based software to handle the
data in an organized way. And to provide the right help at the right time to the right person.
- The system should be continuously rechecked for keeping in view if any lacking arises at
any time.
- There must be ready-made planning available for any kind of risky situations such as system is hacked by someone, or someone tries to breach the policy of the organization. Thus, alternatives must be ready for any such case t
- o give awareness related to Identity Access Management, its role and work. The best is the one which is always prepared to deal with the problems and issues arises and to remove security threats, to prevent the system from hacking, to make the system more productive, efficient and straightforward.
REFERENCES
Identity & Access Management Committee and SubCommittee. (2008, February 18). IAM Final
Report. Retrieved August 2, 2017, from psu.edu: http://www.identity.psu.edu/wp
content/uploads/sites/3053/2014/06/IAM_Final_Report.pdf
CLOUD SECURITY ALLIANCE. (2012, September). Secara Implementation Guidance.
Retrieved August 2, 2017, from cloudsecurityalliance.org:
https://downloads.cloudsecurityalliance.org/initiatives/secaas/SecaaS_Cat_1_IAM_Implementati
on_Guidance.pdf
IAM TECHNOLOGIES in 2017. (n.d.). Retrieved August 3, 2017, from luxatiainternational.com:
http://www.luxatiainternational.com/Events/iam-technologies-2017/
Sumner Blount, M. M. (n.d.). Continuous compliance. Retrieved August 2, 2017, from
federalnewsradio.com: http://www.federalnewsradio.com/wp
content/uploads/pdfs/continuous_compliance_wp_149652.pdf
Working Group Members. (2014, August 29). Identity and Access Management. Retrieved
August 2, 2017, from northwestern.edu: http://www.it.northwestern.edu/bin/docs/cio/identity
access-management-working-group-report-082914.pdf