Operational Security Management Policy

1470 Words3 Pages

Introduction
The goal of an operational security management policy is to set clear guidelines on how the information assets of an organization should be operated. The policy should define the roles and responsibility that every individual of the organization plays in ensuring the policy is followed, and the ramifications for when it is not. The healthcare industry may have contextual characteristics that are not found in other types of industries. The information assets must be operated in such a way that reduces the liability of the organization in the event of a data breach. A communication plan, and its elements can drive the creation of the policy, ensuring all levels of the organization are aware of the policy.
Operational Management Security …show more content…

Each operational department has its own set of priorities that should align with the overall business objectives of the organization. Therefore, their inclusion in the policy can help ensure that some policy decisions are not so restrictive that they hinder the actual operations of the business.
The IT function plays a crucial role in the operational management security policy as that function will be the closest to the technology, and controls that are implemented as a result of the policy. The goal of the policy is to develop clear guidelines on what is and is not allowed, escalation paths for authorization activities, as well as serve as a deterrent for misconfigurations that could be a company at risk ("CISCO," n.d.).
Since the policy also details ramifications for noncompliance, especially those that may have resulted in a data breach, the human resources, finance, and internal audit functions should be involved. HR would have to deal with disciplinary actions, finance would be responsibility over financial loss, and audit would assess and test the policy periodically to ensure it is operating as intended. Government, and regulatory agencies could influence policy decisions as laws governing healthcare change.
Communication Plan …show more content…

Timing and frequency of the messages is important to consider to ensure the plan meets its goals. If there is too little communication, the message may get lost; however, if the communication is too frequent, it may be ignored (Boudreau, 2012).
Since the plan aims to support the creation of the policy, the frequency of the messages should be a careful balance of informative, and necessary, without coming across as a sales pitch. All levels of an organization should want to operate its assets securely, especially within the healthcare industry, as many practitioners, such as doctors, take an oath, and a level of accountability. An operational management security plan helps the industry meet the requirements set forth by the healthcare

Open Document