Information about the business objectives for the organization and Scope ISMS plan

Information about the business objectives for the organization and Scope ISMS plan
Healthy Body Wellness Center is an organization that provides a variety of medical grants to hospitals through the Office of Grants Giveaway. The business objective of the organization is to promote progress in the quality and value of hospital grants via federally supported research, evaluation, and sharing of information.
The scope of the Information Security Management System plan includes Microsoft Access 97 database of SHGTS, the host general support system (GSS) (JINX server EOC3FPR02\Groups\SSR), the remote access server (RAS), and servers in HBWC’s executive office facility and the workstations. This will be reviewed both in the managerial, technical and operational domains. It plays a role in improving the credibility and general confidence in information processing, acts as a forum for security and privacy protection for experts and other professionally active individuals in the field. The scope includes establishment of a general frame of orientation for security, privacy, professions and the public domain in organizations. The organization aims at addressing invasive systems security as of functional, technical, and societal standpoint.

Description of the guiding security principles of the organization
The guiding principle of the organizations is to minimize security risks and secure its interest. According to guiding principles, departments need to recognize, analyze and assess risks, choose risk avoidance options and establish a cost effective measures that will control and prevent occurrence of security risks. Departments are required to finish threat and risk assessment for vital sensitive assets. This approach defines what protection entails, evaluates and assesses risks and threats and comes up with recommendations that would aid in risk assessment. Other guiding principles include implementation and reviewing the effectiveness
Justification of the processes that should be included in the scope
Many organizations now in general have a figure of information security controls in position. Even though this is viewed as a creditable approach to information security, the unfortunate thing is that security risks and threats are occurring on a regular basis. Lack of formal Information Security Management System (ISMS), security controls have a tendency to be tampered with. This is because controls have typically been implemented partly as precise clarification for specific conditions, or initiate as a matter of convention. The current security controls fail to generally address certain aspects of IT or data security, leaving non-IT information assets susceptible. At times business stability planning and physical security may be controlled separately of IT and information security, while Human Resources function fails to distinguish the need to identify and allocate roles information security and duties all over the organization (Arnason, 2008).It is important to examine information security risks, identifying threats, vulnerabilities, and impacts in the organization. This is followed by designing and implementing comprehensive information security control suites. Finally it’s important to acquire a management procedure so that information security control continually meets organizational needs.
IT infrastructure
This includes a SHGTS Microsoft access 97 database that resides on the Windows NT application server JINX EOC3EOC3EOC3FPR02. Secondly, a system interface that can be accessed from the local OGG stations through RAS or VPN. Data is also an important aspect of the infrastructure. Some of the crucial data store in the SHGTS include feature about grants, amount, control number, grant category among others.
Recommendations
After implementation Information Security Management System, there is need to extend the ISMS to envelop the broader organization. This involves additional business operations, departments, or new venues like satellite offices. So as to guarantee effective and successful addition into your ISMS there is need to consider things such as; Assessing threats and vulnerabilities in the ISMS, training staff and monitoring events and operations (Caballero, 2009).

Reference
Arnason, S. T. & Willet, K. D. (2008). How to achieve 27001 certification: An example of applied compliance management. Boca Raton, FL: Auerbach Publications. ISBN: 9780849336485
Caballero, Albert. (2009). “14”. Computer and Information Security Handbook. Morgan Kaufmann Publications. Elsevier Inc. p. 232

Latest Assignments