HIPAA Information Security

Matt Curtin, CISSP
2003/03/03 13:11:16

This article is also available in PDF.

Abstract

Information security (INFOSEC) is a critical, if highly misunderstood, aspect of the processing of information. As information is at the heart of many businesses today, INFOSEC must be successfully addressed if we are to realize the full benefits of information technology.

Successfully managing INFOSEC is not significantly different from managing other challenges in a business environment. Organizations simply need to acknowledge the risks that are present and to address those risks. Quite a bit of help is available, both in the form of helping employees to understand the domain and in the form of products and services from vendors.

In this article, we consider what information security is from a management perspective. What is information security? What are the objectives of INFOSEC? How can INFOSEC contribute to, rather than draw from, successful business operation? Finally, we consider INFOSEC from the perspective of the health care industry.

Contents

• What is Information Security?
  • CIA Security?
  • The Role of Policy
  • The Role of Technology
• How Does Information Security Contribute to Success?
• How Does INFOSEC Relate to HIPAA?