-
Essay / Information Security Manager for a Small Pharmacy
As the Information Security Officer (ISO) for a small pharmacy, it is my responsibility to ensure physical access controls and logical to protect medications and funds that are stored and located on the premises. Additionally, my responsibility would include maintaining the confidentiality of our clients' personal information. ISO tasks may include providing reports to company management, establishing information security procedures and standards, and consulting and recommending to the pharmacy on security improvement issues. Potential physical vulnerabilities and threats that must be considered include: not allowing customers entry after hours, only employees will access the premises through the entrance after hours, the back door must be used only by employees and non-employees must be prevented from using the door. A double locking system must be used for entry to ensure security outside of working hours. Other physical security vulnerabilities to consider include attacks on security mechanisms such as locks and security personnel, disruption of sensing devices such as smoke detectors, motion detectors and closed circuit televisions. Physical security threats are more associated with attackers gaining physical access. to the premises. Attackers can cause physical destruction of the equipment or sabotage the equipment. Additionally, attackers may be responsible for theft, fraud, and vandalism. The attacker can sabotage the system if he has sufficient knowledge of the system, such as a former employee, and gains access to the system, then renders the system unusable, deletes or modifies information. Theft may include the actual products from the middle of the paper......uire. Additionally, each user will have to change their password every sixty days. The costs and benefits of implementing control activities must be considered. Even though the risks are real, our pharmacy must decide how much money it is willing to spend to protect our assets. The cost must be weighed against the cost of continuing our business and the cost of the threat to our costs of loss of information and reputation. Generally, the cost of implementing and maintaining a control activity should not exceed the benefits derived from that control activity (Microsoft 2006). The countermeasures listed throughout our presentation are ways to improve our security systems in our pharmacy. The ISO must continue to be vigilant in the never-ending fight against the forces of evil and darkness that attempt to invade and wreak havoc on our pharmacy..