Audit of Information Security

Junior (College 3rd year) ・Management ・APA ・4 Sources

My primary responsibility as chief information security officer going forward is to develop and put in place a strong and efficient security program. To ascertain the level of organizational cyber security, an information security audit will need to be performed prior to developing such a program. The discussion that follows outlines the five primary areas that will be subject to the audit, its specifics, and the desired outcomes.
The business environment, risk assessment, governance, and data security are the five main components of the information security program that need to be audited (NIST, 2017). An audit of asset management would seek to identify the systems, personnel, data, facilities, and devices crucial to ensuring that health organization achieves its purposes and goals. An audit of the business environment is interested in whether the organization has understood and prioritized the vision, mission, and stakeholders.

A governance audit will concentrate on establishing whether the role of the policies and procedures in managing cyber security, legal, and environmental risks is understood. The risk assessment audit will seek to uncover the information security and cyber security risks that face the healthcare organization’s operations. A data security audit will seek to determine whether the confidentiality, integrity and the availability of information are protected by the effective management of data.

Goals of the audit

The NIST cybersecurity framework (2017) points out that effective asset management contributes to the achievement of organizational objectives and the development of an effective risk strategy. An audit of the asset management framework will aim at establishing whether all the systems, systems, and software applications within the ten hospitals are correctly inventoried. As the CISO, it is of great importance to establish the mapping of communication and data flows to determine the most effective communication channels. A weakness of many information security programs is that there is no clarification of the roles of the personnel and therefore, the audit will determine the different worker's role to build the culture of accountability.

The various business environment factors such as infrastructure and the mission must not be ignored because they affect the making of cybersecurity decisions. An audit of this area aims to identify the critical functions that must be performed to improve the organizational security. The functions reveal the resilience requirements necessary to support the various information security roles reducing the risk of a security breach. The audit will also seek to clarify the healthcare organization’s information security objectives and mission to enhance the risk management process at all the ten hospitals (NIST, 2017).

Every healthcare organization must audit its risk assessment environment because it enables the identification of all the organizational risks (Mohammed & Mariani, 2014). The primary goal is to identify and document the different asset vulnerabilities. The critical assets include policies, the security personnel, and the information systems and devices and their documentation enhances the security of organizational information. The second goal is to identify and document the internal and external threats and their impact on organizations’ information assets (Zarei & Sadoughi, 2016). As the CISO, this process will be made possible by facilitating the sharing of information by all the ten hospitals to enable the development of a standard security program.

A governance audit is necessary because it informs the management whether the existing policies, procedures, and processes contribute to the mitigation of cybersecurity risk. The audit aims to coordinate and align all the stakeholder’s roles and responsibilities. A large healthcare organization has many internal and external partners, and the development of an effective information security program requires that all share common responsibilities. A shared approach by all stakeholders ensures that all the regulatory and legal demands are understood and managed. Most large healthcare organizations fail to strengthen their governance mechanisms, and the result is that conflict over the management of information assets arise.

Data security is a concern of every chief information security officer irrespective of the industry (Peltier, 2016). The information security program main aim is to maintain the confidentiality, integrity, and the availability of patient information. The goal of the data security audit is to test the effectiveness of the software and databases in securing information and health records. It is also crucial to identify the areas vulnerable to an attack and to seek to establish the causes of data leaks. Ensuring the security of the organizational information is my primary role, and therefore, the audit will also recommend additional methods to enhance the safety of data.


Mohammed, D., & Mariani, R. (2014). An Evaluation of the Cybersecurity Policies for the United States Health & Human Services Department: Criteria, Regulations, and Improvements. International Journal of Business and Social Research, 4(4), 1-7

NIST, (2017). Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology.

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press

Zarei, J., & Sadoughi, F. (2016). Information security risk management for computerized health information systems in hospitals: a case study of Iran. Risk Management and Healthcare Policy, 9, 75

Get a price
Academic level
Pages *275 words
Total price
$ 0 .00
$ 0 .00

Prices that are easy on your wallet

Our experts are ready to do an excellent job starting at $14.99 per page

What Clients Say About Us
Our Customers Rated UsGreat
Out of 5 Based on 357 Reviews
I experienced difficult times trying to complete huge number of assignments to my university at the same time and you, guys, literally saved me. Everything was done in time and on the highest level! I really appreciate your help.
Essay, History, 12 pages, 7 days, Master's
First time when I placed an order with you, I just lacked time to do all the homework and it was a lot going on in my family. But today I’m doing it sometimes just for fun – I really enjoy communicating with your Customer Support members and just letting myself being a bit lazy
Yuong Lo Mui,
Literature review, IT, 17 pages, 4 days, Master's
My GPA is 4.0 and I’ve always been doing everything myself, but there is a class which I was about to fail thus my GPA would decrease first time in so many years. I ordered few assignments to be completed with and you did a great job! Thanks to you I still remain one of the best students on campus.
Essay, Politics, 8 pages, 5 days, Junior
I am not used to such services and I usually write all the papers by myself. But this time I got in a very difficult situation and had to order my paper on this website. To my surprise it appeared to be quite good. Thank you, it is really nice service. Think I'll get back to you soon!
Thesis, Management, 34 pages, 14 days, Master's
I am on my maternity leave now, so I spend a lot of time at home taking care of my little son. I’ve decided to get one more higher education degree while I’m spending so much time at home and applied for distance learning in one online college. But caring a baby takes even more time then I excepted so I’m the way too busy to write the complicated masters level research works, but is so-so-so cool! Thank you for that you exist! I don’t know what I would do without you all!
Essay, Education, 15 pages, 8 days, Master's
I am studying and working at the same time and it is difficult to cope with university assignments as I am very tired after the work day. You service is a salvation for me as it helps to do everything on time. I am really happy about it. Wish you everything the best! Especially my lovely writer 109!
Coursework, Religion, 11 pages, 7 days, Master's

We at

work according to the General Data Protection Regulation (GDPR), which means you have the control over your personal data. All payment transactions go through a secure online payment system, thus your Billing information is not stored, saved or available to the Company in any way. Additionally, we guarantee confidentiality and anonymity all throughout your cooperation with our Company.

Try our service with 15% Discount for your first order!   Try our service with 15% Discount for your first order!   Try our service with 15% Discount for your first order!  

Order Now