BUS206 2.4.1 The CIA

In a business environment, information security is absolutely essential. The foundations of information security are Confidentiality, Integrity, and Accessibility- often called the Security Triad.

The company I work for, in a healthcare related industry, takes security very seriously. Part of this is due to the legal requirements of meeting basic HIPAA policies, but as a reputable service provider, it’s simply good business sense to take these precautions.

We have multiple systems that we work in, some of which are access control list security bases, some of role-based access lists, but all of them allow us to securely limit who has access to each function so that only those with a “need to know” are able to access information. Additionally, we use encryption for emails and documents, physical locks and intrusion detection systems to maintain facility security, and engage in regular employee training on appropriate security measures. We perform nightly redundant backups- one back up goes to one off-site location, and the other goes to a separate location. Our servers are in a climate controlled room that is consistently monitored. We have engaged with our software vendors to be sure that we are maintaining backwards compatibility with our data as our systems get updated so that in the event we need to restore old data, we can do so.

The owner and CEO of our company has said, more than once, that the information our company has- our data- is the most valuable asset, and deserves to be fully protected.

1 Like