Document Details

GlowingMoldavite6635

Uploaded by GlowingMoldavite6635

Kuwait University

2023

Dr. Maha Alnashmi

Tags

information systems training training approaches security measures administrative approach

Summary

This document provides an overview of information systems training, covering various training approaches, administrative approaches, and technical safeguards. It details instructor-led, technology-based, on-the-job, and blended learning methods. The administrative approach focuses on risk analysis, security control analysis, and risk determination.

Full Transcript

Training Approaches 1. Instructor-led 2. Technology-based 3. On-the-job training 4. Blended approach 5. Adjunct aids/ training materials Dr. Maha Alnashmi, 2023-24 0 Training Approaches 1. Instructor-led Training ( ILT) Classroom techniques that...

Training Approaches 1. Instructor-led 2. Technology-based 3. On-the-job training 4. Blended approach 5. Adjunct aids/ training materials Dr. Maha Alnashmi, 2023-24 0 Training Approaches 1. Instructor-led Training ( ILT) Classroom techniques that engage the participants, such as, active participation, group activities, hands-on exercises, and other various instructional approaches enhance attention and learning Classroom training is high-cost and labor- intensive Dr. Maha Alnashmi, 2023-24 0 Training Approaches, Cont 1. Technology-based / eLearning Uses technology to teach technology Computer-based training Web-based training Lower-cost training alternative Typically viewable on any computer Less flexible than classroom training Dr. Maha Alnashmi, 2023-24 0 Training Approaches, Cont 1. On–the-Job Training / just-in -time Appropriate for short sessions Subject to interruptions May or may not catch all the people who need training Uses a trainer or super user to walk providers through the processes Dr. Maha Alnashmi, 2023-24 0 Training Approaches, Cont 1. Blended learning Maximizes retention Targets different learning styles Encourages active participation Mixes web- or print-based instruction with classroom time Lower cost than classroom training Dr. Maha Alnashmi, 2023-24 0 Training Approaches, Cont 5- Adjunct training materials – Job aids – E-mail reminders – Ongoing training tips – Easily accessible audio-video clips – Ongoing presence of trainers and super users in work areas Dr. Maha Alnashmi, 2023-24 0 2. Administrative Approach Risk analysis: risks attacks network component at any time. Its important to have real time management system 1. Boundary definitions : detailed inventory of I.S systems 2. Threat identification: list of all potential threats, human, natural , environmental 3. Vulnerability identification: weakness or flaws in system design 463 HIS, Dr. Maha Alnashmi,2023-24 0 1. Administrative Approach, cont. 1. Security control analysis: 1. preventive control: access control , authentication, procedures 2. Control design : audit trials and alarms 2. Risk likelihood determination: rating system as high, medium , low risk 3. Impact analysis : impact of security on organization 4. Risk determination 5. Risk control 463 HIS, Dr. Maha Alnashmi,2023-24 0 2. Administrative Approach, cont. Administration must work with IS personnel to establish the following centralized security functions: 1. A comprehensive security plan 2. Accurate and complete information security policies 3. Information asset ownership and sensitivity classification 4. Identification of comprehensive security program 5. Information security training and user support 6. An institution –wide information security awareness 463 HIS, Dr. Maha Alnashmi,2023-24 0 2. Administrative Approach, cont Chief Security officer – Reports to CIO – Manage security plans – Apply sanctions and influence employees 463 HIS, Dr. Maha Alnashmi,2023-24 0 3. Technical Safeguards 1. Access control 2. Entity authentication 3. Audit trail 4. Data encryption 5. Firewall protection 6. Virus checking 463 HIS, Dr. Maha Alnashmi,2023-24 0 1. Technical Safeguards, cont. 1. Access control – Need to know 1. User-based access : who and how, read, write edit, execute, print 2. Role based: who and how, adding new application privileges easily assigned 3. Context based: who, how and context 463 HIS, Dr. Maha Alnashmi,2023-24 0 3. Technical Safeguards, cont. 1. Entity authentication: The process of determining whether someone is who he or she professes to be Entity authentication includes: – Something you know: passwords, PIN – Something you have: ATM cards, Token, swipe cards – Something you are: biometric fingertips, voice scan, iris or retina scan 463 HIS, Dr. Maha Alnashmi,2023-24 0 3.Technical Safeguards, Access authentication cont. Methods used in access authentication are: 1. Access codes 2. Logon passwords 3. Digital certificates 4. Public or private keys used for encryption 5. Biometric measures , Voice recognition, Fingerprints 463 HIS, Dr. Maha Alnashmi,2023-24 0 3.Technical Safeguards, Access authentication cont. Passwords: Collection of alphanumeric characters that the user types into the computer May be required after the entry of an access code or user name Assigned after successful system training Inexpensive but not the most effective means of authentication 463 HIS, Dr. Maha Alnashmi,2023-24 0 1. Technical Safeguards, cont. 1. Audit trails: record activity, both by system and application process and by user activity, of systems and applications. Individual accountability Reconstructing electronic events Problem monitoring Intrusion detection Security violations Performance problems Flaws in applications 463 HIS, Dr. Maha Alnashmi,2023-24 0 Security Mechanisms Automatic sign-off = Mechanism that logs a user off the system after a specified period of inactivity on his or her computer 463 HIS, Dr. Maha Alnashmi,2023-24 0 Security Mechanisms Firewall = A component of a computer system or network designed to block unauthorized access while permitting authorized communications. A barrier created from software and hardware Application security – Employs security-testing techniques to look for vulnerabilities or security holes in applications Two types: Packet filter, network level ( router) 463 HIS, Dr. Maha Alnashmi,2023-24 0 Proxy server, application level ( gatekeeper) Security Mechanisms , cont Antivirus Software: Computer programs that can locate and eradicate viruses and other malicious programs from scanned memory sticks, storage devices, individual computers, and networks Ransomware : A type of malware that hijacks user files, encrypts them, and then demands a ransom or payment for the decryption key 463 HIS, Dr. Maha Alnashmi,2023-24 0 Security Measures , cont. Antivirus and spyware detection – Signature- base scanning: works by organizing a unique patterns or signature of the virus – Terminate and –stay resident monitoring: software runs in the background while an application runs in the front ground – Multilevel generic security: use expert analysis technique 463 HIS, Dr. Maha Alnashmi,2023-24 0 Security Measures , cont. User sign-on and passwords or other means of identity management Access on a need-to-know basis Automatic sign-off Physical restrictions to system access 463 HIS, Dr. Maha Alnashmi,2023-24 0 Security Measures , cont. Spyware Detection Software: a type of software that installs itself without the user’s permission, collects passwords, PIN numbers, and account numbers and sends them to another party 463 HIS, Dr. Maha Alnashmi,2023-24 0 Security Measures , cont. Proper Handling and Disposal Acceptable uses Audit trails to monitor access Encourage review for accuracy Establish controls for information use after hours and off-site Shred or use locked receptacles for the disposal of items containing personal health information 463 HIS, Dr. Maha Alnashmi,2023-24 0 Clinical Data Repository Online transaction processing (OLTP), traditional data collection method. They support daily operations a health care organization but less suited for decision support. Difficult to track data patterns or trends. clinical data repository : A large database that gets data from various data stores within application systems across organization. Dr. Maha Alnashmi, 2023-24 0 Real Time Vs. Patch Processing Real-time processing occurs immediately or almost immediately; used when speed is important Batch processing usually occurs once daily at the end of the day (traditionally when there were fewer demands on the processor) Dr. Maha Alnashmi, 2023-24 0 Classification of interoperability There are three classifications for interoperable data, according to the Office of National Coordinator for Health Information Technology (OCHIT): – Emerging – Pilot – National The best available interoperability standards and implementation specifications are given in Table 14-1 of the textbook ver. 6th. Dr. Maha Alnashmi, 2023-24 0 Types of Interoperability Syntactic (functional)—ability to exchange the structure of the data, but not the meaning Semantic—guarantees meaning of the exchanged data on both ends of the transaction – Critical for clinical data Dr. Maha Alnashmi, 2023-24 0 Health information exchange( HIE) Health information exchange (HIE) = The electronic movement of health-related information or clinical data that follows patients across delivery settings, according to nationally recognized standards Dr. Maha Alnashmi, 2023-24 0 Effort for Interoperability Health Level Seven (HL7) Clinical Document Architecture (CDA) European Committee for Standardization (CEN) EN 13606-1 (EHRcom) openEHR Service oriented architecture (SOA) Dr. Maha Alnashmi, 2023-24 0 Integration issues Massive undertaking Vendors failure to deliver on promises Lack of agreement on standards Politics and power – Lack of agreement on data dictionary, data mapping, and clinical data repository – Fear of change – Competition Dr. Maha Alnashmi, 2023-24 0 Benefit of Interoperability Improved access to information Improved physician workflow, productivity and patient care Improved safety Fully standardized health care information exchange Estimated savings = 5% annual U.S. health care expenditures Dr. Maha Alnashmi, 2023-24 0 Data Exchange Standards HL7 – Health Level 7 – Major standard for the exchange of clinical data DICOMM – Digital Imaging and Communications In Medicine – Production, display, storage, retrieval and printing of medical images Dr. Maha Alnashmi, 2023-24 0 Steps in Developing a Preparedness Program Program management Planning Implementation Loading… Testing and exercise Program improvement Dr. Maha Alnashmi, 2023-24 0 Steps of the Continuity Planning Process Business Impact Assessment or Analysis (BIA) Planning Implementation of strategies for continuity Evaluation Dr. Maha Alnashmi, 2023-24 0 Planning Process Secure top management support and commitment Select the planning committee Risk Assessment: identify the following information: 1. Types of disaster, risk range low-high 2. Potential impact or a particular disaster 3. Estimated cost of lost/damage 4. Cost to replace and restore records 5. Set processing and operating priorities Establish processing and operating priorities Data Collection Write the plan Dr. Maha Alnashmi, 2023-24 0 Threats To Business Operation And Information Systems (IS) Environmental disasters Overtaxed infrastructure Human error Power fluctuations and Sabotage outages Acts of terrorism and Equipment failure bioterrorism Operating system or High-tech crime application software Viruses bugs Dr. Maha Alnashmi, 2023-24 0 Data Backup Goal: Continuous delivery of services Options for zero downtime are expensive Common anti-disaster protection: – Automated backups – Off-site media storage – Data mirroring – Server replication – Remote data replication Dr. Maha Alnashmi, 2023-24 0 Downtime or Backup Procedures Different means to accomplish a common task than what is ordinarily used such as paper requisitions Loading… Dr. Maha Alnashmi, 2023-24 0 Recovery Cost Lost consumer confidence and profits Temporary services, space, equipment, utilities, personnel Shipping and installation costs Post-disaster replacement of equipment and repairs Overtime hours for staff Reconstruction of lost data Dr. Maha Alnashmi, 2023-24 0

Use Quizgecko on...
Browser
Browser