Scribd
Upload
68 views

Security Program Charter Assignment Kevin Splittgerber

The document outlines a security program charter for a company to establish policies and procedures to protect sensitive information. It assigns roles and responsibilities for security, including appointing a CISO to develop and maintain the program. It also describes enforcement of policies and a process for revisions.

Uploaded by

api-546415174
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
68 views

Security Program Charter Assignment Kevin Splittgerber

The document outlines a security program charter for a company to establish policies and procedures to protect sensitive information. It assigns roles and responsibilities for security, including appointing a CISO to develop and maintain the program. It also describes enforcement of policies and a process for revisions.

Uploaded by

api-546415174
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Running head: ASSIGNMENT 1 SECURITY PROGRAM CHARTER 1

Assignment I Security Program Charter

Kevin Splittgerber

University of San Diego – CSOL540


ASSIGNMENT 1 SECURITY PROGRAM CHARTER 2

The HIC, Inc. company is fully committed to utilizing the latest in information

technology to produce efficient systems that speed the delivery of our products to our internal

and external customers and produce Health Insurance Portability and Accountability Act

(HIPAA) compliant systems. As a result of the purposefully interconnected system which

contains highly sensitive personally identifiable information and confidential medical records, it

is imperative that all levels of the organization participate in the cyber security program.

Protecting the availability, integrity and is everyone’s responsibility. As such the organization

produced the security charter contained within this document. This charter provides the

guidance for the establishment all security related policies, guidelines, standards and procedures.

Scope

The security program shall apply to and be accepted by all persons who are invited to

work on or participate in any part of the organization’s business operations. This applies to full

time, part time, contracted and temporary team members as well as external organizations who

are part of the organization’s supply chain.

Mission Statement

The HIC, Inc company cyber security program will use the risk management framework

to inventory the organization’s information systems, assess vulnerabilities, risk and criticality,

develop and implement security controls as well as continuously monitor the controls to actively

determine the effectiveness in mitigating risk. The security policies developed during this

process will be fully aligned with the applicable HIPAA regulatory requirements, as well as the

needs of the business operations and the privacy needs of our internal and external customers.

Security policies, controls, procedures, guidelines and standards will be routinely reassessed
ASSIGNMENT 1 SECURITY PROGRAM CHARTER 3

when changes are made to the system to ensure compliance with the established cyber security

charter.

Ownership

The cyber security program charter and resulting policies, procedures, standards and

guidelines are approved by the HIC, Inc. Chief Executive Officer (CEO). The charter assigns the

Chief Information Officer (CIO) as the owner and responsible party of the cyber security

program. The CIO appoints a Chief Information Security officer (CISO) to be the steward of the

cyber security program and is responsible for the development and maintenance of the program,

as well as ensuring compliance with the charter and applicable regulatory requirements. In

addition, an effective training program and regular communication of the cyber security program

will fall under the CISO’s responsibilities.

Enforcement, Compliance and Revisions

Any persons who fail to comply with the organization cyber security program may

receive disciplinary action, including termination of employment at HIC, Inc. and prosecution

under applicable laws. Regular compliance audits will be made to ensure that all team members

abide by the HIC Inc. cyber security policies. If it is determined that there are gaps in policy,

procedures, standards or guidelines, is it the responsibility of the CISO to review and revise the

deficient documents and create activities designed to remediate the deficiencies in policy,

procedures, standards or guidelines.

Approved: ____________________________________________
John Smith
Chief Executive Officer

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy