Order Now
Uncategorized

Information Security Strategies For The Royal Children’s Hospital

13 min read
Posted on 
April 25th, 2025
Home Uncategorized Information Security Strategies For The Royal Children's Hospital

Strategic Security Policy for The Royal Children’s Hospital

Information security or InfoSec can be defined as the significant practice to prevent the unauthorized access, disclosure, inspection, utilization, destruction and even recording the sensitive information (Crossler et al. 2013). The data might be in physical or electronics form and hence are extremely important for the users. The main focus is given to the efficient and effective implementation of policies, without even hampering the productivity of that particular organization. A specific procedure of the multi step risk management helps to recognize the assets, potential impacts, probable controls, vulnerabilities and the respective threat sources that are followed by assessing the effectiveness and efficiency of risk management plan (Von Solms and Van Niekerk 2013). The basic guidance, industry standards and policies are set for this purpose on the antivirus software, firewalls, passwords and encryption.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

The following report will be outlining a brief discussion on the information security on a popular children’s hospital in Melbourne Australia, namely The Royal Children’s Hospital. This report will research, develop as well as document the basic security policy for this particular organization. Moreover, the several security incidents would be identified her with probable threats and vulnerabilities and their mitigation techniques.

a) Strategic Security Policy for The Royal Children’s Hospital

The Royal Children’s Hospital or RCH is one of the most popular children’s hospitals in Melbourne Australia. This is the major specialist paediatric hospital within Victoria and it provides a complete range of the clinical service, health promotion program, health prevention program and tertiary care for both the children as well as the young people (Rch.org.au. 2018). This particular hospital is designated main trauma centre for the paediatrics within Victoria for cardiac and liver transplantation.

The strategic security policy is the set of strategies for the purpose of securing any particular system or organization (Peltier 2013). Each and every constraint regarding the security of that organization is addressed with this security policy. The functional flow of the organization is solely measured with this policy. The external systems or the adversaries are also accessed by this policy and hence the data or services are secured and kept private. The access control and the physical security of the organizational resources and assets are also secured with the security policy (Siponen, Mahmood and Pahnila 2014). The stakeholders of RCH are staffs, patients, suppliers, owners, in vestors and creditors. The security policy of RCH in respect to the stakeholders is given below:

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper
  1. i) Purpose of Security Card Access and Identification: The security at RCH is controlled in the Public Private Partnership or PPP with the Spotless Security Services as well as RCH (Peltier 2016). The major purpose of the security functions in RCH is by ensuring safety for the patients, by facilitating proper credential ties and then providing clean record of the identities.
  2. ii) Credentialing: The security access must not be granted without the completion of RCH credentialing procedure (Singh 2013). The staff members help to maintain the credential of the organization.

iii) Access Levels in RCH: The RCH has adopted the open door policy in respect to the generalize access areas within the hospital for each and every staff. There are two access levels in RCH, which are general access and addition to the general access levels (Xu et al. 2014). These access levels are extremely vital for the general public.

  1. iv) Types of Security Access Cards: There are various types of security access cards in RCH. The first type is the RCH staff security photo ID that provides confidentiality to the staffs of the hospital. The next type is for non-paid visitors to RCH. The visitor security photo ID as well as the temporary visitor card in non-paid visitors (Safa, Von Solms and Furnell 2016). The final type of security access card is for the patient and family access card. These cards are issues by the wards and it helps the family members for after hour visits.  
  2. v) Title Allocation on Staff Security Photo ID Access Card: The executive of RCH approves this card and there are a number of several generic titles that are to be assigned to the staff security ID cards (Andress 2014). The security access card has absolutely no bearing on the actual titles.
  3. vi) Changes to Security Access Profile: The next important part in this security policy is the relevant change to the security access profiles (Sommestad et al. 2014). The facilities department is responsible for such changes.

vii) Staff Termination: The final part in the security policy of The Royal Children’s Hospital is the termination of staffs (Soomro, Shah and Ahmed 2016). If any type of vulnerability is noticed in this organization, the staffs are terminated.

Identify and Assess Potential Threats and Vulnerabilities with Mitigation Techniques

b) Identify and Assess Potential Threats and Vulnerabilities with Mitigation Techniques

  1. I) Potential Threat and Vulnerabilities: There are some of the potential threats and vulnerabilities to the network of The Royal Children’s Hospital. These risks are extremely dangerous for the organizational network as the loss of data becomes common (Jouini, Rabai and Aissa 2014). The major threats and vulnerabilities for the network of The Royal Children’s Hospital are as follows:
  2. i) Malicious Software: The first and the foremost potential threat or vulnerability is the malicious software or virus. This type of software, whenever executed, eventually replicates itself by the modification of any other computerized programs (Ab Rahman and Choo 2015). Then this software enters its own code. As soon as the replication is succeeded, all the affected areas are termed as infected with the computer virus.
  3. ii) Trojan Horse: Another significant and popular threat for the network of Royal Children’s Hospital is Trojan horse (Ahmad, Maynard and Park 2014). This Trojan horse or Trojan is the malicious computerized program that subsequently misleads all the users of the original intent. These types of malicious programs are usually spread by some distinct form of social engineering such as a user duping to execute the attachment of an electronic mail that is disguised as unsuspicious in nature or by simply clicking on most of the fake advertisements over the platform of social media (Flores, Antonsen and Ekstedt 2014).

iii) Denial of Service Attack: The DoS attack or the denial of service attack is the popular cyber attack, where the respective perpetrator seeks within the machine as well as network resources to make it completely unavailable for all the intended users either by indefinitely or temporarily disrupting the services of that particular host that is connected to Internet (Siponen, Mahmood and Pahnila 2014). This type of threat is accomplished by significantly flooding targeted resource or machine for overloading the systems and then preventing the legitimate requests from getting fulfilled. The Distributed Denial of Service attack or DDoS attack is the attack in several systems.

  1. iv) Eavesdropping: The fourth network threat or vulnerability for the Royal Children’s Hospital is eavesdropping (Von Solms and Van Niekerk 2013). This is the unauthorized and unauthenticated monitoring of the communications of all other people. In this type of attack, the attacker secretly or stealthily listens to any type of private communications or conversations without any consent. It is extremely illegal and unethical and could be done on the telephone lines, instant messaging methods and even through the electronic mails (Safa, Von Solms and Furnell 2016). The software of Voice over Internet Protocol or VoIP communication is again one of the major forms of electronic eavesdropping with the help of Trojan horse.
  2. v) Phishing: The fraudulent attempt for obtaining any type of sensitive data or information like the username, password or credit card credentials for the malicious reasons after being disguised as one of the trustworthy entities within the electronic communication (Sommestad et al. 2014). The phishing threat or vulnerability is usually carried out either by means of instant messaging or by spoofing of electronic mails. The attackers often direct the authenticated users for entering the personal information or data at any forged website. These types of communications are purported from social web sites, online payment processor, banks, auction site or even the IT administrators are the common victims (Soomro, Shah and Ahmed 2016). Since, The Royal Children’s Hospital deals with the patients, phishing could be a common threat to their network and hence proper measures should be undertaken in this case.
  3. vi) Data Breaches: The next important and significant threat or vulnerability for the particular network of the Royal Children’s Hospital is the presence of data breaches (Jouini, Rabai and Aissa 2014). The data breach is the occurrence, where the confidential, secured as well as confidential data and information is being eventually seen, utilized or even stolen by the specific attacker or hacker, who is unapproved for undergoing such cases. All the organizations, be it smaller or bigger can be a victim of this type of data breaching after involving the intellectual properties, personalized information or resources and assets (Ab Rahman and Choo 2015).
  4. II) Mitigation Techniques for Identified Threats: The various mitigation techniques for all the above mentioned identified potential threats and vulnerabilities for the respective computer network of The Royal Children’s Hospital are given below:
  5. i) Mitigation Technique for Malicious Software: The malicious software is considered as one of the most vulnerable threats for computer network of The Royal Children’s Hospital and this particular software is required to be stopped as early as possible (Ahmad, Maynard and Park 2014). There are two types of security measures that could be useful for stopping type of threat. The first mitigation technique for this is the installation or implementation of the antivirus software within the system and then finally downloading the updates for ensuring that this software has all the latest fixes for viruses (Flores, Antonsen and Ekstedt 2014). The next measure is by ensuring that antivirus software could scan the emails or any other file.
  6. ii) Mitigation Technique for Trojan horse: The only mitigation technique for stopping Trojan horse within the network of The Royal Children’s Hospital is by implementing firewalls (Soomro, Shah and Ahmed 2016). As the name suggests, firewalls act as walls in the network and help to detect or prevent any type of vulnerability. Thus, firewalls are extremely vital for their networks.

iii) Mitigation Technique for Denial of Service Attack: The two important techniques to mitigate the denial of service attack are the utilizing of over provisioning of the brute force defences and also the configuration of windows firewalls and the IP access list (Safa, Von Solms and Furnell 2016). These two mentioned techniques could easily detect and prevent the attacks.

  1. iv) Mitigation Technique for Eavesdropping: This type of network threat or vulnerability for computer network of The Royal Children’s Hospital is by the implementation of encryption technique (Jouini, Rabai and Aissa 2014). A specific electronic search of RF spectrum is used for detecting the unauthorized data access from that area. The encrypted data is used to transmit the message or data.
  2. v) Mitigation Technique for Phishing: The regular up gradation of software and proper training to the hospital staffs in RCH would be extremely helpful for mitigating the attack of phishing (Von Solms and Van Niekerk 2013).
  3. vi) Mitigation Technique for Data Breaches: Encryption is the most effective technique to mitigate the issue of data breaching. If the confidential data will be encrypted, there is less chance that those data would be lost (Crossler et al. 2013). Moreover, the third party will also be retained by this in The Royal Children’s Hospital.

Conclusion

Therefore, from the above discussion, it can be concluded that InfoSec or information security is the set of strategies to control the various tools, policies or processes that are required for the prevention, detection, documenting or countering the threats for both the digitalized as well as non digitalized information. The first and the foremost important responsibility of the information security is that it helps to establish the set of business procedures, which would be protecting the information assets and stopping the major vulnerabilities. The unauthorized data modification is easily and promptly prevented with the help of this information security and thus the security group is responsible to conduct a proper risk management and eliminating all the significant threats and vulnerabilities. The above report has clearly outlined a brief discussion on the information security for an Australian hospital, namely, The Royal Children’s Hospital. A proper security strategy is being documented in this report for this organization and thus the organization could easily identify the various threats and vulnerabilities. Moreover, proper mitigation techniques are also found for these identified threats and vulnerabilities. These mitigation techniques are extremely useful for any organization.

References

Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling in the cloud. Computers & Security, 49, pp.45-69.

Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), pp.357-370.

Andress, J., 2014. The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress.

Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.

Flores, W.R., Antonsen, E. and Ekstedt, M., 2014. Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Computers & Security, 43, pp.90-110.

Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.

Peltier, T.R., 2013. Information security fundamentals. CRC Press.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.

Rch.org.au. (2018). The Royal Children’s Hospital : The Royal Children’s Hospital. [online] Available at: https://www.rch.org.au/home/  [Accessed 13 Sep. 2018].

Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. Computers & Security, 56, pp.70-82.

Singh, G., 2013. A study of encryption algorithms (RSA, DES, 3DES and AES) for information security. International Journal of Computer Applications, 67(19).

Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), pp.217-224.

Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing information security policy compliance: a systematic review of quantitative studies. Information Management & Computer Security, 22(1), pp.42-75.

Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), pp.215-225.

Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.

Xu, L., Jiang, C., Wang, J., Yuan, J. and Ren, Y., 2014. Information security in big data: privacy and data mining. IEEE Access, 2, pp.1149-1176.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now