Order Now
Uncategorized

Role Of Disaster Recovery And Business Continuity Plans In Information Security Management

18 min read
Posted on 
April 11th, 2025
Home Uncategorized Role Of Disaster Recovery And Business Continuity Plans In Information Security Management

Data Storage Infrastructure

A Cloud storage infrastructure is basically the combination of hardware and software framework that supports requirement of the public and private storage in cloud services.A few associations may need the control that private cloud frameworks offer, however would prefer not to management of lodging, running and keeping up an in-house distributed storage foundation. There is a chance that they can contract with a distributed storage specialist to help cloud operations. In this provisioning model, that refers to the Infrastructure-as-a-Service (IaaS), the specialist organization possesses the equipment like the storage, servers and systems administration segments. The customer ordinarily is charged on a for each utilization premise. A disaster recovery plan (DRP) thus depicted as a structured approach along with instructions in order as a responding to any unplanned incident. This well-organized process helps in maintaining the prevention of thedisaster,such that the association can keep track on the operation or the rapidly continue to target the goals. Commonly, management approval of recuperation arranging includes an examination of business procedures and coherence needs. Administration endorsement of recuperation procedures is vital. All techniques ought to line up with the association’s objectives. When disaster recovery systems have been created and endorsed, they can be converted into calamity recuperation designs.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

In this report we are going to discuss about the role of business continuity and disaster recovery plans to recover the information and operational systems when in the case of systems and hardware failure. Analysis the vulnerabilities and threats of information security and thus determining appropriate controls which can be applied for mitigation of the potential risks. Designing an appropriate medical data storage infrastructure and a network infrastructure and explaining the ethical and privacy issues that plays vital role in managing the information security communication in a health organization. Explaining the risks associated with the infrastructure development and how these disasters can be managed and recovered by some potential planning in the system.

Some of the cloud servers are present that allows the healthcare professionals to utilize the connection of medical devices in the diagnosis, body composition evaluation and treatment of the patients in some other location. These kinds of devices can also be enhanced by the usage of telecommunication technology, data storage devices, specialized application based network computer, database management software, and medical devices that are capable of collecting electronic data, transmission and storages are the main components of the organization’s data infrastructure. Not like the traditional database system, which is block based, distributed cloud storage foundations are normally object based. Accessibility to the question based capacity is made conceivable through a Web administrations application programming interface (API) utilizing the Simple Object Access Protocol (SOAP) or Representational State Transfer (REST) convention. The foundation is frequently worked with product equipment and servers are bunched so the capacity limit of each can be accumulated into a solitary pool. In this framework arrangement, limit extension is made conceivable by adding another server to the bunch.

There are Cloud computing analysers (hardware solution: connected device) based on the sensor tele-monitoring deviceswhich is combined by hand in hand configuration and the data is linked by the multiband mobile modem links the data to proprietary of cloud server. There are various software solution levels in the cloud infrastructure where in one level the web based application offers highly privacy based protection and comfortable interface for administrative and logistics solutions, in the next level that reports on body composition and analysis in quality and third is the applications for the tablets and mobile phones such that to make it easier to connect to people.

Network Infrastructure

DICOM is basically used for every kind of images associated to the medical infrastructure like X-ray, CT scans, MRI Digital Radiography and many more. As film-less radiography turned out to be more inescapable a standard was expected to permit the combination of modalities, separates, workstations, scanners and other PC based peripherals to impart. These gadgets are regularly found in a PACS (Picture Archive and Communications Systems) condition. Each DICOM gadget has a conformance proclamation that blueprints what administrations and capacities it has. For instance not all gadgets will have the capacity to ‘STORE’ DICOM pictures, so they won’t have that in their conformance proclamation. The combination of workstations, scanners, servers, printers and system equipment from numerous makers has been empowered by the DIACOM into a Picture documenting and corresponding framework. The distinctive gadget accompanies DICOM conformances articulations that unmistakably state which of DICOM classes. DICOM has been broadly received by hospitals and is influencing advances in smaller applications to like dental specialists’ and specialists’ workplaces.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Network infrastructure is defined basically the software and hardware combination of the systems, which empowers the organizations availability, operation, correspondence and even administration of an undertaking system. This delivers the correspondences on the path operation

3. Privacy and Security Protection Mechanisms

Security is a basic representing guideline of the relationship between the doctor and the patient successful part of medicinal services. Patient requires sharing data to their respective doctors for encouraging experimental finding and assurance of treatment, particular to ignore antagonistic medication connections. Like example, data can be utilized to move forward proficiency inside medicinal services frameworks that drives and open arrangement for the advancement of organization at state and government levels, moreover in the way of research to the science of treatment. Though there is a chance of unveiling essential data for instances of medical issues, like mental state conduction and HIV as their revelation may result to social disgrace and segregation. Physical and physiological data of patients has also been utilized for normal people to elected and state government level medication with respect to the general wellbeing of administration centre accreditation, therapeutic research, and for overseeing social and welfare frameworks. Additionally, providers may share prosperity information through a nearby prosperity information relationship to energize mind organizations. The complete plan of the protection and security assurance instruments for the databases, programming, equipment and system of the framework. The medical records of the patients are also imparted to payer relationship, for instance, insurance, Medicare to legitimize portion of organizations rendered by specialists. Social protection providers may use records to manage their operations, to study profit quality, and to recognize quality change openings. This includes controlling physical security and logical security of the system.

The experience of US human services industry had some changes in a progressive manner. Driven by propels in innovation and enactment of the data like, the 1973 Health Maintenance Organizations Act. The data has been digitalized as an individual wellbeing, transmitted and dug out for viable care arrangement. A new kind of risk to patient’s protection is to keep getting wrong information. In perspective of these developing threats and the general objective of representing practical medicinal service administrations to all residents, a few imperative government directions have been authorized including the Privacy and Security Rules under HIPAA (1996) and State Alliance for eHealth (2007).

Privacy and Security Protection Mechanisms

Threats to privacy of the patient’s and information security are sorted into two expansive ranges:

(1) Organizational threats which emerges from unauthorized accessibility of the information of the patients either by inside operators or misusing the advantages or specialist from outwards abusing the data framework and

(2) Systemic threats that may emerge from the operators in the steam of data chain and abusing the uncovered past information along with expected utilization (NRC 1997).

Organizational Threats: This may accept diverse structures; let’s take an example of an employee who receives the information without any authentic check or outside assailant (programmers) that may invade the organizational framework to take the information. In the start, the authoritative threats can be portrayed by four categories – thought processes, assets, openness, and specialized ability (NRC 1997). Depending on these parts, extraordinary threats may posture diverse standard of hazard to association requiring distinctive alleviation and anticipation procedures. Thought processes could be both of monetary or noneconomic nature. For a few, safety net providers, bosses, and writers, tolerant records may have monetary esteem, while some may have non-economic processes like some of the other may have a man associated with emotional relationship. The aggressors to complete their adventures may require diverse sorts of access, for example, accessibility to the site, approval for the framework and information approval. Likewise, treats may rely on the specialized capacity of attackers, who may have the qualification of refined developers. A person with the aim to obtain information also, having sufficient Late examinations recommend that the wide range of authoritative dangers could be classified into five levels, in the expanding request of modernity: cash related resources may have the ability to buy organizations of complex software engineers to break human administrations data.

  1. Accidental disclosure: human health services work force accidentally reveals tolerant data to others, like data breaching through distributed sharing of document or message emailed on wrong address.
  2. Insider interest: information provided to an insider get to benefit pries upon the record of the patient for clearing up something or for their own motivation, e.g. a medical attendant getting to data about a kindred representative to decide probability in associate of sexually transmitted sickness; or medicinal work force getting to possibly wellbeing data humiliating about a big name and transmitting to media.
  3. Data breach by insider: insiders who get to quiet data and transmit to outcasts for benefit or delivering retribution on quiet.
  4. Data breach by outsider with physical intrusion: an outcast who enters the physical office either by intimidation or constrained section and accesses framework.
  5. Unauthorized intrusion of network system: an outcast, including previous wrathful representatives, patients, or programmers who interrupt with the associated system framework from outside. The access tolerant of the data the framework gets inoperable.

Security is a centre an incentive at Stanford and the University is focused on proceeded with headway of an institutional wellbeing society with solid projects of individual wellbeing, mischance and damage counteractive action, wellbeing advancement, and consistence with material ecological and wellbeing and wellbeing laws and controls. Stanford University endeavours every single sensible push to:

  • Advance word related and individual security, wellbeing and health;
  • Ensure the wellbeing and security of Stanford University personnel, staff and understudies;
  • Give data to personnel, staff, and understudies about wellbeing and security risks;
  • Distinguish and right wellbeing and security risks and energize workforce, staff, and understudies to report? potential dangers;
  • Direct exercises in a way defensive of the earth, and illuminate the Stanford people group regarding natural effects related with institutional operations; and
  • Keep up a hazard based crisis administration program to decrease the effect of crisis occasions to the Stanford people group.

Stanford’s program for giving a protected work environment to personnel, staff and understudies incorporates: office configuration; peril recognizable proof, work environment investigation and restorative activity; shutdown of risky exercises; medicinal reconnaissance: and crisis readiness.

Facility Design: Offices will be composed in a way reliable with wellbeing and security controls and guidelines of good outline. Those University offices accused of essential obligation regarding the outline, development, and additionally remodel of offices, together with EH&S might guarantee that there is proper wellbeing and security audit of office ideas, plans, and plans.

Hazard Identification and Correction: Administrators, might educate understudies and representatives of this approach and energize revealing of working workplace hazards.

Administrators, both workforce and staff, should guarantee that general, occasional examinations of work environments are directed to recognize and assess work environment risks and risky work rehearses.

  • The recurrence of examinations ought to be corresponding to the size of hazard postured in the specific work environment.
  • Methods for revising found dangers as well as shielding people from the perils should be resolved and executed suitably.
  • Risky conditions which can’t be revised by the boss or supervisor must be accounted for to the following larger amount of administration. Any individual, boss or director who ends up noticeably mindful of a genuine hid risk to the wellbeing or security of people should report this threat speedily to the Department of EH&S and to the workforce, staff and understudies who might be influenced.

Potential threats fall into five broadly portrayed classes. Researchers are depended upon to figure out how to constrain potential threats. The CPHS/IRB and Research Compliance Services quantifies the potential threats of research against the focal points as a noteworthy part of the review strategy.

  • Mental risks: Lack in resting or sleeping, tangible hardship, utilizations of the spellbinding, tricker, mental burdens is cases of mental dangers. This kind of risks incorporates due to the creation of some negative state of mind, for example, uneasiness, wretchedness, blaming, loss of confidence and conduction change.
  • Loss of Confidentiality: In all examination including subjects of human emotion, privacy assumption of identifiable data and should always be kept by the examiner acquiring the expression authorized of the subject to do something else. Subjects have the rights to be secured against damage or illicit intrusions of protection and to conservation depending on their poise. The touchier the examination material, the more noteworthy the care that should be practiced, to acquired.  With a specific end goal to limit the hazard for loss of classification, specialists should gather some individual data that re significant to the exploration action. There was an off chance that the individual data to be gathered that ought to be coded to be right on time of action and possibly safer  thus put away with the goals which only the approved staffs may get. Without the expression assents of the subject characteristics of individual subjects may never be discharged. In addition, if a specialist wish to utilize the data for the reason that other initially collected and the information is yet to be identified, there must be a requirement of the specialist to acquire assents from the subject for new version of the information.
  • Social/Economic risks: Social/Economic risks includes changes that involves with others, these are said to be burden of the subjects, and including humiliation, loss of regard of others, marking a way that may have adverse outcomes, or some way reducing those open doors and forces a man has by temperance of associations. Social/Economic incorporate instalment by subjects for techniques not generally required, loss of wages or other salary and some other money related costs, like harm to some subject employability, as an outcome of support in the exploration.
  • Physical risks: A physical risk incorporates physical distress, torments, damages, sickness or illness realized by the techniques and the system of the examination. In a Social circumstance connecting with a subject that could include viciousness may similarly makes a physical hazard. This kind of risk may occur due to the inclusion of physical boosts, for example, commotion, warm, frosty, electric attractive or gravitational fields, and so forth.
  • Legal risks: Existence of Legal risks can be examined in techniques with having the end goals that the order and subjects can be at risk for the infringement of the techniques and laws. This is either by uncovering the subject matter or by let other take part in the leads for which the subject or other might be criminally at some risk.

Health Information Privacy Regulations

A Disaster Recovery procedure should begin at the business level and figure out which applications are most imperative to running the association. The RTO portrays the objective measure of time some application of business may be down, normally measured in hours, minutes or seconds. The RPO portrays the earlier points when the application should be recouped. Recuperation systems characterize an association’s gets ready for reacting to an occurrence, while debacle recuperation designs depict how the association ought to react.

In deciding a recuperation methodology, associations should consider such issues as:

  • Financial plan
  • Assets – individuals and physical offices
  • Administration’s position on dangers
  • Innovation
  • Information
  • Providers

Administration endorsement of recuperation techniques is vital. All techniques ought to line up with the association’s objectives. The develop and approved strategies of disaster recovery can be translated to disaster recovery plan later.

Conclusion

This report depicts the various risks associated to the data framework and features that can signify the execution in an expansive technique. Understanding this huge range of risks to the health care organization in the initial phase may guarantee the management of this risks and prevent it. A disaster recovery plan (DRP) thus depicted as a structured approach along with instructions in order as a responding to any unplanned incident. This well-organized process helps in maintaining the prevention of the disaster, such that the association can keep track on the operation or the rapidly continue to target the goals. cloud servers are present that allows the healthcare professionals to utilize the connection of medical devices in the diagnosis, body composition evaluation and treatment of the patients in some other location. DICOM is used for every kind of images associated to the medical infrastructure like X-ray, CT scans, MRI Digital Radiography and many more. Commonly, management approval of recuperation arranging includes an examination of business procedures and coherence needs. All, the systems gets powerless in front of cyber security dangers like data breaching and attacking hence it is essential to prevent it in the initial stage. The information security program is the basic form for the moderation od these dangers and thus keep a break to information. The historic approach to the security of the data begins with the understanding of the network that has been used in the organization, along with its architecture, user population and the mission requirement for the prevention of the system.

References

Bodie, Z., 2013. Investments. McGraw-Hill.

Dehling, T., Gao, F., Schneider, S. and Sunyaev, A., 2015. Exploring the far side of mobile health: information security and privacy of mobile health apps on iOS and Android. JMIR mHealth and uHealth, 3(1).

Fernández-Alemán, J.L., Señor, I.C., Lozoya, P.Á.O. and Toval, A., 2013. Security and privacy in electronic health records: A systematic literature review. Journal of biomedical informatics, 46(3), pp.541-562.

George, J., Kumar, V. and Kumar, S., 2015. Data Warehouse Design Considerations for a Healthcare Business Intelligence System. In World Congress on Engineering.

Hofmann, M. and Klinkenberg, R. eds., 2013. RapidMiner: Data mining use cases and business analytics applications. CRC Press.

Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.

Imtiyaj, S., 2015. Privacy Preserving Data Mining. transactions, 2(2).

Jain, D. and Sharma, M.Y., 2017. Adoption of next generation robotics: A case study on Amazon.

Kasemsap, K., 2015. The role of data mining for business intelligence in knowledge management. Integration of data mining in business intelligence systems, pp.12-33.

Kedar, S., Dhawale, S., Vaibhav, W., Kadam, P., Wani, S., and Ingale, P., 2013. Privacy Preserving Data Mining. International Journal of Advanced Research in Computer and Communication Engineering, 2(4).

Larose, D.T., 2014. Discovering knowledge in data: an introduction to data mining. John Wiley & Sons.

Mishra, S., Caputo, D.J., Leone, G.J., Kohun, F.G. and Draus, P.J., 2014. The role of awareness and communications in information security management: A health care information systems perspective. International Journal of Management & Information Systems (Online), 18(2), p.139.

Mxoli, A., Gerber, M. and Mostert-Phipps, N., 2014, November. Information security risk measures for Cloud-based Personal Health Records. In Information Society (i-Society), 2014 International Conference on (pp. 187-193). IEEE.

Peltier, T.R., 2013. Information security fundamentals. CRC Press.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Provost, F. and Fawcett, T., 2013. Data Science for Business: What you need to know about data mining and data-analytic thinking. ” O’Reilly Media, Inc.”.

Rusu, D., Triantafyllidis, N.P. and Kremers, J., 2015. Security Intelligence Data Mining.

Ryoo, J., 2017. Big data security problems threaten consumers’ privacy. The Conversation. Retrieved 6 August 2017, from https://theconversation.com/big-data-security-problems-threaten-consumers-privacy-54798

Sekaran, U. and Bougie, R., 2016. Research methods for business: A skill building approach. John Wiley & Sons.

Shmueli, G. and Lichtendahl Jr, K.C., 2017. Data Mining for Business Analytics: Concepts, Techniques, and Applications in R. John Wiley & Sons.

Shmueli, G., Patel, N.R. and Bruce, P.C., 2016. Data Mining for Business Analytics: Concepts, Techniques, and Applications with XLMiner. John Wiley & Sons.

Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), pp.217-224.

Swan, M., 2013. The quantified self: Fundamental disruption in big data science and biological discovery. Big Data, 1(2), pp.85-99.

Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.

Wager, K.A., Lee, F.W. and Glaser, J.P., 2017. Health care information systems: a practical approach for health care management. John Wiley & Sons.

Willis III, J.E., 2013. Ethics, Big Data, and Analytics: A Model for Application. Educause Review Online.

Witten, I.H., Frank, E., Hall, M.A. and Pal, C.J., 2016. Data Mining: Practical machine learning tools and techniques. Morgan Kaufmann.

Wixom, B., Ariyachandra, T., Douglas, D.E., Goul, M., Gupta, B., Iyer, L.S., Kulkarni, U.R., Mooney, J.G., Phillips-Wren, G.E. and Turetken, O., 2014. The current state of business intelligence in academia: The arrival of big data. CAIS, 34, p.1.

Wu, X., Zhu, X., Wu, G.Q. and Ding, W., 2014. Data mining with big data. IEEE transactions on knowledge and data engineering, 26(1), pp.97-107.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now