DrugStop Pharmacy Inc. opened in May 2012 as part of theEasyDrugs group of pharmacies. The company offers
Question:
DrugStop Pharmacy Inc. opened in May 2012 as part of theEasyDrugs group of pharmacies. The company offers a variety ofservices including consultations, prescription delivery, homecareand diabetic supplies. They deliver fast and friendly service whileoffering personalized care for their customers. As a new businessowner, Walter Walters was looking for a feature-rich and wellsupported point of sale solution that would also include managinginventory, accounting, staying on top of sales trends and more.DrugStop installed the TELUS Assyst Point of Sale system to meetthese needs. This solution has helped to automate their businessprocesses, allowing them to continue to focus on providingexceptional customer service. The computers used to employ thepoint of sale system include a server and twoterminal/workstations. In addition, DrugStop uses TELUS Assyst Rx,a locally installed software solution for pharmacies to effectivelymanage patient files, prescriptions, inventory, orders, andprofessional info bulletins, while integration/connectivity withprovincial Drug Information Systems (DIS), such as Newfoundland?sThe Pharmacy Network. There is an additional server and twoworkstations used with the TELUS Assyst Rx software. As a pharmacyoperating in the province of Newfoundland, CANADA, DrugStop isrequired to adhere to the provincial Personal Health InformationAct (PHIA) and participate in The Pharmacy Network. The PharmacyNetwork is an online, real-time provincial drug information systemwhich provides authorized health professionals with comprehensivemedication profiles for all patients. The Pharmacy Network enablesthe sharing of information across the continuum of care, acrosshealthcare delivery organizations and across geographies. Whetherthe information flows from a doctor's office, a clinic, hospital orpharmacy, it will appear as one patient record. Theresponsibilities pharmacies have regarding Electronic HealthRecords (EHR) are similar to those that they have always had withrespect to their patients? information - they will have theresponsibility to ensure that appropriate access to patientinformation is controlled at the point of service. The PharmacyNetwork is only accessible by authorized health care providers andtheir delegates (people that work under the supervision ofauthorized health care providers, such as pharmacist assistants,technicians and students). All users of the Pharmacy Networkrequire their own username and password which, to protect privacyand confidentiality, cannot be shared. The Pharmacy Network enablesthe sharing of information across the continuum of care, acrosshealthcare delivery organizations and across geographies. Whetherthe information flows from a doctor's office, a clinic, hospital orpharmacy, it will appear as one patient record.
QUESTION:
Risk Identification ? Tasks include: Asset Identification, AssetClassification, and Vulnerability Assessment
Classify & prioritize assets
Classify the information assets in Column 2 of Table 1(below).
Rank the inventoried and classified data assigning a number toeach CIA column according to the financial impact it would have andhow much trust (integrity) you place in the data as being reliableto the business, if compromised and not being available for aperiod of time. Understand that any data has a financial impact toa business if Confidentiality, Integrity or Availability iscompromised and each should have a number assigned.
next, consider the potential vulnerabilities associated witheach threat, to produce a threat-vulnerability pair (TV pair). Avulnerability can be associated with one or more threats. Collectinput from previous risk assessments, audits, system deficiencyreports, security advisories, scanning tools, security testresults lts, system development testing, industry andgovernment listings, such as sans.org.
Database management systems
ISBN: 978-0072465631
3rd edition
Authors: Raghu Ramakrishan, Johannes Gehrke, Scott Selikoff