8.1.1 Compile an inventory of assets associated with information
Asset | Description | Type |
---|---|---|
Homepage - public | Organ allocation rules, meeting minutes, user manuals, quarterly stats. etc | Public |
Homepage - intranet | Database structure, minutes, documentation etc | Internal |
Bugzilla | System for handling bugs and enhancments in YASWA | Internal |
YASWA - application | System for allocating organs according to rules of the Scandiatransplant organisation | Restricted |
YASWA - software | Software of the YASWA-application versioned by GIT | Internal |
E-mail-systems (staff) | Ingoing and outgoing information between the members of the Scandiatransplant organisation and collaborators | Confidential |
Computers (staff) | Most important work tool | Restricted |
Mobile phones (staff) | Ingoing and outgoing information between the members of the Scandiatransplant organisation and collaborators (including E-mail) | Confidential |
Portable storage devises (staff) | USB stick etc. Internal data transfer and information used in relation with participation in meetings | |
Virtuel servers | 5 servers (sc36, 37, 38, 39, 40) used for development and production. Holds patient, donor and transplantation information | Restricted |
Server backup | Daily backup of production data on Oracle and PostgreSQL | Restricted |
Network | Network is delivered by RegionMidt | |
Old paper files | Deceased donor reports, patient information, meeting minutes etc. | Restricted |
Type (Confidentiality):
8.1.2 Select owners for all assets associated with your information
There will be a number of users for these assets. But the prime responsibility for accuracy will lie with the asset owner.
Asset | Owner/responsibility |
---|---|
Homepage - public | Staff |
Homepage - intranet | Staff |
Bugzilla | Staff |
YASWA - application | Members of SCTP |
YASWA - software | Staff |
E-mail-systems (staff) | Staff |
Computers (staff) | User of unit |
Mobile phones (staff) | User of unit |
Portable storage devises (staff) | User of unit |
Virtuel servers | Staff |
Server backup | Staff |
Network | Staff |
Old paper files | Staff |
8.1.3 Prepare acceptable use rules for assets associated with information
Individuals must use SCTP-provided or authorized information technology resources as the business tools required to do their work.
Users must use information and technology resources in accordance with published service level agreements and applicable terms and conditions. The following conditions, and others that may be established by SCTP from time to time, apply to all individuals.
Individuals must not:
Individuals must:
Any content created or transmitted using SCTP equipment or retained within the SCTP network may be monitored, captured and/or be subject to inspection.
All individuals have a responsibility to report violations of this policy. Inappropriate use of SCTP information technology resources will be investigated on a case-by-case basis. Individuals deemed responsible for violations of this policy may be subject to withdrawal of privileges.
8.1.4 Return all assets associated with information upon termination
Hardware, paper, etc. must be returned to the medical director/office manager link
8.2 Develop an information classification scheme
8.2.1 Classify your organization’s information
Classification
Asset | Owner/responsibility |
---|---|
Effect | Likelihood |
1: Catastrophic, highly senstive data, if compromised it will have organizational and legal consequences | A: Frequent, likely to occur very often and/or continuously |
2: Major, if compromise it could mean critical loss in productivity and reputation | B: Likely, occurs several times |
3: Moderate, minor reduced productivity | C: Occasional, occurs sporadically |
4: Minor, minimal impact in the ability to deliver services | D: Seldom, remotely possible and would probably occur not more than once |
5: Insignificant, no effect | E: Unlikely, Will probably never occur |
Likelihood combined with consequense
1 | 2 | 3 | 4 | 5 | |
---|---|---|---|---|---|
A | Extreme | Extreme | Extreme | High | High |
B | Extreme | Extreme | High | High | Moderate |
C | Extreme | Extreme | High | Moderate | Low |
D | Extreme | High | Moderate | Low | Low |
E | High | High | Moderate | Low | Low |
Risks to the objective should be analysed and evaluated to determine a reasonable consequence and likelihood of the described event occurring. Application of the [risk matrix]{title="More on this subject"} determines the following rankings of risks in descending order of priority as:
• extreme (priority one) • high (priority two) • moderate (priority three) • low (priority four)
Asset | Description of events | Classification |
---|---|---|
Homepage - public | 1) Homepage is not accessible | 1) 4+D = Low |
Action: Backup is made every week locally, which makes it possible to access important documents and restore homepage if necessary. Restore is described step by step. | ||
Homepage - intranet | ||
Bugzilla | 1) Access to Bugzilla is compromised | 1) 5+D = Low |
Action: Patient/donor identifiable information is never used to describe problems/enhancements | ||
YASWA - application | 1) Users download extractions with person number etc. | 1) 4+A = High |
Action: This is needed locally, however on frontpage to system login the users are informed about their responsibility when they are working outside of the implemented security measures | ||
2) User password has been compromised | 2) 2+D = High | |
Action: History of own logins can be seen by the user, if access has been compromised the user is instructed to changed password a.s.a.p., which is possible through the application. | ||
3) Users cannot connect to YASWA | ||
Action: Information through homepage, contact to RM (SLA). | ||
4) Erroneous deletion of data | 4) 1+C = Extreme | |
Action: As soon as a mistake is detected, collect data from logfiles/backup and restore/reconstruct data so they are as true as original data as possible. If massive changes are done in the database, programmers will receive an e-mail notification and it is obligatory to follow up and find the reason for the changes. | ||
5) DDOS attack, detection and solution | 5) 3 + D = Moderate | |
Action: How this is handled by RM will be investigated and afterwards documented. Documentation provided by RM, has been added in point 9.1.2 | ||
6) Security risk with 'forgot password' functionality if we inform the user, when the user name does not exist. When you need to retrieve a new password, you will have to enter your username. The system will check for registration of that username and send an e-mail to the address registered on that specific user. The e-mail contains a link, with possibility to create a new password. | 6) 4+D = Low | |
Action: The system will not warn the user if the username does not exist, as this will be a valuable information for hackers. | ||
YASWA - software | 1) OS-user get family-member on waitling-list. OS-user decides to manipulate system, in a way that family-member always gets prioritized. | |
Action: No surveillance is possible as long as the OS-user has root-priviliges. Tampering with search-algorithm will very likely result in bad match and very likely detected by medical personal. | ||
E-mail-systems (staff) | 1) E-mails are received with full patient/donor ID. | 1) 4 + B = High |
Action: It was decided that a standard reply should be send: 'Please know that according to GDPR it is not legal to send complete name and/or person number in an e-mail. I might be authorized when you send e-mails locally on internal mail servers, but not when you send to external e-mail addresses. When you send a message to me/Scandiatransplant, then it is fine and enough to include sc. No. and initials on the patient/donor.' | ||
Computers (staff) | 1) Access to data on computer after job termination | 1) 1+D = Extreme |
Action: Computers owned by Scandiatransplant is the property of Scandiatransplant and must be returned. link | ||
Mobile phones (staff) | ||
Portable storage devises (staff) | ||
Virtuel servers | ||
Server backup | ||
Network | ||
Old paper files | 1) Printout with patient/donor ID is lost in public place | 1) 2+D = High |
Action: Limited printouts with ID and don't bring them outside the office | ||
2) Printout with only Scandia ID is lost in public place | 2) 5+C = Low | |
Action: You need password and userid to connect the information to a person | ||
3) Old paper files at the office | 3) 2+E = High | |
Action: You need access to the department and the doors to the office are locked, when nobody is there. Old paper files are being digitised. |
8.2.2 Establish information labeling procedures
List of physical assets are found here
8.2.3 Develop asset handling procedures
8.3.1 Manage removable media
When reused then format properly. Otherwise dispose:
8.3.2 Manage the disposal of media
Disks must be physical destroyed, which RegionMidt has tools for.
8.3.3 Manage the transfer of media
Data transfer and information used in relation with participation in meetings