The foundation for data security management is the organization’s data security policy. It is the prime directive which defines the framework by which processes and procedures are set and implemented.

 

 

The tremendous development in recent years at the IT world, both in extent and complexity, left its marks at the organizational approach to information security. 

 

 

 

Published in late 2010, the ISO 27799 is an international standard for securing information systems in the health sector. The ISO 27799 is based on the general information security standard ISO 27001 and its expansion to the field of securing medical information.

The tremendous increase that occurred in the last several years at credit cards frauds and data breaches to online billing systems and websites, demonstrated the need of a structured security controls.