Health Body Wellness Center
Information Security Management System (ISMS)
File:FYT2_Task2 By Thomas A. Groshong Sr Page Health Body Wellness Center (HBWC) promotes medical research, evaluation, and sharing of information between health care professionals
. The HBWC’s Office of Grants Giveaway (OGG) provides for the distribution of federally supported medical grants. OGG uses a Microsoft Access database program called Small Hospital Tracking System (SHGTS) to manage the medical grant distribution process. A risk assessment of SHGTS was conducted to evaluate vulnerabilities and establish a baseline of potential threats. This document will outline an ISMS plan for HBWC and provide recommendation of additional steps needed to implement and maintain this plan. Use of the ISO 27000 series certification process will provide a framework for the ISMS. The Plan-Do-Check-Act (PDCA) model provides a step-by-step process for planning, implementing, and management of the ISMS plan. The ISMS outline, network drawing, and additional recommended steps will be discussed below.
A1. Business Objectives
The first step of any ISMS is the identification of the business objects that need to be included in the planning and maintenance of an organization.
Listed below are HBWC’s major objects to be considered when developing ISMS. (
Arnason, S, & Willett, K.D, 2008)  Staff: Basic users, RAS users, Administrators, Executives, and Database Administrators roles, access levels, and responsibility should be defined.


Facilities: HBWC headquarters in room 1234 & OGG offices in room 5678 (Location of servers and network devices) physical security must be examined.


Technology: Microsoft Windows 95/NT Server environment, Access 97 database, and network devices and configuration of said equipment (Patches & Updates). Discussion of