PART V

Part V explores the application of information assurance in three selected industries. Healthcare, retail, and industrial control systems will be explored and discussed as examples of applied information assurance. We show the practical application of the MSR information assurance model and other concepts to these industries.

Chapter 26 is based on major issues with healthcare security and privacy. Internationally, healthcare is rapidly changing. For example, in the United States, new legislation has provided requirements and financial incentives for doctors and hospitals to implement and adopt electronic health records. While many have rushed to take advantage of the opportunity, many have also neglected to consider information assurance as part of the people, processes, and technology portion of electronic health record (EHR) implementation.

Chapter 27 explores breaches by major retailers and how modern attacks for retailers differ from other industries. Data flow and the systems used to process, store, and transmit credit card information will be examined as well as practical countermeasures involving technology, policy, and people that retail organizations should consider.

Finally, Chapter 28 addresses industrial control systems. A look at the industrial control environment shows how assumptions about technology and security can have lasting implications for information assurance concerns. As in the healthcare and retail chapters, this chapter will explore common information assurance concerns and provide practical suggestions for using the MSR information assurance model to help understand and mitigate risk.