Legal Problems, Ethics, And InfoSec Program At NTN – A Discussion

Legal problems related to mishandling of information

NTN is known to be a newly nursing school started in Australia. The main campus of this school is located in the city of Sydney but its satellite campus is located in two locations that are Darwin and Cairns. This new private has made an agreement with almost three private hospitals which are based in Sydney (Peltier 2016). Both the private hospital and its satellite campus of NTN has established its connection among each other by the help of internet. NTN aims at providing telemedicine and services related to health care to a community which is at a radius of 200 km around it (Soomro, Shah and Ahmed 2016). The mobile team of this organization aims to provide services and consultation to the important patient at their location of home.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

In the coming pages of the report, an idea has been provided regarding legal problems which are encountered due to mishandling of information.  After that ethics for the staff of NTN has been discussed in brief. Apart from this certain measures have been discussed which can be used for unethical use of information. Various components of InfoSec program have been discussed in details.


Legal problems related to mishandling of information

Mobile team of NTN can encounter a list of legal issues with respect to mishandling of information (Tu and Yuan 2014). Accessing the patient healthcare records are generally made available to patient by properly treating it with health care providers and another kind of person who is involved in care of the healthcare system. It is generally a normal healthcare practice for patient of GP and other providers who are generally involved in providing care. Recognition of health care providers is involved in providing proper care which is required to access the information of the patient.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

In many cases, it is seen that patient come up with greater concern related to the fact that how information is made available. It is particularly the scenario related to personal health information which is collected for various service. Healthcare service should be made be available related to certain number of concern and methods of addressing it. Privacy Act 1988 is known to be an Australian law which emphasizes on handling personal information of various individual (Safa, Von Solms and Furnell 2016). It is inclusive of following things like collection, use, storage and lastly disclosure of vital information. Privacy Act of 1988 is generally applied to most of private sector and commonwealth organization. It generally aims in regulating the methods which can be used for regulating organization and agencies for handling information.

Ethics in InfoSec for the Staff of Security division

Ethics in InfoSec for the Staff of Security division

Ethics can be easily stated like a set of certain principles which helps in governing an individual or group of computer. Various security professional are generally expected to have an idea regarding the various laws and associated regulation (Narain Singh, Gupta and Ojha 2014). These are mainly used for use of various computer and along with information. Cyberethics can be easily defined as certain codes of behavior which are needed for understanding various aspects like moral, legal and issues related to social on internet and cyber technology.

With the help of proper cyber ethics an individual can easily experience safer and better internet experience (Silva et al. 2014). Cyberbullying is a good term which is used for repeatedly harming the people. With increase in the use of technologies, cyberbullying has been increased to a large extend. Cyber technologies can be defined as a collection large number of computer and another kind of communication device and associated technologies.

Measures were taken to prevent unethical handling of information

A list of measures should be taken by information security division of NTN from unethical handling of information like creation of code of conduct, appreciation for employees, hiring for values and many others. Unethical practices in the security division of NTN can easily damage its working environment (Safa et al. 2015). Unethical practices in this organization can easily damage its credibility and can force the business to lose its customer. So, the business owners and its management team can easily work with various employees for preventing any kind of unethical behavior with NTN.

Code of conduct: Codes of Conduct which are written can easily provide employees and associated managers with a proper overview regarding the kind of conduct and behaviors (Tot, Grubor and Marta 2015). It mainly outlines the certain number of behavior which is considered to be unexpected and certain employees violate the code of conduct.

Reinforcement of Consequences: Different business owners should hold their employees into account for any kind of unethical behavior. The employees of this organization should be easily informed about the new rules in NTN during the orientation sessions (Mishra et al.2014). If any of the employees of NTN works in unethical way, then that individual should refer to code of conduct and take certain measures for warning him or terminating him.

Show employee appreciation: Loyal employees understand the value of hard work before accomplishing the task on daily basis (Sari and Nurshabrina 2016). Loyal employees are less like to act unethically. Giving appreciation to employees or workers on daily basis can easily encourage loyalty.

Measures were taken to prevent unethical handling of information

Components of InfoSec program

The need for securing information system has become a vital thing as it can be used for transmitting, collecting and lastly storing information (Peltier 2016). Both the federal government and private sector are focusing to easily design and implement secure system for preventing any kind of security breach. Development of an information security program requires a good structured plan which includes various things like people, process and lastly technology. Information security generally emphasizes on well structure plan which is inclusive of people, process and lastly technology (Soomro, Shah and Ahmed 2016). For achieving strategic and operational goals there are some key components for successfully implementing the information security program. 

  1. Emphasizing on information security program
  2. Align the security programs with mission and objectives of an organization.
  3. Development of some meaningful and proper information security program
  4. Developing a proper program for risk management.
  5. Development and implementation of incident response plan.
  6. National and international standard for this organization

ISC 9000 can be stated as a family of quality management standard which is needed for providing the featuring of various products and services (Tu and Yuan 2014). It is generally required by various customers. Quality management helps the organization in ensuring the products and services which is needed for understanding the quality of requirement. ISO 12207 aims in establishment of common framework which is needed by software industry. It comes with certain process which can be used for acquisition of any software services or product (Safa, Von Solms and Furnell 2016). ISO 15288 establishes a common framework which can be used for describing the lifecycle system which is created by humans.


From the above discussion, it can be easily concluded that this report is all about NTN organization which is a private nursing school in Australia. NTN aims in providing telemedicine and healthcare service to community which is established within the radius of 200 km. The mobile team of Darwin and Cairn aim to provide mobile services to various needy patients of the home. Mobile team tends to travel around in a special vehicle known as home care vehicle. Mobile team can easily scan and send the report of the patients to the private hospitals.

They can establish communication with the medical staff through networks. In the above pages of report, an idea has been provided regarding the various legal issues which are related to mishandling of patient information by mobile team of NTN. After that ethics in InfoSec for the staff members of information security division has been discussed in details. The last section of the report deals with various components of InfoSec program.


Mishra, S., Caputo, D.J., Leone, G.J., Kohun, F.G. and Draus, P.J., 2014. The role of awareness and communications in information security management: A health care information systems perspective. International Journal of Management & Information Systems (Online), 18(2), p.139.

Narain Singh, A., Gupta, M.P. and Ojha, A., 2014. Identifying factors of “organizational information security management”. Journal of Enterprise Information Management, 27(5), pp.644-667.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.

Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015. Information security conscious care behaviour formation in organizations. Computers & Security, 53, pp.65-78.

Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. Computers & Security, 56, pp.70-82.

Sari, P.K. and Nurshabrina, N., 2016, April. Factor analysis on information security management in higher education institutions. In Cyber and IT Service Management, International Conference on (pp. 1-5). IEEE.

Silva, M.M., de Gusmão, A.P.H., Poleto, T., e Silva, L.C. and Costa, A.P.C.S., 2014. A multidimensional approach to information security risk management using FMEA and fuzzy theory. International Journal of Information Management, 34(6), pp.733-740.

Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), pp.215-225.

Tot, L., Grubor, G. and Marta, T., 2015. Introducing the Information Security Management System in Cloud Computing Environment. Acta Polytechnica Hungarica, 12(3), pp.147-166.

Tu, Z. and Yuan, Y., 2014. Critical success factors analysis on effective information security management: A literature review.