This free survey is powered by
  1. Surveys
  2. 2014
  3. March
  4. I
  5. Information Security Measures
0%
Exit Survey
 
 
Jason V. Bonner
[email protected]


Hello,

In order to complete the final requirements for my MBA coursework at Capella University, I am conducting research to gain insight into Information Security and (PII) Personally Identifiable Information protection measures. I am surveying ten Department of Veterans Affairs employees. The survey is completely anonymous. It will take approximately five minutes to complete the questionnaire.

Your participation in this study is completely voluntary. There are no foreseeable risks associated with this project. However, if you feel uncomfortable answering any questions, you can withdraw from the survey at any point. It is very important for me to learn your opinions.

Your survey responses will be strictly confidential and data from this research will be reported only in the aggregate. Your information will be coded and will remain confidential. If you have questions at any time about the survey or the procedures, you may contact my Professor; Lynn Szostek, PhD at [email protected].

Thank you very much for your time and support. Please start with the survey now by clicking on the Continue button below.
 
 
 
* What part of the Department of VA do you work for?
 
National Cemetery Administration
 
Veterans Benefits Administration
 
Veterans Health Administration
 
 
 
* What is your title?
 
Information Technology Manager
 
Information Security Officer
 
Physician
 
Patient Billing Specialist
 
Other
 
 
 
* What type of health information breach (of any size) has your organization experienced in the past 24 months?
 
Misdirected fax or postal mailing
 
Insider attack, such as record snooping or identity theft
 
Lost or stolen unencrypted electronic device or media
 
Improper disposal of paper records
 
Lost or stolen paper records
 
Hacker attack
 
We have had no breach of any size in the past 24 months

 
 
 
* What steps does your organization plan to take in the coming year to help prevent personally identifiable information breaches?
 
Step-up training on privacy, security issues
 
Implement encryption of all mobile devices and removable media
 
Implement audit tool to enhance detection of unauthorized access
 
Implement encryption of all end-user devices
 
Prohibit storage of any client personally identifiable information on mobile devices and removable media
 
Implement data loss prevention system
 
Implement access management system to help guard against record snooping
 
Prohibit storage of any client personally identifiable information on all end-user devices
 
Implement enhanced user authentication, such as multi-factor

 
 
 
* What do you perceive to be the single biggest security threat your organization faces?
 
Mistakes by staff members
 
The growing use of mobile devices, including the BYOD (Bring Your Own Device) trend
 
Business associates taking inadequate security precautions for client personally identifiable information
 
Insider threats, such as records snooping and identity theft
 
Loss or theft of devices or electronic media
 
Hackers attempting to access records or use servers for other purposes, such as gaming
 
Loss or theft of paper records
 
 
 
* How would you grade your organization’s ability to counter EXTERNAL information security threats?
 
Excellent
 
Very good
 
Adequate
 
Needs improvement
 
Poor
 
 
 
* How would you grade your organization’s ability to counter INTERNAL information security threats?
 
Excellent
 
Very good
 
Adequate
 
Needs improvement
 
Poor
 
 
 
* How would you rate your confidence in the security controls maintained by your business associates and their subcontractors?
 
Low confidence
 
Somewhat low confidence
 
Neutral
 
Somewhat high confidence
 
High confidence
 
 
 
* Does your organization have a portion of its IT budget specifically allocated for information breach detection, response, and notification costs?
 
Yes
 
No
 
I Don’t Know
 
 
 
* How would you grade your organization’s ability to comply with HIPAA and HITECH Act regulations concerning privacy and security?
 
Excellent
 
Very good
 
Adequate
 
Needs improvement
 
Poor