Information Security Services

The mission of LLUH Information Security Services is to protect the privacy of our patients and employees, and to protect the digital assets of LLUH. We are committed to this mission by practicing a risk-based and continuous improvement approach to preventing unauthorized access, use, transmission, disclosure, disruption, modification, storage or destruction of information. We perform continuous analysis of threats and vulnerabilities, combined with the implementation of industry standard security controls across people, process and technology. We are able to achieve this by collaborating with numerous stakeholders, such as Information Services, Compliance, Human Resources Management, Finance, and Internal Audit, while providing visibility and transparency through education, meaningful performance metrics, reporting, and scorecards.

Services

The generally accepted industry definition of Information Security is to preserve the confidentiality, integrity and availability of an organization’s information assets. At Loma Linda University Health, these assets include, but are not limited to:

• Critical and Sensitive Information, e.g., Protected Health Information, Personally Identifiable Information, and Institutional Intellectual Property
• Information Technology Hardware and Software
• Personnel and Information Management Processes

In support of the above, we offer the following services:

• Information Security Architecture and Design – Security Reviews and Guidance on Policies, Standards and Practices
• Information Security Operations – Security Engineering, Analysis and Operation of Access Control Systems
• Information Security Incident Response – Responding to security events such as Network/ System Attacks, Phishing, Ransomware, etc.  
• Identity and Access Management – Provisioning, Updating and De-Provisioning User Accounts, including User Identities, Credentials and Entitlements
• Application Security – Analysis, Design and Management of Application Security Profiles