Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

You work for a large, private health care organization that has server, mainfram

ID: 3717959 • Letter: Y

Question

You work for a large, private health care organization that has server, mainframe, and RSA user access. Bill, your manager, has been asked to provide the latest version of the organization’s incident response policy. To his knowledge, no policy exists. He has asked you to research and create an incident response policy over the weekend.

Requirements

Look for at least two incident response policies for organizations of a similar type to your organization. In addition, download NIST “Computer Security Incident Handling Guide, rev 2” SP800-61 located at http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf.

Based on your research, create an initial draft of an incident response policy for your organization. Consider HIPAA and other health care–related compliance requirements. Create a summary report that justifies the content you included in the draft policy. Reference your research so that Bill may add or refine this report before submission to senior management.

Explanation / Answer

ABC Healthcare Limited

Incidence Response Policy


1. Purpose. The purpose of this directive is to establish security policy and procedures for implementing the Incidence response policy at ABC Healthcare.


2. Scope. The provisions of this policy apply to all ABC healthcare employees, contractors, and others, who process, store, transmit, or have access to any ABC healthcare information. This policy shall be applied to all ABC healthcare information system resources, at all levels of sensitivity, whether owned and operated by ABC healthcare or operated on behalf of the ABC healthcare. Nothing in this policy shall be construed to restrict the independence of the Office of the Inspector General in the performance of its duties as prescribed by the Inspector General Act of 1978, as amended.

3. Authority. This policy is issued pursuant to US-CERT Federal Incident Reporting Guidelines, NIST Special Publication 800-61, and OMB Memorandum M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information.

4. Definitions. Information Systems. Any telecommunications and/or computer-related equipment or interconnected system or subsystems of equipment that is used in the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of voice and/or data (digital or analog); includes software, firmware, and hardware. Computer Information Security Incident. An act or circumstance in which there is a deviation from the requirements of the governing security regulations. Compromise, inadvertent disclosure, need-to-know violation, and administrative deviation are examples of security incidents, including any unauthorized activity that threatens the confidentiality, integrity or availability of ABC healthcare information system resources. Breach. The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users, and for an other than authorized purpose, have access or potential access to personally identifiable information, whether physical or electronic. Personally identifiable information (PII). Any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. For example, PII could be an individual’s Social Security number; name or address in conjunction with one or more of the following: date of birth; Social Security number, driver’s license number or state identification; foreign country equivalent to Social Security number, tax identification number or equivalent; financial account number; and credit or debit card number. Agency Response Team (ART). At a minimum, an ad hoc ART assembled to address a breach incident consists of the Program Manager of the program experiencing the breach, the Chief Information Officer, the Senior Agency Security Officer, the Senior Agency Official for Privacy, the Privacy Act Officer, and the General Counsel.

5. Policy for Computer Security Incidents. a. Initial Reporting. i. Internal. All computer security incidents, including suspicious events, shall be reported immediately (orally or via e-mail) to the IT Security Officer and/or IT Director, by the employee who has witnessed/identified a breach and/or by the relevant Program Manager, followed by submission of Form ABC healthcare 93, Initial Security Incident Report. ii. External. All computer security incidents, specifically PII, shall be reported to US-CERT, whether potential or confirmed breach, within one hour of discovery/detection.

b. Escalation. The IT Security Officer and/or IT Director should be notified immediately when a suspicious event or security incident is reported. The IT Security Officer shall determine if a security incident is indeed underway. If more information is required to determine if the situation represents a security incident, the IT Security Officer may contact the person who supplied the initial report for additional details.

c. Mitigation and Containment. Any system, network, or security administrator who observes an intruder on an ABC healthcare network or system shall take action to terminate the intruder’s access immediately. Affected systems, such as those infected with malicious code or systems accessed by an intruder, shall be isolated from the network until the extent of the damage can be assessed. System and/or security administrators shall quickly eliminate the method of access used by the intruder and any related vulnerabilities. d. Investigation. Every effort shall be made to save log files and system files that could be used as evidence of a security incident. This includes backing up the affected environment; thoroughly documenting all activities performed on the affected platform or environment to contain, mitigate, and restore the environment; storing any potential evidence, such as drives, diskettes, or tapes, in a locked container; and documenting and controlling the movement and handling of potential evidence in order to maintain a chain of custody. The IT Security Officer or his/her designee shall serve as the focal point for collection of evidence.

e. Eradication and Restoration. The extent of damage must be determined. If the damage is serious and the integrity of the data is questionable, a system shutdown and reloading of operating systems and/or data may be required. Management notification is required if mission critical systems must be taken off line for an extended period of time to perform the restoration.




Related Questions

You work for a city\'s GED program. You are in charge of accepting applications
Question #3133877
You work for a company in Washington state that sells sports equipment. On June
Question #375482
You work for a company in the marketing department. Your manager has tasked you
Question #3156153
You work for a company in the marketing department. Your manager has tasked you
Question #3269623
You work for a company in the marketing department. Your manager has tasked you
Question #3269789
You work for a company in the marketing department. Your manager has tasked you
Question #3296241
You work for a company in the marketing department. Your manager has tasked you
Question #3296406
You work for a company in the marketing department. Your manager has tasked you
Question #3322643
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
You work for a large urban water company. A pipe has broken in a recycling plant
Next
You work for a local car dealership, and have been asked by your chamber of comm

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.