Operation Security Incidence Response Policy Research Paper Help

timer Asked: Mar 29th, 2019
account_balance_wallet $40

Question Description

Operations Security


Prepare a report to address all aspects of the case study/assignment. This report should be no less than 10 pages of content. You need to include outside sources and properly cite and reference your sources. You must have at least 10 references, 7 of which must be scholarly peer-reviewed articles. In addition to the 10 pages of content, you will want a title page and a reference sheet. This report needs to be in proper APA format.

Be prepared to present a 15-minute presentation on this assignment.


Smith Hospital is a leading health care provider within Kentucky (having five locations throughout the entire state). The system they use is a popular Electronic Health Record system called EPIC. To learn more about this EHR system visit: https://www.epic.com/. On September 15, Daniel Brown (CIO of Smith Hospital) was notified that about two major incidents.

The first incident occurred at the northeast office in which the IT server room was burglarized during normal business hours. It was determined that iPhones, laptops, flash drives and one server was stolen. Local police were notified, and the incident was reported on that date.

The second incident occurred at the southwest campus in which the entire IT system was hacked. Local information security staff determined that 80% of patient's PII to include social security, insurance provider, mailing address and phone number were obtained.

You are Daniel Brown and need to respond to these incidents by taking action immediately.

You will need to complete the following:

  1. Develop an Incident Response Policy for Smith Hospital that will be used to help with Scenario #1 and #2 (create two separate response policies) (this is an attachment that should be included in your paper and referenced in your presentation).
  2. Upon developing the Incident Response Policies, evaluate the incidents described above:
  • Summarize the data incident and potential level of risk, include why?
  • Upon identifying the types of data that could potentially be impacted and what laws/regulations could be in violation of non-compliance if this data was breached
  • Develop your action plan to evaluate this data incident (include your rationale for why the steps were necessary)
  • Describe how the Incident Response Policy supported your actions
  • Identify any issues that made the evaluation more difficult
  • Identify areas of future risk mitigation actions should a similar incident occur (look at the gaps or issues with this scenario)
  • Close the incident (NOTE: The outcome of the incident did not surface any major risks or data breach to the company, but it took the evaluation to get to this conclusion)

Tutor Answer

School: Boston College

Please find attached.Let me know if you need edits. Cheers!


Incidence Response Policy
Student’s Name
Course Number – Name of Course
University Name
Instructor’s Name




Incidence Response Policy
Smith Hospital is one of the best healthcare providers in Kentucky that has several
subsidiaries. It operates an emergency department that runs 24 hours and a lab that operates
12hrs during the day. The hospital uses an Electronic health records system to manage all the
medical records includes payments. In today's world, systems and IT equipment are prone to
several vulnerabilities such as cyber attacks and theft due to critical information that they contain
(Ahmad, Maynard & Shanks, 2015). Smith Hospital has become a victim of cyber attack and
theft of IT resources in its Southwest subsidiary and North East offices respectively. Despite, the
cyber attack the hospital needs to continue with its operations as usual and to do that, it should
have an effective incident response policy to guide the hospital's management on how to regain
operating within the shortest time possible.
Incident Response Policy- Incident 1
Policy statement
The Smith Hospital Northeast offices should be able to identify as early as possible both
physical and remote attempt to access, steal and destroy crucial IT equipment. To do so, the
hospital will outline reasonable guidelines and procedures and necessary corrective actions to
prevent any unlawful access into server rooms and other places where critical ICT infrastructure
are kept (Grispos, Glisson, & Storer, 2015). This incident response policy will, therefore, provide
the foundation of the most appropriate response to incidences that compromises the integrity,
availability, and confidentiality of the Hospital’s electronic health record system.



The incidence response procedures
This section of incident response policy defines the procedure which Southeast offices should
follow in the event of theft data breach incident.
Detection and reporting
According to Ahmad, Maynard & Shanks (2015) incident detection and reporting is the
first step in the process of incident response. Any staff member who detects any form of a
security breach must report it to the director of Information Technology Services. If an
employee or a patient is aware of an incident that compromises the security of IT equipment he
or she should report to this email address inforsec@southwest.org or inform any security officer.
In case the reported incident is confirmed to be true, and that equipment has been lost or
vandalized then the matter is referred to the head of security and the director of IT services. The
director of security will then informs the head of security guards to launch a search in the
compound for possible hidden equipment. Also, the director of IT services in collaboration with
the director of security and director of risk management will form an incidence response team.
Information security response team
The incidence response team will be comprised of representatives from the IT
department, head of security guards, representatives from the risk management department and
system administrators (Grispos, Glisson, & Storer, 2015). The team will be lead by an incident
manager who will be selected by the director of IT services. The response team should assess
and document the actual loss of equipment and the sensitivity of data contained in the stolen
computers and servers. The team should also develop and implement a plan to mitigate the
damaged caused by the security incident (Ahmad, Hadgkiss & Ruighaver, 2014). Also, the team



shall share the information about the incident to people who are outside especially the police
Scope: the incidence response team should act promptly to establish the incident's scope and
most importantly to identify the extent of damage on the servers and other vandalized equipment.
Collecting and preserving evidence: the team should design a plan to collect and preserve ant
traces of evidence collected. According to Grispos, Glisson, & Storer (2015), forensic evidence
should be collected and preserved with the help of experts to help track the suspects.
Investigation: the team should then investigate the vulnerabilities of physical security in th...

flag Report DMCA

Tutor went the extra mile to help me with this essay. Citations were a bit shaky but I appreciated how well he handled APA styles and how ok he was to change them even though I didnt specify. Got a B+ which is believable and acceptable.

Similar Questions
Related Tags

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors