Reference no: EM131045257
John Miller is the information security and privacy officer of a local county-owned teaching hospital. He is new to his position and began his work by evaluating the existing security and privacy controls that are in place in the institution. He is also new to information security, having only recently graduated with a BS in information security with professional experience as an active-directory administrator for two years. This work with active directory created his interest in pursuing a position in the field of security. Because he has most experience in the area of account management, user creation and management, groups, roles and group policy, these are the areas where he began his work. He found literally hundreds of idle accounts indicating that users are created but are not properly discontinued when medical students, nursing students, and other employees move on and no longer need access to the data collected and stored by the hospital.
This discovery inspired him to begin digging into other aspects of the security controls, and he found evidence of malware on the servers that house the data collected and stored for use by the hospitals clinical systems. His next discovery was the most alarming. The objective of the malware that had deeply infested the hospital systems was to package and transmit all available data to a remote host located in North Korea. John is clearly in over his head at this point and needs to act quickly to resolve this situation and stop the flow of personally identifiable health information to an unauthorized third party.
Use the study materials and any additional research needed to fill in knowledge gaps. Then discuss the following:
1. What primary laws, regulations, or statutes have been violated by this lack of attention to controls, leading to this serious breach of security?
2. What channels of communication should John enlist to assist him in resolving this matter, and in what order should those communication sources be contacted?
3. What tools and any supporting resources are available to John to determine the breadth of the breach and the mitigations available to secure those assets?
|
Test statistic-critical value and p-value
: Conduct the hypothesis test and provide the test statistic, critical value, and P-value, and state the conclusion.
|
|
Explain primary reasons why your strategy would be effective
: Identify the main steps required to configure Cisco IOS IP service level agreements (SLAs) functionality. Outline a strategy for defining the operations, objects, or actions embedded in these steps. Explain the primary reasons why your strategy wo..
|
|
How do law enforcement organizations regulate use of media
: How do law enforcement organizations regulate the use of social media? Just about every major law enforcement organization has a Facebook account associated with the organization's website.
|
|
Write a paper that identify the customer and business needs
: Write a 750- to 1,250-word scope verification paper in which you identify the customer and business needs as the theme for the project your team selected. Complete the following in your paper.
|
|
What primary laws-regulations or statutes have been violated
: What channels of communication should John enlist to assist him in resolving this matter, and in what order should those communication sources be contacted?
|
|
Contract with ideal insurance company
: Brown enters into a written contract with Ideal Insurance Company under which, in consideration of her payment of the premiums, the insurance company promises to pay State College the face amount of the policy, $100,000, on Brown's death. Brown pa..
|
|
Provide a target price and also analyst recommendation
: AC221 Financial Accounting Spring 2016 - Financial Statement Analysis Project. You will need to provide a target price and also analyst recommendation (Strong Buy, Buy, Hold, Sell, Strong Sell). You can rely on what stock analysts think already and..
|
|
Prepare the journal entries in the books of federation
: Prepare the journal entries in the books of Federation Ltd to record the acquisition of Nigeria Pty Ltd and a Trail balance with entries then a statement of financial position for Federation Ltd immediately after the acquisition.
|
|
Option contract without pamela permission
: Georgia purchased an option on Greenacre from Pamela for $10,000. The option contract contained a provision by which Georgia promised not to assign the option contract without Pamela's permission.
|