1. Suppose the virus entered FAHC as they suspect. What would you recommend to prevent a virus from entering again the same way? Who has to follow this policy?

How would you train those people on the policy? Who should be responsible for that training? In the broadest possible sense, what does this virus incident suggest to you as a future manager for ensuring information system security at your company?

2. With 5,000 of its 6,000 computers uninfected based on their testing, FAHC was able to continue patient care, though some areas of the hospital did not function optimally. In a worst-case scenario, the numbers could have been the other way round: 5,000 of 6,000 computers infected or even all 6,000. What do you think the impact on patient care would have been then? How would you go about minimizing it?