East Sussex Healthcare Trust has had an information security incident. All incidents are real, and you may
Question:
East Sussex Healthcare Trust has had an information security incident. All incidents are real, and you may find additional published accounts of them that add details. You may be a little creative if the published accounts lack critical details, as companies often do not publish all that is known. You are the ciso (and incident response manager) for this organization.
• What happened?
• the impact of what happened.
• Why it happened.
• The likelihood of it happening again
• what must be done to prevent it from happening again. (Remediation plan) some ideas you may want to consider while you work on this:
• what policy failures/gaps may have led to the incident?
• What can be done to prevent a recurrence?
• What is the impact, short and long term to:
• customers
• employees
• the public
• stockholders/stakeholders?
• is this impact financial, reputational/trust, inconvenience?
• What is the likely cost in $?
• What (if anything) went wrong during the initial response to the incident?
• are there any deep organizational problems that led to the incident occurring?
• were there organizational maturity issues that contributed to the likelihood of, or affected the effectiveness of the response to the incident?
• What mitigation strategies can help?
Accounting Information Systems
ISBN: 9780132871938
11th edition
Authors: George H. Bodnar, William S. Hopwood