East Sussex Healthcare Trust has had an information security incident. All incidents are real, and you may find additional published accounts of them that add details. You may be a little creative if the published accounts lack critical details, as companies often do not publish all that is known. You are the ciso (and incident response manager) for this organization.

• What happened?

• the impact of what happened.

• Why it happened.

• The likelihood of it happening again

• what must be done to prevent it from happening again. (Remediation plan) some ideas you may want to consider while you work on this:

• what policy failures/gaps may have led to the incident?

• What can be done to prevent a recurrence?

• What is the impact, short and long term to:

• customers

• employees

• the public

• stockholders/stakeholders?

• is this impact financial, reputational/trust, inconvenience?

• What is the likely cost in $?

• What (if anything) went wrong during the initial response to the incident?

• are there any deep organizational problems that led to the incident occurring?

• were there organizational maturity issues that contributed to the likelihood of, or affected the effectiveness of the response to the incident?

• What mitigation strategies can help?

Answer rating: 100% (QA)

Information Security Breach in East Sussex Healthcare Trust Introduction East Sussex is a healthcare facility that holds a number of hospitals There was an incident that took place where confidential ... View the full answer