Monitoring and Reporting
Scenario
Dr. Salkind from Valley Healthcare asks you to continue the good work you have done for the organization. You briefly tell him about the importance of continuously monitoring, testing, and improving countermeasures. You found that within the first 24 hours of configuring baseline security, you received alerts that malware had been quarantined within an antivirus program, a disabled service has been turned on (likely via malware), and there was notice of a failed attempt to log in captured by the audit log.
Dr. Salkind now has a better understanding of how important Information Systems Security is. He wants an update of your plan of action to get Valley Healthcare compliant with HIPAA Privacy and Security requirements (the clinic also accepts credit cards) and what type of monitoring and reporting you are planning to implement to protect the organization. He also asked if you would research an Acceptable Use Policy (AUP) regarding network and computer usage for the organization.
Tasks
Write a brief report in which you:
- Describe all the potentially problematic security events that occurred in the 24-hour period.
- Explain what was done (or should be done) to correct the problems encountered.
- Give a brief explanation of the Acceptable Use Policy you found (i.e. type of organization - it doesn't have to be healthcare) and the link to the policy. Provide a brief (1 - 2 paragraphs) explanation of how you would customize the AUP for Valley Healthcare.
Also write a brief statement explaining how your work on this project relates to your responsibility to help the organization achieve its goals of providing Quality Healthcare. Describe at least one additional area of concern or emerging trend related to information systems security that you think warrants the organization's attention in the immediate future.