Capstone Project Problem Statement
Capstone Project: Disaster and Business Continuity
Rockvale Hospital is one of the largest healthcare providers in the United States with more than 100 hospitals across the country.
Rockvale is dependent on information technology for patient care and operations that any outage to the IT infrastructure, network, data center or applications like the electronic health record (EHR) is a potential threat to patient care.
The hospital’s operations and network can be greatly impacted, or even shut down, due to a natural disaster or the harmful actions of bad actors.
Last year, healthcare was the most targeted industry for malware attacks, accounting for 40 percent of all security incidents in the third quarter, and the U.S. experienced 15 natural disasters with losses exceeding $1 billion each.
As the senior security expert in the organization, you have been tasked to review the security posture of the organization and provide recommendations.
Following tasks should be performed:
● One of the first tasks is to identify the various laws and regulations that govern the healthcare industry in the country.
● According to the laws of the United States, Protected health information (PHI) is protected under which regulatory act?
● Protected health information (PHI) is any piece of information in an individual’s medical record that was created, used, or disclosed during the course of diagnosis or treatment that can be used to personally identify them.
● You have to identify the Protected Health Information (PHI) in relation to 18 types of information that must be handled securely to protect against disclosure and misuse.
● Some members of the organization have raised security related concerns and seek your help select security controls to resolve their issues.
● You may use the following options to select the appropriate control category, control type, and control to remediate the issue stated in each scenario.
● Based on your recommendation the organization is evaluating a next generation security information and event management (SIEM) solution to be able to identify and respond to incidents in an effective manner. The next generation SIEM solution also incorporates features such as Security orchestration, automation, and response (SOAR) and User/entity behaviour analytics (UEBA).
● You are asked to perform a qualitative and quantitative risk analysis to help senior management weigh the impact of the new SIEM solution.
○ The new SIEM selection should be based on the Return of Security Investment (ROSI) metric, instead of Return of Investment (ROI) metric.
○ The organization has been suffering on average one security incident per month.
○ These incidents seem to cost about $10,000 in data loss, fine, and productivity.
○ The SIEM solution is projected to block about 90% of the attacks
○ The new SIEM will cost approximately $25,000 for license fees + $5,000 for training, installation, maintenance etc.
Write the key metrics.
Calculate the amount saved per year by implementing the SIEM solution.
Calculate the Return on Security Investment (ROSI) in percentage based on the formula:
What is the appropriate risk response based on the ROSI? (Transfer, Accept, Mitigate, Avoid)
What is your final recommendation to the executive leadership?
● Conduct penetration testing
● Do not purchase the next gen SIEM solution
● Purchase the next gen SIEM solution with UEBA/SOAR
● Purchase a DLP solution instead
● The hospital IT team provides support to the organization’s internal users via a helpdesk ticketing system. You are reviewing, assessing and diagnosing recent support tickets. Each ticket provides a description of the issue, and in some cases additional notes from the technical team.
● Based on the information provided in the tickets, use the following options in each of the service tickets to select the appropriate diagnosis, adversary technique used and adversary tactic used.
● These are the 3 open tickets:
● The diagnosis of the open tickets reveal several social engineering attacks. What is the BEST prevention against these types of attacks?