Register
Following a complete outage of the electronic medical record system for more than 18 hours, the hospital's Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO)
201k views
1 vote
Following a complete outage of the electronic medical record system for more than 18 hours, the hospital's Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.

Which of the following processes should be implemented to ensure this information is available for future investigations?

A. Asset inventory management
B. Incident response plan
C. Test and evaluation
D. Configuration and change management

User ADoN
by
7.1k points

1 Answer

4 votes

Final answer:

To prevent inconclusive investigations in the future, the hospital's Chief Information Security Officer should implement a strong Configuration and change management process. This will ensure all changes are recorded, including who, when, and what was changed, thus facilitating better accountability and investigative capabilities.

Step-by-step explanation:

To ensure that comprehensive information is available for future investigations into changes in system configurations that might lead to outages or other issues, the process that should be implemented is D. Configuration and change management. This process involves detailing and tracking all changes made to the system's hardware and software, as well as maintaining records of which individuals make these changes. A strong configuration and change management protocol helps to ensure that any changes are recorded, including who made the change, when it was made, and what exactly was changed, thus facilitating accountability and allowing for better investigation capabilities in the event of issues, such as outages or breaches.

By effectively managing configurations and changes, organizations can improve their security posture, reducing the likelihood and impact of outages and data breaches, which cause significant financial theft, identity theft, and other damages. Notably, it also helps prevent problems related to human error and oversight, as mentioned in the research about the impact of cognitive load on decision-making accuracy within security centers.

User Youssef Liouene
by
7.3k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.5m questions

11.2m answers

Other Questions

Who was Adam Smith ? Anybody?
What can turn igneous rock into sediment?
In what way did the GI Bill contribute to the growth of professional and white-collar jobs ? A.by providing US laborers with new job-training programs B.by giving US veterans assistance to purchase a new
What is meant by data mining ?
What is the best way to describe a stock market?
Link Copied!