Denisovan Medical Supplies Case Study: Security & Governance Analysis

Verified

Added on 2023/06/18

AI Summary

This case study provides a comprehensive analysis of security management and governance at Denisovan Medical Supplies. It covers key aspects such as contingency planning, incident response, and the importance of formal policy statements. The study begins by outlining the components of contingency planning for information security, including preparation analysis, response planning, and implementation preparedness, as well as disaster recovery, emergency mode operation, and data backup plans. It then describes the role of incident response in implementing a contingency plan, highlighting its interaction with disaster recovery and business continuity. The case also discusses what Denisovan should include in their After-Action Review (AAR) following a DOS attack. Furthermore, it emphasizes the necessity of formal policy statements, elements of compliance statements, and provides examples of required policy documents, such as the Health Data Initiative Strategy and Execution Plan. The study concludes by suggesting a program for ensuring policy awareness and compliance, and methods for determining the program's success, offering valuable insights into security management practices within a medical supplies context. Desklib offers a wide range of study resources, including past papers and solved assignments, to support students in their academic endeavors.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Case study scenario
Table of Contents

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Questions 1.......................................................................................................................................1
A. List and briefly describe the components of contingency planning for information security
................................................................................................................................................1
B. Describe the role of Incident Response in the implementation of a contingency plan
making sure to discuss its interaction with Disaster recovery and Business Continuity........2
C. After a DOS attack incident affecting the Research and Developments Network at
Denisovan, briefly discuss what they should included in their After-Action Review (AAR)3
Question 2........................................................................................................................................3
A. Write a paragraph explaining the reasons why formal policy statements are essential at
Denisovan Medical Supplies..................................................................................................4
B. Describe what elements compliance statements should contain in a policy document.....4
C. Give Two examples of Policy Documents that would be required at Denisovan Medical
Supplies, provide justification for your choice.......................................................................5
D. Suggest a program to ensure awareness and compliance to the policy.............................6
E. Describe how you could determine the success of your program......................................7
Question 3........................................................................................................................................7
REFERENCES................................................................................................................................9

Questions 1
A. List and briefly describe the components of contingency planning for information security
The information contingency planning system main refers to a coordinated way of strategy
that keeps on involving the plans, procedures along with all the technical measures to enable that
easy and continuous recovery of the information systems, operations and other form of data after
any kind of disruption (Shipman, 2021). The key components of contingency planning for
information security are listed and briefly described as below:
 Preparation analysis- It is vital that a contingency planning must be based on sound
analysis of the risk in a specific context thus, the preparation analysis is mainly to reflect
on the nature and frequency of the hazards and threats including all the vulnerabilities
from which information needed security.
 Response planning- Based on the analysed threats and vulnerabilities for the information
next step is to agree upon the specific role and responsibilities that is important and viral
to effectively react on the risk and having a proper contingency planning to response and
effectively overcome that threat.
 Implementing preparedness- This component of the contingency planning comprises of
the having an effective consolidating process along with a proper follow up action. Under
this component the Simulation and response are exercised that are help full in identifying
the key strengths and weaknesses, as well as meeting the training is required so that all
participants are able to meet their identified responsibilities (Hsia, 2021).
Beside these some other key components of contingency planning for information security
are also there which are listed and briefly described as below:
 Disaster recovery plan- An effective contingency planning for information security
comprises of a written procedure that supports the recovery and protection of the
information at the rime of some major event or disaster.
 Emergency Mode operation plan- This component is also known as the business
continuity plan that focus on having the list of guideline and procedure that supports the
sustaining if the normal business operation at the time of some major information
interruptions.
1

 Data backup plan- It is one of the core component of the contingency panning for
information security as it supports a quick backing up of the all the critical information
and file to prevent the loss of information and also leads to improved information
security (Zimmer, 2021).
B. Describe the role of Incident Response in the implementation of a contingency plan making
sure to discuss its interaction with Disaster recovery and Business Continuity.
It has been seen and analysed that a vital role is being played by the incident response in
the effective implementation of the contingency plan as it helps in maintaining the organisational
loss by the way of resolving and mitigating the exploited vulnerabilities, restore services and
processes and reduce the risks that future incidents pose. Further, it has been also seen and
analysed that the incident response supports and helps in a faster detection and respond towards
the breach of data and even at the time when any security incidents take place (Sindhuja, 2021).
Thus, the incident response leads to reduction in positional loss through having a significant and
positive impact on the data protection and also build and sets out a higher customer trust,
improved organisational reputation and reduce the projected loss.
The Incident response plays vital role in the preparation of the potential security incident
that is important for having a successful and improved response towards contingency planning.
Beside this, an early identification of any security breach is also made by the incident response
that helps and support in removing the security threats. Along with this, an effective incident
response also plays a vital role in improved implementation of the contingency plan through
leading a better entailment, eradication, recovery and better lessons for early identification and
mitigation of risk (Sheaffer, Boyd & Cropp, 2021). Further, it has been analysed and seen that
the incident response act as a balance between Disaster recovery and Business Continuity
through leading an improved coordination and collaboration among the two. It has been analysed
and observed that the Incident response leads to early identification of the contingency and
communicate it with the disaster recovery department and personnel to minimize the loss. At the
same time, the incident response also ensures that all the other business operation should remain
unaffected from the threats and risk thus, plays a vital role in ensuring the smooth continuity of
the business operation at the time of contingency (Kaur, Habibi Lashkari & Habibi Lashkari,
2021).
2

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

C. After a DOS attack incident affecting the Research and Developments Network at Denisovan,
briefly discuss what they should included in their After-Action Review (AAR)
The DOS (denial of service) attack basically comprises of the attack that leads to sudden
shut down of the machine and overall network of the firm and making the vital information and
files inaccessible for the intended users. Thus, the DOS attack within the research and
development network at the Denisovan would cause and lead out the server outages along with
monetary loss through sharing of vital research and development information along with leading
a higher stress in the IT professional to ensure and trying to bring back all the resources online
and in smooth working way (Chirisa, 2021). Thus, at that time the right detection and prevention
method becomes most vital for the Denisovan and should need to include and coming up with an
After Action review plan.
The after action review (AAR) is basically structured and comprises of the review and de
briefing of the vital process that is deigned to analysis that what actually happened and why the
treat occurred DOS occurred. The main point that need to include by the Denisovan in its AAR
after the DOS attack comprises of following main points;
 Incident overview- It comprises of the facts that what actually happened and when did it
happen and how it has been happened.
 Analysis- This section and component of the AAR comprises of the basis observation,
possible expected outcomes, unexpected things, involved incident, key strengths as well
as the areas of opportunity (Lykhova & et. al., 2021).
 Recommendations- This part of the AAR provides the details about the ways to have
improved performance and mitigate the risk of DOS attack in future.
 Improvement/ action plan- It comprises of a detail corrective action to be taken for the
future purpose along with the additional requirement for training and other equipment
needed.
 Conclusion- It provides the summary about all he vital section of the AAR report and
plan (Ramesh & et. al., 2021).
Question 2.
3

A. Write a paragraph explaining the reasons why formal policy statements are essential at
Denisovan Medical Supplies.
It has been seen and analysed that the formal policy having a formal policy statement is
vital and essential for the Denisovan Medical suppliers as it set out a clear expectation and
procedure for doing things in a proper and better manner. Further, the supplying of medical care
includes the healthcare services thus having policy statement becomes more vital and important
to effectively perform and guide in the day- to day activities along with promoting the higher
consistency in practices, reduce mistakes, and keep patients and staff safe. Beside this, the main
reason behind the fact that formal policy statements are essential at Denisovan Medical Supplies
as it ensures meeting and adoption of all the set legal rules and procedure entitled for the medical
supplies thus ensure and serve protection for the organisation from all form and set of
misunderstandings that might lead to unauthorized behaviour or lawsuits (Ye, Zhang & Wu,
2021). Along with this, a formal policy statement also helps the Denisovan Medical Supplies
through ensuring proper guide and meeting set organisational objective through providing proper
steps to create and deliver a medical supply in improved and quality manner.
B. Describe what elements compliance statements should contain in a policy document.
It has been analysed and observed that the policy statement should comprises of the and
reflects about the basic objectives of the organisation together with the having the description
about the general guiding principles and rule set out by the firm. Further, it has been analysed
and summarised that the at a minimum level the comprehensive compliance programs and
statement of a form should include the development and distribution of written standards of
conduct, as well as written policies and procedures that promote the overall commitment level of
the organisation to compliance and specifically address the specific areas of potential fraud, such
as claims (Mahanti, 2021). Further, a brief discussion about the elements compliance statements
should contain in a policy document are provided as below:
 Header Block- This section of the policy document comprise of the title of the policy
document, along with the identity of the debarment who is responsible for the drafting,
reviewing and enforcement of the policy. Beside this, the effective date of the policy,
policy number, date of approval, identification of approval authority together with the
modification and changes of the existing policy has been also included in this part.
4

 Background- This section of the policy statement comprises of the context of the policy
along with the information about the standard procedure and statement based in the
changing law, regulations, standards and its compliance guidance (Anu, 2021).
 Purpose- It basically outline the purpose why the policy stamen and document has been
designed and what it need to achieve.
 Scope- This section and element tend to explain the range of the application and
referenced document that tend to be covered in the procedure and policy statement.
 Definition- It provides definition about the complex and important terminology.
 Policy statement- It tends to describe and present the information about the basic
objective of the firm along with description about the general guiding principles.
 Procedure- This element comprises of the information and knowledge about the detailed
procedural requirements and methods (Kirschke & Newig, 2021).
 Related policies- This element comprises of addressing and meeting the similar issues.
 Reference citation- this element is used for legal and regulatory citations.
C. Give Two examples of Policy Documents that would be required at Denisovan Medical
Supplies, provide justification for your choice.
The examples of Policy Documents that would be required at Denisovan Medical Supplies
are provided below along with having proper justification for their selection:
“The Health Data Initiative Strategy and Execution Plan”- It forms out a vital policy
document which is essentially required at the required at Denisovan Medical Supplies as it
supports vital procedure and set of action that are required to meet and fulfil by a health care
organisation for having improved production and supply of the medical products and services.
Further, the justification behind adopting and making use of the Health Data Initiative Strategy
and Execution Plan and policy document comprises of the fact that it supports vast array of data
resources that needs to be curates openly available for public consumption to ensure better
distribution of the medical supplies (Faraji, Jafari Nozar, & Arash, 2021). Along with this, it has
been also seen and analysed that the Health Data Initiative Strategy and Execution Plan is also
justifiable as it meets the purpose of sparking innovations in healthcare and the delivery of
human services which is tend to known as the Health Data Initiative (HDI). Along with this, the
HDI policy document is required at Denisovan Medical Supplies as it improve health, healthcare,
5

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

and the delivery of human services by harnessing the power of data and fostering a culture of
innovative.
Data management & governance policy- It forms out a vital and essentially required
policy document for the Denisovan as it provides a set of effective guideline and system which
helps in ensuring the all the data and information assets of this firm are consistently managed and
properly reviewed. Further, the selection and use of the Data management and governance policy
is also vital and justifiable as it an effective policy document that helps in establishing the
responsibility and proper systems for better information management. Further, it also supports
effective information management under the various forms of the circumstances that tends to
specific and leads to effective procedure to manage proper information about the medical
supplies (Kaur, Habibi Lashkari & Habibi Lashkari, 2021).
D. Suggest a program to ensure awareness and compliance to the policy.
The programme to ensure the awareness and effective compliance of the set policy comprises of
meeting and fulfilment of the following steps:
 Effectively documenting and presenting the policies and procedure in most simpler and
clear manner that is key for creating awareness about set policy and procedure.
 Consistently applying the polices and procedures one by one in all the departments and
set of operations that needs to be manage and reviewed (Chirisa, 2021).
 Remove all forms of barriers and threats that tend to arise during the compliance of the
policy document such as ensuring effective communication to remove the barrier of lack
of motivation.
 Identifying and reinforcing the needs of the training based on the awareness and need of
the compliance of policy document.
 Remaining in line and staying current with the ever changing laws and regulations is also
forms out a vital step and procedure to ensure the proper compliance and awareness about
the policy document (Lykhova & et. al., 2021).
 Finally, setting effective check and controls to ensure that all the employees are aware
about each and every aspect of the set policy document is vital and essentially required
along with analysing the all employees should effectively follow and meet the set
procedure.
6

E. Describe how you could determine the success of your program
The success of the current program can be measured through setting the goals and targets
and then comparing the actual activity with the set gaols. Further, adopting the use of the
identifying the KPI and effectively administrating the assessments and implementation of the
policy are also vital steps to measure the success of the set policy document (Ramesh & et. al.,
2021). Comparing the actual performance and improvement in the medical supplies and other
business operation and level of information security with the planned level of performance and
security level would effectively help in determining the success level of the selected
programmes.
Question 3
Table 1: Asset priority table
Success of the
organization
impact
Profitability
Impact
Public
image
Priority
Score
(Asset
impact)
Priority of
Assets
Criterion
Weight ->
Assets ˅
25 40 35 50
5
ICT Network
Services
30 45 40 55 4
Chem Build
Software
35 50 45 60 3
Research and
Development
Centre
40 55 50
65 2
Pharmaceutical
Products
Facility Staff
45 60 55
70 1
7

Table 2: TVA Table
Assets
Threats
ICT Network
Services Human error Misconfiguration
of Network
Hardware
failure
Equipment
lifetime failure
ChemBuild
Software
Incorrect
entries
Incorrect
entries
Incorrect
entries
Incorrect
entries
Research and
Development
Centre
Compromises
to intellectual
property
Copyright
infringement
Patent
infringement
Patent
infringement
Pharmaceutical
Products
Facility Staff
Development
Skills Shortage
Employment
leaves
Employment
leaves
Employment
leaves
Table 3: Risk.
Asset Threat Vulnerability Likelihood Impact Priority
ICT network
services
Human error:
Misconfiguration
of Network
Hardware
failure:
Equipment
lifetime failure
Between 2-4
years
Little
importance to
profitability,
little impact
on public
image, and
little impact
to the success
of
organisation
Low Priority
8

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Chem Build
Software
Incorrect entries
of data
Lack of
authenticity of
facts
7 years
Some
importance to
profitability,
Some impact
on public
image, some
impact on
success of
organisation
Average
Research and
Development
Centre
Threat of leak
and breach of
copyright
Compromises to
intellectual
property
½ - 5 years
Important to
profitability
and public
image, strong
impact on the
success of
organisation
Top priority
Pharmaceutical
Products
Facility Staff
Higher emolyess
leaves is a big
threat Shortage in staff
skills
4-5 years
Essential to
profitability,
No impact on
public image,
Critical for the
success of
organisation
Top priority
(b) Write a paragraph discussing the relative priorities of the assets and how that will affect
security planning for these assets
Vulnerabilities are flaws in surroundings and assets, flaws that expose to various dangers and
higher likelihood. And, sadly, a company's vulnerabilities might number in the hundreds, if not
millions. It's impossible to fix all of them, particularly because most firms can only patch one out
of every 10 vulnerabilities. While it may appear that this is a losing struggle, the good news is
that only 2% to 5% of weaknesses are likely to be dominated. And of them, an even smaller
9

proportion is probable to cause a real threat to company, because most of these flaws aren't
aggressively utilized in business, for example.
QUESTION 4
(a) Complete a Cost Benefit Analysis for the items in the tables below
Table 1: Risk - unprotected
Asset Threat Vulnerability
Likelihood -
Annualised Rate
of Occurrence
(ARO)
Single Loss
Expectancy
Annualized
Loss
Expectancy
(ALE)
Intellectual
Property / Patents
Espionage or
trespass
Network
intrusion 45 6524 144.98
Workstations Software attacks Virus/Malware 130 452 3.48
Production Servers Hacking Network
intrusion 40 2968 74.2
Central HO
Server Room
Hardware
equipment
failure
Power Failure 0.5 175786 351572
The control measures identified include:
Table 2: Risk
protected
Asset Threat Vulnera
bility
Control Likelihoo
d -
Annualis
ed Rate
of
Annual
cost of
Safeguar
d
(Control)
Single
Loss
Expect
ancy
(SLE) -
10

Occurren
ce (ARO) (ACS)
Post
Control
s
Intellectu
al
Property
/ Patents
Espionag
e or
trespass
Network
intrusion Firewall 12 $75,000 5529 285 456 563 250
Workstati
ons
Software
attacks
Virus /
Malware
Anti-
virus 5 $16,000 452 380 589 653 750
Productio
n Servers Hacking Network
intrusion IDPS 15 $20,000 1744 300 982 458 671
Central
HO
Server
Room
Hardwar
e
equipme
nt failure
Power
Failure
Uninterru
ptible
Power
Supply
0.25 $125,000 15067 485 127 789 567
456
(b) Discuss, in detail, which of these controls should be implemented, considered, or rejected
Security risk management techniques are established, executed, evaluated, evaluated, and
upgraded as part of security strategy. Entities must create a security plan that outlines how they
will address privacy issues and how safety fits into their needs and objectives. Whenever a
danger to the organization increases, the strategy must incorporate scalability methodological
approaches to adapt to increase or declines in risk. There are applied the control on the
intellectual property in proper manner.
11

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

REFERENCES
Books and journal
Anu, V. (2021). Information security governance metrics: a survey and taxonomy. Information
Security Journal: A Global Perspective, 1-13.
Chirisa, I. (2021). Opportunities in master and local planning for resilient rural settlement in
Zimbabwe. Journal of Rural Studies.
Faraji, S. J., Jafari Nozar, M., & Arash, M. (2021). The analysis of smart governance scenarios
of the urban culture in multicultural cities based on two concepts of “cultural
intelligence” and “smart governance”. GeoJournal, 86(1), 357-377.
Hsia, C. C. (2021). Respiratory Function of Hemoglobin: From Origin to Human Physiology and
Pathophysiology. Cardiopulmonary Monitoring, 635-651.
Kaur, G., Habibi Lashkari, Z., & Habibi Lashkari, A. (2021). Information Security Governance
in FinTech. In Understanding Cybersecurity Management in FinTech (pp. 35-64).
Springer, Cham.
Kirschke, S., & Newig, J. (2021). Complexity in Water Management and Governance.
In Handbook of Water Resources Management: Discourses, Concepts and Examples (pp.
801-810). Springer, Cham.
Lykhova, S. Y., & et. al. (2021). Criminal-legal ensuring of freedom of religion in modern
conditions: a comparative analysis. Cuestiones Políticas, 39(68).
Mahanti, R. (2021). Data Governance and Data Management—Concluding Thoughts and Way
Forward. In Data Governance and Data Management (pp. 169-173). Springer,
Singapore.
Ramesh, S., & et. al. (2021). An optimized deep neural network based DoS attack detection in
wireless video sensor network. Journal of Ambient Intelligence and Humanized
Computing, 1-14.
Sheaffer, E. A., Boyd, K., & Cropp, C. D. (2022). Course Model Redesign for Continuity of
Instruction. In Handbook of Research on Updating and Innovating Health Professions
Education: Post-Pandemic Perspectives (pp. 118-138). IGI Global.
Shipman, P. (2021). Our Oldest Companions: The Story of the First Dogs. Harvard University
Press.
Sindhuja, P. N. (2021). The impact of information security initiatives on supply chain robustness
and performance: an empirical study. Information & Computer Security.
12

Ye, Z., Zhang, D., & Wu, Z. G. (2021). Adaptive event-based tracking control of unmanned
marine vehicle systems with DoS attack. Journal of the Franklin Institute, 358(3), 1915-
1939.
Zimmer, C. (2021). Old Companions. In A Planet of Viruses (pp. 15-72). University of Chicago
Press.
13