Contingency Planning Project

profileisdory
Module10.docx

Module 7: Contingency Planning Project

Case Scenario: Contingency Plan for Data Breaches

For this assignment, you will need to review the case study presented and assess the impact of the data breach that occurred under your third-party vendor’s system and provide a short report of your conclusions, corrective actions to take, and policy change recommendations.

Background Information

You are the Chief Information Officer (CIO) for a large healthcare system. A significant data breach has just taken place that has impacted thousands of the healthcare system’s patient records. This data

breach occurred because of a phishing attack that was able to compromise one of the employee user credentials and permitted unauthorized access to your healthcare systems electronic health record, EPIC.

Taking Action

You (the Chief Information Officer) are being tasked with developing a comprehensive Contingency Plan to deal with this specific type of data breach that is occurring. In order to be able to successfully develop your Contingency Plan, you will need to research current legal and regulatory compliance requirements for your state.

DEI Considerations: Be sure that your Contingency Plan includes communication strategies that cater to the diverse patient population, consider potential language barriers and the various levels of digital literacy.

Components to be included in your Contingency Plan

· An Executive Summary. This provides a snapshot of the breach/attack, including all areas impacted, the scope, and what initial impact would be on the healthcare system’s operations. Provide a list of potential key stakeholders that may be impacted by the breach.

· Purpose: You will define the purpose of the Contingency Plan and identify potential scenarios that were considered when developing the solution.

· Architecture: You will provide a network diagram for the current system that was breached/attacked, providing insight on the vulnerable points and connections. You will also need to prepare a “proposed” network diagram to reflect your Contingency Plan recommendations either through written descriptions or by creating a flowchart/diagram for this section of your Contingency Plan of the current system and proposed future state system.

· Assumptions: Provide a list of potential assumptions, such as resources, availability of systems, and how this will impact patient care being provided.

· Privacy and Security Strategies: This is where you will provide potential solutions and strategies for short-term and long-term solutions.

· Testing: What is your testing strategy, who is responsible (job role), and define what a successful test would look like.

· Policy and Procedure Proposal(s): Include recommendations for what potential policy and procedural updates or revisions would need to be made, with specific examples of what should be included to prevent this type of breach/attack from happening again. Be sure to address revisions needed to cybersecurity system(s) in place.

· Risk Assessment/Management: Identify current weaknesses that may exist and provide recommendations of strategies to prevent future data breach incidents/attacks.

Parameters

Parameters: For best results it is recommended that you utilize the  Contingency Planning Project template provided in Course Files. This Microsoft Word template has been provided to you to assist with taking the guesswork out of setting up the formatting for your project for you. You will need to utilize in-text citations and provide references on the reference page using APA formatting.

A note about APA, this is the most commonly utilized format in healthcare organizations when they are writing annual reports or presenting to a board. When you use references, you are adding credibility to back up your recommendations and logic for making decisions.

This assignment utilizes TurnItIn, which reviews citations, plagiarism, and artificial intelligence (AI) usage.

Action

Select the Start Assignment button to begin.

Once you have uploaded your files, select Submit Assignment.

Rubric

Contingency Plan

Contingency Plan

Criteria

Ratings

Pts

This criterion is linked to a Learning OutcomeParameters

Parameters -Utilizes Contingency Planning Project template provided -Removes [descriptions/directions for completing pieces of template] prior to submitting -Template has been updated to include student name, professor name & date -Uses standard double-spacing as set-up without extra spaces between sections or paragraphs -Free of grammatical & spelling errors -Uses APA in-text citations and reference list on reference page

10 pts

Meets or Exceeds

Student submission clearly provides for -Utilizing the Contingency Planning Project template provided -Removal of [descriptions/directions for completing pieces of template] prior to submitting -Template has been updated to include student name, professor name & date -Uses standard double-spacing as set-up without extra spaces between sections or paragraphs -Free of grammatical & spelling errors -Uses APA in-text citations and reference list on reference page

7 pts

In Progress

Student submission mostly meets all Contingency Plan Report parameters (may have minor discrepancies with still meeting all parameters or has 1-2 grammatical/spelling errors) -Utilizes Contingency Planning Project template provided -Removes [descriptions/directions for completing pieces of template] prior to submitting -Template has been updated to include student name, professor name & date -Uses standard double-spacing as set-up without extra spaces between sections or paragraphs -Uses APA in-text citations and reference list on reference page

4 pts

Little Evidence

Student submission has 3-5 grammatical/spelling errors or has somewhat deviated from parameters -Utilizes Contingency Planning Project template provided -Removes [descriptions/directions for completing pieces of template] prior to submitting -Template has been updated to include student name, professor name & date -Uses standard double-spacing as set-up without extra spaces between sections or paragraphs -Uses APA in-text citations and reference list on reference page

0 pts

No Evidence

Student submission clearly does not meet the required Parameters

10 pts

This criterion is linked to a Learning OutcomeDEI Considerations

DEI Considerations Addressed -Plan includes communication strategies that cater to the diverse patient population (such as considering language barriers, digital literacy, etc.)

10 pts

Meets or Exceeds

Student submission clearly addresses DEI Consideration communication strategies

7 pts

In Progress

Student submission mostly meets DEI Consideration communication strategies

4 pts

Little Evidence

Student submission somewhat meets DEI Consideration communication strategies

0 pts

No Evidence

Student submission clearly does not address DEI Considerations criteria

10 pts

This criterion is linked to a Learning OutcomeExecutive Summary

Executive Summary includes -Overview of the cybersecurity and/or data privacy attack/threat with identification of all possible areas impacted and the scope of the attack -Identification of what the initial impact would be on the healthcare system’s/organization’s operation -Identification of potential key stakeholders that may be impacted by this attack/threat CO7

10 pts

Meets or Exceeds

Student submission clearly meets the Executive Summary criteria of -An overview of the cybersecurity and/or data privacy attack/threat with identification of all possible areas impacted and the scope of the attack -Identification of what the initial impact would be on the healthcare system’s/organization’s operation -Identification of potential key stakeholders that may be impacted by this attack/threat

7 pts

In Progress

Student submission mostly meets the Executive Summary criteria or has areas that are not fully addressing -An overview of the cybersecurity and/or data privacy attack/threat with identification of all possible areas impacted and the scope of the attack -Identification of what the initial impact would be on the healthcare system’s/organization’s operation -Identification of potential key stakeholders that may be impacted by this attack/threat

4 pts

Little Evidence

Student submission somewhat meets the Executive Summary criteria with an unclear or hard to follow -An overview of the cybersecurity and/or data privacy attack/threat with identification of all possible areas impacted and the scope of the attack -Identification of what the initial impact would be on the healthcare system’s/organization’s operation -Identification of potential key stakeholders that may be impacted by this attack/threat

0 pts

No Evidence

Student submission clearly does not provide the Executive Summary criteria

10 pts

This criterion is linked to a Learning OutcomePurpose

Purpose -A clear statement(s) that define the purpose of this Contingency Plan -Identification of potential scenarios that were considered when developing the solution CO6

10 pts

Meets or Exceeds

Student submission clearly provides the Purpose meeting all criteria of A clear statement(s) that define the purpose of this Contingency Plan -Identification of potential scenarios that were considered when developing the solution

7 pts

In Progress

Student submission mostly meets the Purpose criteria or has areas that are not fully addressing a clear statement(s) that define the purpose of this Contingency Plan -Identification of potential scenarios that were considered when developing the solution

4 pts

Little Evidence

Student submission somewhat meets the Purpose criteria or has an unclear statement(s) that does not full define the purpose of this Contingency Plan -Identification of potential scenarios that were considered when developing the solution

0 pts

No Evidence

Student submission clearly does not provide the Purpose criteria

10 pts

This criterion is linked to a Learning OutcomeArchitecture

Architecture -Current Network Diagram by providing either a clear written description or a flowchart of the current system that was attacked/threatened with insight on the vulnerable points and connections -Future State or Proposed Network Diagram by providing either a clear written description or a flowchart of the proposed network diagram to reflect your Contingency Plan recommendations

12 pts

Meets or Exceeds

Student submission provides clear network diagram flowcharts or written descriptions on the Current and Future State network diagrams that reflects the Contingency Plan recommendations

8 pts

In Progress

Student submission mostly meets the Architecture criteria or has areas that are not fully addressing the Current and Future State network diagrams that are reflected in the Contingency Plan recommendations by use of either network diagram flowcharts or written descriptions

4 pts

Little Evidence

Student submission does not have clear representations of Architecture network diagrams or written descriptions for Current and/or Future State recommendations that are reflected the Contingency Plan

0 pts

No Evidence

Student submission clearly does not include clear network diagram flowcharts or written descriptions on the Current and Future State criteria

12 pts

This criterion is linked to a Learning OutcomeAssumptions

Assmptions Provide a list of assumptions that include -Resources would need (such as people by role, equipment, supplies, availability of systems) -How this will impact patient care

12 pts

Meets or Exceeds

Student submission clearly provides Assumptions to address the criteria of -Resources would need (such as people by role, equipment, supplies, availability of systems) -How this will impact patient care

8 pts

In Progress

Student submission mostly meets the Assumptions criteria or has areas that are not fully addressing -Resources would need (such as people by role, equipment, supplies, availability of systems) -How this will impact patient care

4 pts

Little Evidence

Student submission is not clear on meeting the Assumptions criteria or veers off topic on addressing -Resources would need (such as people by role, equipment, supplies, availability of systems) -How this will impact patient care

0 pts

No Evidence

Student submission clearly does not address the Assumptions criteria

12 pts

This criterion is linked to a Learning OutcomePrivacy & Security Strategies

Privacy & Security Strategies Provide your -1-2 Short Term potential solutions & strategies with vision for implementation -2-3 Long Term potential solutions & strategies with vision for implementation CO3 Note: These should be built upon from your Week 5 Milestone that you submitted with revisions based on professor feedback.

12 pts

Meets or Exceeds

Student submission clearly provides 1-2 Short Term & 2-3 Long Term potential solutions & strategies with a vision for implementation of each

8 pts

In Progress

Student submission mostly meets the Privacy & Security Strategies criterion or has areas that are not fully addressing -1-2 Short Term potential solutions & strategies with vision for implementation -2-3 Long Term potential solutions & strategies with vision for implementation

4 pts

Little Evidence

Student submission does not clearly meet or support Privacy & Security Strategies criterion -1-2 Short Term potential solutions & strategies with vision for implementation -2-3 Long Term potential solutions & strategies with vision for implementation

0 pts

No Evidence

Student submission clearly does not address Privacy & Security Strategy criteria

12 pts

This criterion is linked to a Learning OutcomeTesting

Testing Provide your -Strategy for testing -Identify who/whom will be responsible (job role(s)) -Describe what a successful test will look like

15 pts

Meets or Exceeds

Student submission clearly provides a Testing plan that meets the criteria -Strategy for testing -Identify who/whom will be responsible (job role(s)) -Describe what a successful test will look like

10 pts

In Progress

Student submission mostly meets a Testing plan criteria or has areas that are not fully addressing the -Strategy for testing -Identify who/whom will be responsible (job role(s)) -Describe what a successful test will look like

5 pts

Little Evidence

Student submission does not clearly provide Testing criterion for -Strategy for testing -Identify who/whom will be responsible (job role(s)) -Describe what a successful test will look like

0 pts

No Evidence

Student submission clearly does not address criteria on how Testing would be conducted

15 pts

This criterion is linked to a Learning OutcomePolicy & Procedure Proposal

Policy & Procedure Proposal Provide your recommendations on policy & procedure updates/revisions by -Clearly identifying the Policy and/or Procedure to update or revise -What should be included to prevent this type of attack/threat in a policy and/or procedure -Address specific revisions that would be needed to implement and maintain a cybersecurity system(s) in place CO5

12 pts

Meets or Exceeds

Student submission clearly meets the Policy & Procedure Proposal recommendations by -Clearly identifying the Policy and/or Procedure to update or revise -What should be included to prevent this type of attack/threat in a policy and/or procedure -Address specific revisions that would be needed to implement and maintain a cybersecurity system(s) in place

8 pts

In Progress

Student submission mostly meets the Policy & Procedure criteria or has areas that are not fully addressing -Clearly identified Policy and/or Procedure to update or revise -What should be included to prevent this type of attack/threat in a policy and/or procedure -Address specific revisions that would be needed to implement and maintain a cybersecurity system(s) in place

4 pts

Little Evidence

Student submission does not clearly outline recommendations for a Policy and/or Procedure update/revision -What should be included to prevent this type of attack/threat in a policy and/or procedure -Address specific revisions that would be needed to implement and maintain a cybersecurity system(s) in place

0 pts

No Evidence

Student submission clearly does not address Policy & Procedure proposal criteria

12 pts

This criterion is linked to a Learning OutcomeRisk Assessment/Management

Risk Assessment/Management -Identify current weaknesses or vulnerabilities that exist -Provide recommendations of strategies to prevent future data attcks/threats CO4 Note: These should be built upon from your Week 4 Milestone that you submitted with revisions based on professor feedback.

12 pts

Meets or Exceeds

Student submission clearly provides Risk Assessment/Management -Identification of current weaknesses or vulnerabilities that exist - Provides recommendations of strategies to prevent future data attcks/threats

8 pts

In Progress

Student submission mostly meets the Risk Assessment/Management criteria or has areas that are not fully addressing -Identification of current weaknesses or vulnerabilities that exist - Provides recommendations of strategies to prevent future data attcks/threats

4 pts

Little Evidence

Student submission does not clearly meet the Risk Assessment/Management criterion or is missing one, some or all of the -Identification of current weaknesses or vulnerabilities that exist - Providing recommendations of strategies to prevent future data attcks/threats

0 pts

No Evidence

Student submission clearly does not address Risk Assessment/Management criteria

12 pts

Total Points: 115