Suppose your organization has had an information security incident (as in Prince Albert Parkland Health Region). You are assigned your own specific incident. You may supplement the information; all incidents are real, and you may find additional published accounts of them that add details. You may be a little creative if the published accounts lack critical details, as companies often do not publish all that is known. You are the CISO (and Incident Response manager) for this organization.

Requirement:

Prepare a detailed brief for your organization’s board of directors, describing & discussing: • what happened. • The impact of what happened. • Why it happened. • The likelihood of it happening again • what must be done to prevent it from happening again. (Remediation plan) Consider the incident from the context of this course and text. Apply the concepts and tools, and create a useful OUTLINE of a remediation plan.

Some ideas you may want to consider while you work on this: • What policy failures/gaps may have led to the incident? • What can be done to prevent a recurrence? • What is the impact, short and long term to: • Customers • Employees • The public • Stockholders/Stakeholders? • Is this impact financial, reputational/trust, inconvenience? • What is the likely cost in $? • What (if anything) went wrong during the initial response to the incident? • Are there any deep organizational problems that led to the incident occurring? • Were there organizational maturity issues that contributed to the likelihood of, or affected the effectiveness of the response to the incident? • What mitigation strategies can help?