resolve below activities

Activity 1:

 

Research online templates for:

· incident response (IR) plan

· disaster recovery (DR) plan

· business continuity (BC) plan

 

Note that: Organizations can either establish and develop the three planning elements of the CP process (the IR, DR, and BC plans) as one unified plan, or they can create the three elements separately in conjunction with a set of interlocking procedures that enable continuity.

 

Case study:

Case Study

Koala Health (KH) is an Australian medical centre. During COVID-19 pandemic, the company decided to adopt telehealth technology. Telehealth is the delivery of health care remotely using tools ranging from web-based videoconferencing to wearable technologies, complementing face-to-face consultation and offering significant benefits for patients, their carer, to the healthcare workers and the health system. This would also allow doctors to work from home and conduct medical consultation via video conferencing with their patients also from their homes. KH wishes to also streamline their pathology and pharmacy services and wishes to bring some sort of automation to this system as well. To help you understand how the system works, consider the following scenario:

Bob is a patient. He wishes to be examined by a Koala Health GP. To do that, Bob visited KH websites, downloaded KH mobile application and booked an appointment with one of the doctors via the company app. Bob had to first register for an account. Where he had to register his personal information (name, address, phone number etc.), his Medicare card details and payment details (e.g., credit card details). To book an appointment, Bob was presented with a list of GPs (doctors) available on that day with their available timeslots. Bob then booked an appointment with Doctor Alice.

At the time of the appointment, Dr Alice medically examined Bob via video conference- a function supported by KH mobile application. During the examination Dr Alice requested some blood tests to be done on Bob. The request was digitally processed using Alice's medical system and the request was digitally sent to Koala Health Pathology department. Bob was then issued with a transaction number on his mobile application. The following day, Bob presented to KH Pathology, showed the transaction number form his phone to the staff at the lab. The nurse then took some blood samples from Bob. Bob was then told that Dr Alice will be in touch with him to give him the results. Bob then happily went home. The next day, Bob received a video conference call from Dr Alice to discuss his blood test results. Alice explained to Bob that he must take a prescribed medication for 5 days. To do that, Dr Alice issued a digital prescription to Bob which was sent to Koala Health Pharmacy department. The pharmacy then received Alice's request, accessed Bob's records on the system (medicare details, credit card payment, delivery address etc.) and processed the order remotely for Bob. The next day. Bob received his medication in the mail box.

In addition to the telehealth examinations, all other three transactions (Processing the Blood test results, Alice issuance of the prescription, and medication processing and delivery) were all done remotely.

The above scenario assumes to use several interconnected systems or subsystems. These are:

· The mobile app used by Bob for appointment and video conference

· The system used by Alice to manage appointment and conduct telehealth consultations

· The system used by Alice to order Bob blood test

· The system(s) used by the pathology department to access and process the blood test results

· The system used by Alice to order medications for Bob

· The system(s) used by the pharmacy to process Bob's medication.

 

 

Using the template (s), found in activity one, design a BRIEF incident response plan for Koala Health. Include actions to be taken if each of the following events occur:

 

• Virus attack

• Power failure

• Fire

• Employee error (mistake)

• ISP failure

 

What other scenarios do you think are important to plan for?

 

Activity 2:

 

Assuming Koala Telehealth has moved all its systems to the cloud. Identify the relevant cybersecurity risk and mitigation techniques required.

Hint: Can use a table like the one used in Article (Cloud Security for tenants).

 

Cloud Computing Security for Tenants | Cyber.gov.au

 

 

Activity 3:

COVID-19 have set a new working model where several staff continue to work remotely from home.

 

1. What are the security issues that surround the use of remote working?

2. Assume that there are concerns that the CQU network is being accessed by people who do not have the necessary authorisation. Would you use an intrusion detection system? Or an intrusion prevention system or a firewall or a combination of any of the three?

 

Activity 4

Read https://www.nytimes.com/2019/07/29/business/capital-one-data-breach-hacked.html

 

What information assurance issues should be considered when a business decide to move to the cloud?

 

Activity 5:

What do we know about Optus hack?

What could have been done to prevent it.