Business Case: Local Hospital’s data center

Companies spend billions on security each year, yet why is this still an issue? Its almost 2019 and still, most applications are horribly insecure and security best practices are not followed. Applications are designed for functionality, not security because security is seen as difficult and time-consuming, often blamed for adding delays to product launches and revenue-generating activities. Assume; you are an IT manager at the regional Hospital and answer the following questions.

Where the Local Hospital’s parameters are:  600 patients a day, and 250 full-time employees. The hospital has a data cent with all IT assets (Databases, Servers, Data storage, Network devices) to support the Hospital’s Business operations. 


QUESTION 1: There is a need for a new posture for cybersecurity in a networked world where your hospital is part of it.  What are principles used by some of the worlds leading cybersecurity teams at global companies to archive this goal?

How can you adapt the principles for your hospital case?


QUESTION 2: Companies should assess threats and develop controls for the most critical assets.

If the threats against tour Hospital IT System are 

Manipulation of software

Unauthorized installation of software

Misuse of information systems

Denial of service

What would be controls that you should apply to mitigate above listed risks?

Resurce : 

QUESTION 3: As an IT manager, you were tasked to develop an information security and risk management (ISRM) strategy which requires a multiphase approach. What are the phases that would should follow to provide recognizable results and value to the Hospital?