Assignment:
We Picked Healthcare.
Unit Discussion: Organization Selection
For your assignment this term, you will be working on an unfolding case study in which you will be responding to different situations as a recently hired Chief Information Security Officer (CISO). You and your group will select a company to use as a basis for the case study scenarios. Need Assignment Help?
Your company of focus may be selected from the following sectors:
- Finance and banking,
- Healthcare,
- Technology and IT services,
- Government and defense,
- Energy and utilities,
- Retail and e-commerce,
- Telecommunications,
- Manufacturing,
- Education,
- Pharmaceuticals and biotechnology,
- Transportation and logistics, or
- Hospitality and travel.
Your group will select a company within the given industries and seek approval from your instructor within the first four (4) days of class. Only one group will be permitted to work within each industry, and permission will be granted on a first come, first served basis. That is, the first group to submit a request within each particular industry will receive approval from their instructor.
Submit one discussion board post per group, containing all the names of your group members. The post should introduce the company you selected, provide a brief overview of its services, and be no longer than 250 words.
Take Note:
Our group has chosen the healthcare sector. After researching several options, we selected Community Health Systems (CHS) as our case study company. CHS operates 70 hospitals across 15 states. They provide emergency care, surgery, maternity services, and outpatient treatment. As a new CISO, my job would be to protect patient data, secure medical devices, and prevent ransomware attacks.
We picked CHS instead of more famous hospitals like Mayo Clinic for three specific reasons tied to our course. First, CHS experienced a real-world cybersecurity breach in 2014 where hackers stole data from over 4 million patients. That gives our group an actual incident to analyze using the NIST Cybersecurity Framework we are learning about in this class.
Second, CHS is a for-profit company. Unlike nonprofit hospitals, CHS must balance security spending with shareholder expectations. That creates realistic pressure for a CISO. Third, CHS has an external IT vendor called Community Health Systems Shared Services. According to their SEC filings, this vendor handles critical data storage. As CISO, I would need to audit third-party vendor security, which is a key concept from our course readings on supply chain risk.
We request instructor approval for the healthcare industry with CHS as our focus.