Incident Response Team and Technology Legislation

Incident Response Team and Technology Legislation

Student Name

Affiliation

An Incident Response Plan provides a well organized and defined approach for managing any impending threats to information systems, as well as taking suitable actions when the cause of the incident or intrusion at a third party is traced back to the business. Computer security incident management in the medium sized business will implement, and conduct an Incident Response plan to assure restoration of operation impacted by the incident. Incident Response Team who implement the plan into the action and provides a rapid, efficient and organized response to computer associated incidents for instance, hacker challenges and break-ins, inappropriate exposure of confidential information to public, system service intrusions, breach of delicate information and virus outbreak. The Incident Response Team’s role is to investigate the report and prevent a severe loss of profits, public assurance by providing an instant, efficient and practiced response to any unanticipated event concerning computer information coordination, databases or networks. The Incident Response Team conducts the response in a reliable manner with proper leadership and procedural resources required to control, diminish a computer security incident.

Having six people as response team, their responsibilities will be as follows:

1st member: Data Security officer- starts computer incident response team and takes essential action to block traffic from alleged intruder. Runs tracing tools such as Transmission Control Protocol (TCP) port monitors, sniffers and event loggers as well as Looking for signs of a firewall breach.

2nd member: Legal officer- He establishes the nature and extent of the incident. He Contacts the Information Technology Operations Center in case he gets any information connecting to a suspected breach.

3rd member: Internal Audit- evaluates the systems to guarantee fulfillment with information security policy and carries out necessary audit test work to make sure mission-vital systems are present with service patches and packs. In addition, he accounts for any system managing gaps to administration of counteractive action.

4th member: Central help desk- contacts qualified information security experts and other members of the Incident Response Team for advice when necessary.

5th member: Human Resources- Monitors and decide which Incident Response Team members play an active role in the survey. Provides proper training

6th member: publicity services- monitor business applications and services for signs of attack.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law that currently governs on how technology can be used. HIPAA focuses on improving health insurance convenient to individuals leaving the work place or changing employers. In addition, it tackles issues involving to electronic transmission of health associated data. Administrative simplification terms include National principles for electronic transmission, distinctive health identifiers for employers, providers, individuals and health plans, Security Standards and Privacy Standards. The HIPAA Security Standards require a covered person to apply policies and procedures that assure confidentiality, integrity and availability of electronic protected health information, in addition protects against anticipated threats or hazards to the security of such information, or disclosures that are not allowed (The HIPAA Privacy Rule, 2009).

Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law by President Obama on February 17, 2009 and has remarkable and permanent effects on the approval of Electronic Health Records (EHR) in USA. Its purpose is to improve the values of a person’s healthcare as the costs are lowered, by computerizing all America’s medical records and avoiding medical errors. To help achieve this goal, the Act creates a system of motivations to encourage practices to implement EHRs and disincentives to penalize slow adoption. HITECH enforces the hands of companies when violation occurs since by ensuring that a payment is made as stated in Breach of Notification Rule. Individuals have had their protected health information negotiated and defended. An investigation is done by the office of civil right department of health and issues a 60 days notification to the company (Paper, 2009).

Reference

Paper, W. (2009, march). A summary of the HITECH Act. Retrieved from

Http://www.athenahealth.com/_doc/pdf/HITECH_Fact_Sheet_Whitepaper.pdf

The HIPAA Privacy Rule, C. O. H. R. A. T. P. O. H. I., B. O. H. S. P., & I. O. M. (2009). Beyond the HIPAA privacy rule: Enhancing privacy, improving health through research. United States of America: National Academies Press.