NEIBCC Computer Security Incident for Healthcare Organization Plan


Create an Incident Response Policy

Learning Objectives and Outcomes

  • Create an incident response      policy for a health care organization.
  • Explore      policy creation for incident response for a health care organization.

Assignment Requirements

You are a security professional for a large, private health care organization. Users have access to file and application servers, as well as data storage facilities that contain customer health information and personally identifiable information (PII).

Sean, your manager, has been asked to provide the latest version of the organization’s incident response policy. To his knowledge, no policy exists. He has asked you to research and create an incident response policy. 

For this assignment:

  1. Look for at least two incident      response policies for organizations of a similar type to your      organization.
  2. Download NIST “Computer      Security Incident Handling Guide” SP 800-61 Rev 2 located at
  3. Based on your research, create      an initial draft of a high-level incident response policy for your      organization. Consider Health Insurance Portability and Accountability Act      (HIPAA) and other health care–related compliance requirements.
  4. Create a summary report that      includes the draft policy and justifies the content you included in the      draft policy.