PharmaCo Case - Suhas Yogish
docx
keyboard_arrow_up
School
University of Texas *
*We aren’t endorsed by this school
Course
6330
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
1
Uploaded by SuperHumanMorningTarsier43
Suhas Yogish (SY23839)
Q1.
PharmaCo possesses a wide range of sensitive data, including patient information from
clinical trials, research and development results, hospital and health insurance data, and
extensive intellectual property related to its drug and processing patents. This collection of
data, particularly health-related information and intellectual property is highly valuable and,
if compromised, could pose significant risks to patient privacy, the company's competitive
advantage, and its compliance with regulatory standards. PharmaCo has recognized the
importance of cybersecurity and has taken proactive steps to safeguard its considerable
data assets, including highly sensitive health information. The company has a dedicated
Chief Information Security Officer (CISO), Paul Williams, who has been tasked with
developing a more sophisticated approach to data and information protection within the
organization, including the creation of a cyber-breach playbook. PharmaCo's IT infrastructure
is described as sophisticated and mature, with data encryption and separated backups.
Although PharmaCo has not experienced a hack, it is prepared for such eventualities with
draft business continuity, incident response, and disaster recovery plans.
Q2.
PharmaCo appears to recognize cybersecurity as an enterprise-wide risk and has taken
steps to implement cybersecurity controls to protect its sensitive assets effectively against
cybersecurity threats. The firm has a comprehensive understanding of the range of sensitive
data it possesses and other valuable intellectual property. The company's approach to
cybersecurity aligns with both the COSO and NIST frameworks by recognizing the need for
an integrated, enterprise-wide approach to managing cybersecurity risk. The adoption of the
NIST Cybersecurity Framework by PharmaCo indicates a commitment to following
established guidelines and best practices for improving its cybersecurity posture. The
company's IT infrastructure is described as sophisticated and mature, with data being
physically and logically separated on encrypted on-site servers as well as at three separate
and distinct encrypted backup sites, demonstrating a layered approach to data protection
which is a principle advocated by both the COSO and NIST frameworks. PharmaCo's
proactive measures, including the development and implementation of various policies and
procedures under the guidance of the Chief Information Security Officer (CISO), further
emphasize its recognition of cybersecurity as an essential aspect of enterprise risk
management. The planned regular reports to the executive team and the board about
cybersecurity indicate an ongoing commitment to governance and oversight, key elements
of the COSO framework. Although PharmaCo has not yet experienced a cybersecurity
breach, the company's preparedness with draft business continuity, incident response, and
disaster recovery plans aligns with the NIST framework's emphasis on resilience. The fact
that the CISO has the creation of a cyber-breach playbook and more thorough testing of
response plans on his work agenda for the coming year suggests that PharmaCo is
continuously working to enhance its cybersecurity defenses and response capabilities.
Q3.
Based on the analysis of PharmaCo's cybersecurity posture and its handling of sensitive
data, I would recommend option (a) to acquire PharmaCo, with the provision of conducting a
more detailed due diligence process focusing on cybersecurity and data management
practices. The justification for this recommendation is as follows:
-
Proactive Cybersecurity Measures
-
Adherence to NIST Framework
-
Sophisticated IT Infrastructure
-
Preparedness for Cybersecurity Incidents
-
Valuable Intellectual Property and Sensitive Data
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help