Anthem Inc Case Study

IT 549

Milestone 1: Information Assurance Plan Introduction

Anthem Inc. was the victim of one of the many cyber attacks in recent years. In 2015, one of Anthem’s databases was hacked and information such as dates of birth, social security numbers, addresses, and employment information including income data has been compromised. To protect Anthem’s IT system from the future cyber attack, a stronger and more affective information assurance plan is vital. Without having strong information assurance plans in place can create big problems for any organization that experiences a cyber attack. To have a better protection of sensitive information, Anthem needs to have better security policies and procedures to make sure that its IT system is strong enough to adequately protect the important information in its databases.

A comprehensive information assurance plan needs to be implemented to mitigate the risk of being attacked and keep the organization’s asset and sensitive information as secure as possible. The following information assurance plan has been developed and can be used to strengthen the IT system of Anthem and significantly reduce the likelihood of cyber attacks. The information assurance plan has three elements as follow: confidentiality, integrity and availability. These three elements also known as the CIA triad, is a fundamental guideline to create a better information assurance plan for Anthem Inc.

Confidentiality:

Confidentiality is equivalent to privacy and it is needed in an organization. Confidentiality is designed to make sure that important data gets to the right people but not in the wrong hands. It is very important to have restrictions on who is authorized to access the data. Sometimes, it is necessary to categorize data according to the amount and type of damage it could be done in case it get into the wrong hands. In facts, according to those categories, stringent measures then can be implemented.

Integrity:

During the entire life cycle, integrity is used to maintain the consistency, accuracy, and trustworthiness of data. Data should not be changed during transit, and appropriate steps must be taken to make sure unauthorized people does not alter the data. These measures include file permissions and user access controls. In order to prevent erroneous changes or mistaken deletion by authorized users, version control may also be used in these cases.

Availability: 

Availability refers to ensuring that authorized people get to access to the data when they needed. Factors such as natural disasters and power outages also lead to lack of of availability to important information. Backup is key to ensure data availability. Offside backups on a regular basic can certainly reduce the damage caused by damage to hardware, software or natural disasters. It is extremely important to have an off site location ready for backing up if anything happens to the main data centers. After all, Backups or redundancies should be available when needed to restore the affected data to its normal condition.

...