Which situation described in scenario 1 represents a threat to HealthGenic?
Which situation described in scenario 1 represents a threat to HealthGenic?
B - action taken for health genetics
A. HealthGenic did not train its personnel to use the software. I don't think this is a threat. This is more of a risk as the company is not meeting the awareness and training requirements with it measures and metrics. B. The software company modified information related to HealthGenic’s patients This is also a risk but but its an external threat. Threats are used to assess the external issues of an organisation. C. HealthGenic used a web-based medical software for storing patients' confidential information Again, I would say a risk. As long as the correct controls are in place to secure the data.
Not training the personnel is not a threat else a risk. The threat was the ability of the software to modify the patient's information during the fix process.