Which principle of information security has been affected in this case?

Scenario 1: HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to early adulthood using a web-based medical software. The software is also used to schedule appointments, create customized medical reports, store patients’ data and medical history, and communicate with all the [^involved parties, including parents, other physicians, and the medical laboratory staff.

Last month, HealthGenic experienced a number of service interruptions due to the increased number of users accessing the software Another issue the company faced while using the software was the complicated user interface, which the untrained personnel found challenging to use.

The top management of HealthGenic immediately informed the company that had developed the software about the issue. The software company fixed the issue; however, in the process of doing so, it modified some files that comprised sensitive information related to HealthGenic’s patients. The modifications that were made resulted in incomplete and incorrect medical reports and, more importantly, invaded the patients’ privacy.

In scenario 1, HealthGenic experienced a number of service interruptions due to the loss of functionality of the software.

Which principle of information security has been affected in this case?

A. Availability

B. Confidentiality

C. Integrity

Answer: A

Explanation:

Availability of information is the property of being accessible and usable upon demand by an authorized entity. In other words, availability ensures that the information and the systems that support it are always ready for use when needed. In the scenario, the availability of information was affected when HealthGenic experienced a number of service interruptions due to the increased number of users accessing the software. This means that the software was not able to handle the demand and provide the required functionality to the users. Therefore, the correct answer is A.

Reference: ISO/IEC 27001:2013, Information technology ― Security techniques ― Information security management systems ― Requirements, clause 3.13.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments