Jun 23 2022

How Is Hospital Critical Infrastructure Protected?

Hospitals hold a lot of sensitive data. When they are hacked, patient information is exposed, putting patients at risk because the hackers can use stolen personal information in several identity theft schemes. The Department of Health and Human Services (HHS) has been working hard to protect hospitals from cyberattacks, but the fact is that while they do the best they can, there will always be breaches and more work to be done. The government is trying everything to ensure that hospitals are protected and that patients are aware of any breaches as quickly as possible when they do occur.

Table of Contents

  1. Hospitals as an important part of the critical infrastructure
  2. Hospitals need special protection to keep patients safe.
  3. Some Of the Specific Things That Can Be Done to Protect Hospitals Against Cyberattacks
  4. There are various practices and systems in place to protect critical infrastructure and hospitals.
  5. Is there anything hospital patients can do to reduce their risk?
  6. Conclusion


Critical Infrastructure Risk Assessment: The Definitive Threat Identification and Threat Reduction Handbook

DISC InfoSec

#InfoSecTools and #InfoSectraining



Tags: Hospital Critical Infrastructure

Mar 07 2019

How to choose the right cybersecurity framework

Does your organization need NIST, CSC, ISO, or FAIR frameworks? Here’s how to start making sense of security frameworks.

Source: How to choose the right cybersecurity framework

Oct 27 2009

Clear Policies and Effective Controls

Category: Policies & ControlsDISC @ 2:19 pm

Image via Wikipedia

Writing Information Security Policies

Policy defines law of an organization what is acceptable and less risky way of doing business. Having a law in-place is one thing (a good start for an organization) but how you enforce or change policies over time is a key to successful policy implementation.

To control your environment context is everything, what you want to allow as well as actions that you will take to safeguard your environment to enforce suitable policies. The policies will determine who can access your infrastructure under what circumstances and what conditions and especially what actions needed to be taken when users or devices are in non-compliance.

Over the passage of time you need to re-access policies to determine what new policies need to be added and which one need to be edited or discarded based on current business needs. Policy control should be transparent to user and balance need to be maintained between usability and security. During maintaining this balance policy is more of an art than science. If security control cost more than the benefit attain from business activity, at that point we might need to readdress, how much we want to control the environment which is acceptable to current business needs and does not thwart business activity.

Regularly reassessing policies, education users and enforce current policies to help limit your organization liability. Make sure your practice matches your policies; you may be creating a liability that you believe you have protected yourself against.

You got to try out your new policies to see how well they work in your environment. In this regard you might want to issue policy position statement to receive open feedback from user community before adding into to your company policy. By re-assessing policies on regular basis, and issuing policy statement before enforcing a policy, you can achieve better control over your environment by understanding your user’s requirements and business needs. Deming PDCA (Plan-Do-Check-Act) model apply to the process of building policy, you build this process to perfection over time.

Reblog this post [with Zemanta]

Tags: clear policies, effective controls, information security policy, infrastructure control, PDCA, pdca model, position statement, secrity control