Tuesday, December 4, 2012

Crafting the Security Roadmap

Per the theme of security assessment I've been posting about, part of crafting a multi-year security roadmap is examining technologies and practices that have limited use in healthcare but are widely deployed in other industries.

Application Security Testing -  Vendor applications including those with FDA 510k approval may have security vulnerabilities.   Testing third party products with source code analysis tools can find defects that are missed by traditional vulnerability scanning software.   Related to Application testing is third party vendor management.   Testing and verifying the security of cloud hosted service providers and business associates is becoming a best practice.

Data Loss Prevention - Although many healthcare organizations have strict policies on the use of email, social networking, cloud storage, remote access, and mobile devices, it's increasingly import to have technology in place that enforces policies, preventing users from violating policy by sending data to non-secured locations i.e. sending patient information to a referring clinician who uses Gmail.   Many vendors offer appliances that quarantine, notify, restrict, and manage the flow of email containing person identified information/protected healthcare information.    Related to DLP is a strategy to prevent use of unencrypted storage devices - thumb drives, DVDs, CDs etc.

Adaptive Authentication  -  Critical applications, including email, enterprise resource planning , and clinical applications deserve increased authentication rigor.   For example, if a user is not typically outside the US and suddenly logs in from an unexpected location, then the user should be challenged with an additional factor.  Approaches could include a secret question or a one time PIN code sent to a known cell phone.  Such applications can also perform a risk analysis of authentication events to detect anomalies, including authentication events using compromised accounts and suspect IP addresses.

As with other posts on such topics, I look forward to comments about your plans and experiences in these areas.

Related Posts:

  • We Have CancerCancer.  It's a word that creates fear and uncertainty.   Many of the doctors I know use the word "hate" whenever they discuss their feelings about cancer.Last Thursday, my wife Kathy was diagnosed with poorly diffe… Read More
  • The Joy of SuccessAs the year ends, I've spoken to many CIOs.   2011 was a hard year filled with Meaningful Use (including many upgrades to certified systems or self-certification),  5010 (the deadline for upgrading billing systems i… Read More
  • Accountable Care Organization MeasuresOn December 19, CMS announced the selection of 32 Pioneer ACO organizations, five of which are Boston-based:  Beth Israel Deaconess, Mt. Auburn, Steward, Atrius, and Partners Healthcare.To participate in the shared savin… Read More
  • A Look Back at 20112011 was a year of change and tumult.   For a day by day look at the top stories of 2011, check out this impressive chart from the UK Guardian.It was a year in which the economy sputtered worldwide, the Arab Spring … Read More
  • Cool Technology of the WeekIn a previous post I described the capabilities of the Microsoft Kinect technology.I've written about sterilizing iPads and iPhones for use in the operating room and that does work, but there are challenges with subjecting el… Read More

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Powered by Blogger.

Popular Posts

Blog Archive

Copyright © 2025 themakingofanursemidwife | Powered by Blogger
Design and developed by Bhavya Soft :
Blogger Templates