SANS' practical cyber hygiene steps for healthcare

Providers can take steps now to prevent attacks or breaches but must be diligent to succeed
By Jack McCarthy
07:53 AM

With every high profile breach of corporate information systems, the perception is growing that hackers have the upper hand on organizations that are increasingly vulnerable to attacks. But is that consensus actually true?

"Frankly: We don't believe that," said James Tarala, senior instructor at the SANS Institute, a non-profit specializing in information security and cybersecurity training. "There are steps you can take to stop these things from taking place, but you have to be consistent and diligent."

Tarala said a body of work has grown up in recent years in response to attacks based on comprehensive research from the likes of the National Security Agency and the Department of Homeland Security, as well from nonprofit and private security organizations to set out guidelines for proper information security roadmaps, best practices that constitute sound cyber hygiene.

Tarala will be outlining these roadmaps in two SANS workshops at the HIMSS and Healthcare IT News Privacy & Security ForumThe tracks are titled, "SANS Workshop - Implementing Healthcare Cyber-Hygiene with the Critical Security Controls." 

[Learn more: Meet the speakers at the HIMSS and Healthcare IT News Privacy and Security Forum.]

Attendees will receive information on actual attacks that could have been stopped or mitigated through implementing good cyber-hygiene practices while focusing not only on the best way to block known cyber-attacks but also best practices on mitigating the damage from attempted cyber-attacks.

Tarala said the latest security technology alone will not be able to stop hackers bent on breaching corporate perimeters.

"There are certain core principles involved in security, such as knowing what systems you are trying to defend, having inventory of those systems, knowing what software you allow to run in your organization, ensuring systems are configured properly," Tarala added.

The workshops will help people understand what it means to be involved in a cyberattack, including what causes them. Through case studies, participants can better grasp what actually happens and see what defenses can be put in place to stop these attacks.

"It's all practical," Tarala said, "so you can see how you can go back to your office and put effective security measures in place."

Register for The Privacy & Security Forum here. The Forum runs Dec 1-3 at The Westin Boston Waterfront Hotel. 

Related articles: 

5 tips for winning a bigger security cybersecurity budget 

CIO on security: 'You can't do it alone' 

Q&A: Richard Clarke's worst security nightmare

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.