Incident management isn’t enough — here’s what IT really needs

incident managementIn all of the latest IT security threat reports, one theme is clear: Breaches and compromises are on the rise, both in quantity and sophistication, and there’s no sign of them slowing down. Organizations of all sizes are at risk. Businesses need to be ahead of the game, maintain a strong security posture, and be prepared for anything.

But is it possible to be prepared for the unexpected? Yes it is, but only if you focus on developing and implementing sound incident management practices.

This includes everything from initial detection of an intrusion in the IT environment to response and recovery services. But here’s the rub: Incident management programs are useless if they can’t detect an incident or attack in real time. This is the key component to the IT security universe. Continue Reading…

Tags: , , , ,

Tackling security vulnerabilities in health care

health care data securityNetwork security is critical for any organization, but in the health care space, with the personal and medical details of millions of individuals in the balance, the stakes are even higher. Out-of-date software, unimplemented patches, or even outdated passwords could be the vulnerability that exposes the sensitive information of an innocent and unsuspecting patient base. Two recent security breaches suffered by prominent U.S. health insurers highlight these vulnerabilities.

In February, Anthem Inc., the second-largest health insurer in the U.S, revealed that a previously-disclosed hacker attack compromised the health care records of as many as 80 million individuals. A few weeks later, Premera Blue Cross reported that the personal, bank, and health data of an estimated 11 million individuals was exposed when hackers penetrated its system in a similar assault.

These two high-profile security breaches have intensified the spotlight on data security, and raised several important questions for health care organizations (what HIPAA calls “connected entities”) and groups that provide supporting services to health care entities (called “business associates”). These groups should be asking the following questions: Continue Reading…

Tags: , , , , , , ,