The Insider Threat -A Brief Overview. Introduction



Similar documents
REGULATIONS FOR THE SECURITY OF INTERNET BANKING

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS

Information Security Policy

HIPAA Assessment HIPAA Policy and Procedures

Overview of the HIPAA Security Rule

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Index .700 FORMS - SAMPLE INCIDENT RESPONSE FORM.995 HISTORY

HIPAA for Business Associates

Boston University Security Awareness. What you need to know to keep information safe and secure

TABLE OF CONTENTS Information Systems Security Handbook Information Systems Security program elements. 7

FINAL May Guideline on Security Systems for Safeguarding Customer Information

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Logging and Auditing in a Healthcare Environment

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

Montclair State University. HIPAA Security Policy

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Wellesley College Written Information Security Program

Privacy Breach Protocol

Data Security Incident Response Plan. [Insert Organization Name]

Cybersecurity for Meaningful Use FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Cybersecurity Enhancement Account. FY 2017 President s Budget

AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS

The Business Case for Security Information Management

Attachment A. Identification of Risks/Cybersecurity Governance

The Impact of HIPAA and HITECH

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

HIPAA and Mental Health Privacy:

Transcript Tax Fraud & Identity Theft - Protecting your clients and yourself Webinar

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Identifying Broken Business Processes

CITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY

HIPAA: Privacy/Info Security

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

Data Privacy and Gramm- Leach-Bliley Act Section 501(b)

I ve been breached! Now what?

Privacy & Security Matters: Protecting Personal Data. Privacy & Security Project

ALERT LOGIC FOR HIPAA COMPLIANCE

Performing Effective Risk Assessments Dos and Don ts

Data Security: Fight Insider Threats & Protect Your Sensitive Data

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

White Paper. Information Security -- Network Assessment

NCUA LETTER TO CREDIT UNIONS

Insider Threats in the Real World Eavesdropping and Unauthorized Access

Data Loss Prevention Program

Getting real about cyber threats: where are you headed?

Hot Topics in IT Security PREP#28 May 1, David Woska, Ph.D. OCIO Security

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

HIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich

Thinking about using a hidden camera or other equipment to monitor someone s care?

HIPAA Security and HITECH Compliance Checklist

TYPES OF POSSIBLE IDENTITY THEFT

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Managing the Insider Threat: Real-time Monitoring of Access Patterns to ephi

Cybersecurity and internal audit. August 15, 2014

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

Network Security Policy

FACT SHEET: Ransomware and HIPAA

Wellesley College Whistleblower Policy Adopted April 2009

Course: Information Security Management in e-governance

Utica College. Information Security Plan

Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

plantemoran.com What School Personnel Administrators Need to know

HIPAA Security Education. Updated May 2016

THE WORLD IS MOVING FAST, SECURITY FASTER.

Transcription:

The Insider Threat -A Brief Overview Introduction

Why Insider Threat Matters Cybersecurity is more than just making sure your antivirus definitions are up-to-date and looking to see what or who is trying to infiltrate into your organization. If you are looking for activity only on the outside, you only are addressing part of the equation. The other side of the equation is what is happening on the inside of your organization, whether it is consultants, employees, interns, or others who may be snooping, committing fraud, or intentionally damaging or destroying data. What are these insiders doing in terms of their behavior? What information is being exfiltrated out of your organization (or is otherwise being improperly viewed or used)? Is your cybersecurity posture reactive or is it proactive?

Who are the Insiders? What are they Doing? Insiders may be your employees, interns, volunteers, consultants, or anyone else with access to your organization s information (e.g., janitors and security guards). Examples of activities: An unlocked workstation, laptop, or mobile device may be accessed (e.g., an unlocked smartphone being charged and left out in the open). Papers left on a desk or in an unlocked file cabinet may be taken. A thumb drive left on a desk or in a computer may be taken. A snapshot may be taken of a computer screen or paper. Electronic eavesdropping and keylogging to obtain information. Audio recording of information.

Insider Threat Detection Without appropriate procedures and processes in place to detect suspicious activity (the insider threat), your organization will most likely be unaware of insider threat unless it subsequently discovers the damage, destruction, loss, unauthorized disclosure, or misuse of sensitive, proprietary, and/or individually identifiable information. It is generally not possible or feasible to manually review access and system logs to assess whether there is a problem. You need intelligent tools to uncover retrospective and real-time activity across your systems (including EHR, PACS, scheduling, billing, etc.). You also need a good baseline to reliably detect insider threat at an appropriate confidence level. Are the audit logs reliable? Should you have tools to listen to your network traffic to help detect suspicious patterns of activity?

Responding to Insider Threat Reactively (Not Recommended) Consequences of not proactively addressing insider threat include the following (a non-exhaustive list): Your organization may find that an insider threat has been acted upon after the person who is the subject of the information (the victim) has filed a complaint about it. Your organization may find that a competitor has received sensitive/proprietary information about your organization through leaked information from someone with insider access. Your organization may find that an insider threat has been acted upon only after a person has become a victim of medical identity theft or fraud. Your organization may not realize that such activity has occurred until after its data have been damaged or destroyed by a malicious insider.

Responding to Insider Threat Proactively (Recommended) Prevent or protect your organization from the insider threat before a serious problem occurs. Detect potential incidents real-time and stop the suspicious activity, thereby preventing actual harm (e.g., theft, fraud, damage, destruction, leakage, unauthorized disclosure/ sharing, misappropriation, etc.). Understand the insider threat motivators (e.g., curiosity, fame, financial gain, disgruntled workforce member, etc.) to help prevent such occurrences (including carefully selecting and vetting your employees and other insiders ). Take into account not only your electronic assets (your data), but also information in other forms (e.g., paper, film, etc.) and examine your technical, physical, and administrative safeguards to safeguard the confidentiality, integrity, and availability of information.

Questions? Lee Kim, BS, JD Director, Privacy & Security HIMSS 4300 Wilson Blvd., Suite 250 Arlington, VA 22203 (703)562-8806 (office phone) lkim@himss.org

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information