We help local governments and behavioral health organizations improve cyber security
Information security isn’t just for IT people and executives and directors have an important role in defining and overseeing an organization’s security posture. We can help build your information security plan using a layered, defense in depth approach to information security based on accepted industry standards and frameworks such as NIST, HIPAA, and COBIT. The biggest threat for your organization’s information security is already inside your networks, so firewalls, application layer gateways and other technical solutions are only partially effective against what may be the greatest threat – humans in your organization.
InfoSec Basics
Cybersecurity
Cybersecurity is about protecting digital information and it is a subset of Information Security. Building Cybersecurity infrastructure before you have built you Information Security framework is similar to building rooms before you have built a foundation.
Information Security
Information Security is concerned with protecting three aspects of ALL your information:
- Confidentiality
- Integrity
- Availability
You need a cybersecurity plan, but you need to build that plan as a component of a a comprehensive Information Security plan. The foundation for a solid Information Security plan requires several components:
Information Security Program Requirements
Security Policy
A Comprehensive Security Policy is a collection of individual policies. Different businesses require different types of policies and regulatory compliance is an important aspect to consider when developing your policies. A security policy is generally developed over a long period of time and should be approved at the highest level of governance in your organization and must be reviewed periodically.
Acceptable Use policy
Information Inventory
- What are you protecting?
- What format is the information in? Digital, paper, or other formats?
- From whom are you protecting it?
- Why does it need protection? Regulatory compliance? Company proprietary information?
- How will you protecti it?
Risk Assessment
Periodic risk assessments are an essential component of a good security policy and are required for compliance with regulations such as HIPAA.