Health Information Security Session 03 : Best practise in information security
-
Upload
lasantha-ranwala -
Category
Healthcare
-
view
194 -
download
0
Transcript of Health Information Security Session 03 : Best practise in information security
Dr. Lasantha Ranwala MBBS, Msc- Biomedical InformaticsCert. in Ethical Hacking & Cyber Forensic
Medical Officer Health Informatics
Best practices of information security management
Health Information Security Session 03:Best Practices of Information
Security Management
“Cyber security is not just about technology”
Defence in Depth
• concept in which multiple layers of security controls (defence) are placed throughout an information technology (IT) system.
• Its intent is to provide redundancy in the event of a security control fails or a vulnerability is exploited.
• cover aspects of personnel, procedural, technical and physical for the duration of the system's life cycle.
Defence in Depth continu......
Defence in Depth continu......
Security Controls
1. Physical control2. Technical control3. administrative control
1. Physical Controls
Implementation of security measures in a defined structure used to defend or prevent unauthorized access to sensitive material.
e.g.: • Closed-circuit surveillance cameras• Motion or thermal alarm systems• Security guards• Picture Ids
2.Technical Controls
• Use of technology as a basis for controlling the access and usage of sensitive data throughout a physical structure and over a network.
• e.g.:– Encryption– Access control lists (ACLs)– File integrity auditing software
Administrative Controls
• Administrative controls define the human factors of security. • It involves all levels of personnel within an organization and
determines which users have access to what resources and information by such means as:
• e.g.:– Information Security policy– Training and awareness– Disaster preparedness and recovery plans
Best Practises - Protect your network
1. Create Specific Access Controls– Minimum user privileges
2. Collect Detailed Logs– for security and troubleshooting purposes– backup logs
3. Maintain Security Patches– make sure your software and hardware security is up to date
4. Educate and Train Your Users– users will always be your weakest link
5. Policies and Guidelines– Clear User Policies for New Employees and Vendors– Security policy and guidelines for staff
6. User Activity Monitoring7. Data Breach Response Plan8. Back up and Restore
Best Practises - Protect your network Contin..
Best Practices -Protect ourself
1. Install anti-virus software and keep all computer software patched and updates.
2. Use a strong password– Password Vs Pass phrase
3. Log off public computers/Lock your computer4. Keep personal information safe
– Be wary of suspicious e-mails– Use secure Wi-Fi connections– properly delete any personal information before sell or dispose of
your hardware
5. Limit social network information– you should be wary about how much personal information
you post.6. Download files only from trusted souses7. Regular data Back up
Thank you
@hlabcrewhealthlabcrew.lk