Compliance requirements such as those related to HIPAA, PCI DSS and others require organizations to also identify internal threats to vital assets. The objective of an internal vulnerability assessment is to identify security gaps in critical business servers, workstations, and network communication devices. The typical steps involved in an internal vulnerability assessment involve:
- Scope Definition
- Infrastructure Enumeration
- Foot printing
- Port Scanning
- Enumeration
- Vulnerability Scanning
- Output Analysis
- Final Reporting
The final report clearly establishes high, medium and low risk items as well as recommended remediation action for addressing security gaps identified. For example, the Report may recommend:
- Disable support for low encryption ciphers on all Windows 2000 and 2003 servers
- Disable POP3 Server plain text authentication
- Disable the plaintext authentication methods on your SMTP server for unencrypted (non-SSL/TLS) sessions.
The security team can then determine the necessary action it needs to implement based on vulnerabilities identified.
MANAGED COMPLIANCE SERVICES PROGRAM FROM ECFIRST
Legislation mandates require organizations to maintain compliance with reasonable and appropriate safeguards in several specific areas. Compliance requirements result in critical activities that must be conducted on a regular schedule, typically once a year. On a regular schedule, organizations must:
- Assess compliance with the requirements of confidentiality and privacy related regulations
- Assign responsibility to the security officer who is responsible for coordinating compliance and security initiatives
- Conduct a comprehensive and thorough risk analysis including vulnerability assessment (penetration testing)
- Complete a Business Impact Analysis (BIA) for contingency planning and disaster recovery
- Develop and update security policies and procedures
- Train all members of the workforce
- Audit and evaluate the information infrastructure
The ecfirst Managed Compliance Services Program is tailored to meet your compliance requirements. Key features of the ecfirst Managed Compliance Services Program are:
- Bundled outsourced solution for a fixed monthly fee
- Periodic performance of vulnerability assessments, security risk analysis, BIA and contingency planning
- Training, certification and periodic audit and evaluation to keep your organization fully compliant at all times
- Keeping you compliant with the regulations, to help you focus on the business of delivering exceptional services and capabilities to your clients
Benefits of outsourcing compliance and security include:
- Minimizing productivity losses from unexpected downtime
- Enabling staff to better focus on business-critical tasks and complying with key regulations
- Depth in resource capabilities with trusted knowledge of client infrastructure
- Smooth out volatility in resource demands and costs associated with managing information technology
Contact Lorna Waggoner, Director of Business Development, at 1.877.899.9974 x17 to learn more about how to manage compliance requirements cost effectively with minimal impact to your internal staff.
For more information visit www.aha-solutions.org, contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net
HIPAA Tip
COMPLIMENTARY 2-DAY CHP PROGRAM DELIVERED AT YOUR SITE
Get HIPAA certified at your site. For a complimentary 2-day Certified HIPAA Professional (CHP) program delivered at your site, please contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net. Hundreds of client testimonials are available for your reference at www.HIPAAAcademy.Net. Clients include U.S. Department of Veterans Affairs, Air Force, Homeland Security, several State agencies and hundreds of hospitals including Aultman, Northwest Community and many others. Only qualified organizations will be considered. Session will be confirmed after review by the HIPAA Academy. Certain terms and conditions apply.
2-DAY ON-SITE SINGLE SIGN-ON (SSO) WORKSHOP
Increasingly, organizations are looking to implement some single sign-On (SSO) capability to address challenges related to password management, especially by clinicians and management.
ecfirst, an Inc. 500 business with over 1400 clients, is a leader with rich hands-on experience enabling organizations successfully deploys an enterprise single sign-on (SSO) solution. The ecfirst approach is to conduct a 2-day on-site workshop to develop and document business and technical enterprise requirements for SSO. The ecfirst SSO Report short-lists vendors whose products meet the SSO requirements you have established. ecfirst then works with your team to evaluate vendor solutions and identify the product that best meets your requirements.
Compliance requirements and security challenges are resulting in businesses investigating alternatives for easy and secure access to aggregated data across multiple systems. These systems include mainframe, distributed, Internet as well as mobile devices. Critical patient data typically resides on disparate systems and applications across multiple platforms. There is a strong need to support the capability to centrally monitor and report (audit) access across all applications. For details, please contact Ms. Lorna Waggoner, Director of Business Development at 1.877.899.9974 x17 or at Lorna.Waggoner@ecfirst.com.
