New Guidance to Aid Cybersecurity Preparedness
HITRUST, a health industry stakeholder consortium, has issued guidance on how best to use its Common Security Framework of best practices to assess an organizations cybersecurity preparedness.
HITRUST, a health industry stakeholder consortium, has issued guidance on how best to use its Common Security Framework of best practices to assess an organization’s cybersecurity preparedness.
“Having access to cyber threat intelligence and sharing information regarding threats, attacks and incidents is extremely important; however, a prerequisite is ensuring organizations have the appropriate safeguards in place,” according to the guidance. “Organizations must have the means by which to review their current level of preparedness, which is contingent upon the identification of an appropriate subset of controls most directly related to detecting and thwarting cyber-related breaches.”
Consequently, the guidance identifies a specific set of Common Security Framework controls related to cybersecurity, and includes a new feature to simplify data collection and reporting processes. The guidance includes charts that separate the 135 CSF controls into three categories for assessing cybersecurity: most relevant, relevant but requiring further analysis, and least relevant.
The controls are grouped into the following functions: Access control, technical compliance checking, controls against mobile code, electronic messaging, electronic commerce services, on-line transactions, administrator and operation logs, fault logging, security requirements analysis and specification, and reporting security weaknesses.
“Having access to cyber threat intelligence and sharing information regarding threats, attacks and incidents is extremely important; however, a prerequisite is ensuring organizations have the appropriate safeguards in place,” according to the guidance. “Organizations must have the means by which to review their current level of preparedness, which is contingent upon the identification of an appropriate subset of controls most directly related to detecting and thwarting cyber-related breaches.”
Consequently, the guidance identifies a specific set of Common Security Framework controls related to cybersecurity, and includes a new feature to simplify data collection and reporting processes. The guidance includes charts that separate the 135 CSF controls into three categories for assessing cybersecurity: most relevant, relevant but requiring further analysis, and least relevant.
The controls are grouped into the following functions: Access control, technical compliance checking, controls against mobile code, electronic messaging, electronic commerce services, on-line transactions, administrator and operation logs, fault logging, security requirements analysis and specification, and reporting security weaknesses.
More for you
Loading data for hdm_tax_topic #better-outcomes...