DOCSLIB.ORG

How Healthcare Data Privacy Is Almost Dead … and What Can

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
How Healthcare Data Privacy Is Almost Dead … and What Can HOW HEALTHCARE DATA PRIVACY IS ALMOST DEAD … AND WHAT CAN BE DONE TO REVIVE IT! OTHER INFORMATION SECURITY BOOKS FROM AUERBACH A Guide to the National Initiative for Mastering the Five Tiers of Audit Competency: Cybersecurity Education (NICE) The Essence of Effective Auditing Cybersecurity Workforce Framework (2.0) Ann Butera • ISBN 978-1-4987-3849-1 Dan Shoemaker, Anne Kohnke, and Ken Sigler Network and Data Security for Non-Engineers ISBN 978-1-4987-3996-2 Frank M. Groom, Kevin Groom, and Stephan S. Jones Analyzing and Securing Social Networks ISBN 978-1-4987-6786-6 Bhavani Thuraisingham, Satyen Abrol, Raymond Operational Assessment of IT Heatherly, Murat Kantarcioglu, Vaibhav Khadilkar, Steve Katzman • ISBN 978-1-4987-3768-5 and Latifur Khan ISBN 978-1-4822-4327-7 Practical Cloud Security: A Cross-Industry View Anti-Spam Techniques Based on Artificial Melvin B. Greer, Jr. and Kevin L. Jackson Immune System ISBN 978-1-4987-2943-7 Ying Tan • ISBN 978-1-4987-2518-7 Securing an IT Organization through Corporate Defense and the Value Preservation Governance, Risk Management, and Audit Imperative: Bulletproof Your Corporate Ken E. Sigler and James L. Rainey, III Defense Program ISBN 978-1-4987-3731-9 Sean Lyons • ISBN 978-1-4987-4228-3 Securing Cyber-Physical Systems Cyber Security for Industrial Control Systems: Edited by Al-Sakib Khan Pathan From the Viewpoint of Close-Loop ISBN 978-1-4987-0098-6 Peng Cheng, Heng Zhang, and Jiming Chen ISBN 978-1-4987-3473-8 Security and Privacy in Internet of Things (IoTs): Models, Algorithms, and Electronically Stored Information: Implementations The Complete Guide to Management, Edited by Fei Hu • ISBN 978-1-4987-2318-3 Understanding, Acquisition, Storage, Search, and Retrieval, Second Edition Security without Obscurity: A Guide to PKI David R. Matthews • ISBN 978-1-4987-3958-0 Operations Jeff Stapleton and W. Clay Epstein Enterprise Level Security: Securing ISBN 978-1-4987-0747-3 Information Systems in an Uncertain World William R. Simpson • ISBN 978-1-4987-6445-2 Software Quality Assurance: Integrating Testing, Security, and Audit Honeypots and Routers: Collecting Abu Sayed Mahfuz • ISBN 978-1-4987-3553-7 Internet Attacks Mohssen Mohammedand Habib-ur Rehman The Cognitive Early Warning Predictive ISBN 978-1-4987-0219-5 System Using the Smart Vaccine: The New Digital Immunity Paradigm Information Security Policies, Procedures, for Smart Cities and Standards: A Practitioner’s Reference Rocky Termanini • ISBN 978-1-4987-2651-1 Douglas J. Landoll • ISBN 978-1-4822-4589-9 The Complete Guide to Cybersecurity Insider’s Guide to Cyber Security Architecture Risks and Controls Brook S. Schoenfield • ISBN 978-1-4987-4199-6 Anne Kohnke, Dan Shoemaker, and Ken E. Sigler Introduction to Certificateless Cryptography ISBN 978-1-4987-4054-8 Hu Xiong, Zhen Qin, and Athanasios V. Vasilakos Touchless Fingerprint Biometrics ISBN 978-1-4822-4860-9 Ruggero Donida Labati, Vincenzo Piuri, Leading the Internal Audit Function and Fabio Scotti Lynn Fountain • ISBN 978-1-4987-3042-6 ISBN 978-1-4987-0761-9 AUERBACH PUBLICATIONS www.auerbach-publications.com • To Order Call: 1-800-272-7737 • E-mail: [email protected] HOW HEALTHCARE DATA PRIVACY IS ALMOST DEAD … AND WHAT CAN BE DONE TO REVIVE IT! JOHN J. TRINCKES, JR. CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2017 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Printed on acid-free paper Version Date: 20161115 International Standard Book Number-13: 978-1-138-19775-6 (Hardback), 978-1-4987-8395-8 (Paperback) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, trans- mitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copy- right.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that pro- vides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Library of Congress Cataloging-in-Publication Data Names: Trinckes, John J., Jr., author. Title: How healthcare data privacy is almost dead ... and what can be done to revive it! / John Trinckes, Jr. Description: Boca Raton : Taylor & Francis, 2017. Identifiers: LCCN 2016035054| ISBN 9781138197756 (hb : alk. paper) | ISBN 9781498783958 (pb : alk. paper) Subjects: | MESH: Health Information Management--methods | Computer Security | Electronic Health Records--standards | Medical Errors--prevention & control | Privacy | United States Classification: LCC R864 | NLM WX 175 | DDC 651.5/042610285--dc23 LC record available at https://lccn.loc.gov/2016035054 Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Contents FOREWORD ix PREFACE xi ACKNOWLEDGMENTS xvii AUTHOR xix CONTRIBUTING AUTHOR xxi CHAPTER 1 CODE BLUE 1 Erroneous Information 1 Medical Identity Theft 6 Credit Troubles 9 Internet of Things 12 Medical Devices 19 FDA Draft Guidance 23 Hippocratic Oath for Connected Medical Devices 25 Cyber Independent Testing Laboratory 27 Privacy by Design 28 Ethical Design Manifesto 30 Open Web Application Security 31 Legal/Constitutional Issues 36 Fingerprints Are Not Protected by the Fifth Amendment 43 CHAPTER 2 PRIVACY CONCERNS 47 Information…Information…Everywhere 47 New Social Disorder 50 Medical Records 52 V VI CONTENTS De-Identification 57 Meaningful Use 58 21st Century Cures Bill 59 Cybersecurity Information Sharing Act 2015 (CISA) 61 Health Information Technologies Standards Committee 66 Improving Health Information Technology Act 66 Governmental Issues 67 Healthcare.gov 68 OPM Data Breach 70 Einstein Program 72 IRS 72 Telemedicine 75 NASA 77 Medical Information Is Highly Coveted 78 Ease of Obtaining Information 81 Security versus Privacy 82 Consumer Scores 83 CHAPTER 3 HEALTHCARE ARMAGEDDON 87 2015 Year of the Hack: Medical Breaches 87 Another Search Engine to the Rescue 90 Hackers Are the Problem 91 Patients Trust Healthcare 95 The Standard Response 97 EU Doesn’t Trust U.S. Privacy: Agreement Made 99 CHAPTER 4 VICTIMS 103 Costs 103 Identity Theft/Fraud 107 Tax Fraud 111 Healthcare Resources 112 Untold Victims 113 CHAPTER 5 HEALTHCARE SECURITY 117 Ignorance Is Bliss: State of Healthcare Security 117 Constructive Ambiguity and the HIPAA Regulations 121 State Requirements 124 California 124 Florida 128 Massachusetts 135 Nevada 138 Oregon 140 Texas 143 Privacy Culture; Not a Security Culture 146 All Stick and No Carrot 149 CONTENTS VII Resource Availability 150 Excuses 154 A Funny Thing Happened on the Way to Security…Nothing 156 CHAPTER 6 ENFORCEMENT 161 OCR 161 Omnibus Rule 172 Business Associate Agreements 173 ONC 175 Office of Inspector General (OIG) 177 State Attorney General 181 FTC 182 CMS 189 FCC 192 Class Action Lawsuits 194 Violation of Privacy 197 CHAPTER 7 PRIVACY…CLEAR…<SHOCK> 199 Individual Rights 199 Withholding Medical Information 203 Privacy Platform 204 Put a Tourniquet On: Stop the Bleeding 206 Shock to the Industry 208 National Patient Identifier 210 Revive Security Posture 211 Preventive Medicine 212 Social Engineering 212 Monitoring 213 Anti-Malware 216 Multi-Factor Authentication 218 Data Loss Protection 220 Data Collection/Retention 221 Data Encryption 222 Incident Response Plan 225 Vendor Management 229 Health Application Use 234 Standards/Certification/Accreditation 235 CIS Critical Security Controls 235 NIST CsF 236 HITRUST 237 EHNAC 239 FHIR 241 Recovery 241 Cybersecurity Insurance 247 VIII CONTENTS CHAPTER 8 SUMMARY 251 Message to the Board Room 251 Steely-Eyed Missile Man 252 Asking the Right Questions 255 Message to Chief Executive Officers 257 Message to the Legislators 259 Message to Private Citizens 261 Final Thoughts 263 REFERENCES 265 INDEX 291 Foreword Before the turn of this century, Scott McNealy (then CEO of Sun Microsystems) was quoted as saying: “[P]rivacy issues are a ‘red her- ring.’ You have zero privacy anyway. Get over it.” Fast forward more than 15 years, and his (then) inflammatory comments have become prophecy of how the world has evolved. From the Patriot Act and gov- ernment surveillance to the type of data collected by Google, Facebook, and ad networks along with the type of daily surveillance networks that are blanketing cities like London, we find that the concepts of privacy that our parents and grandparents held are becoming obsolete. Nowhere is this trend more significantly affecting the world than healthcare. The industry is collecting many petabytes of informa- tion that never existed before—from the immense amount of data collected by providers for quality of care measures to advanced data like genetic information (e.g., 23 and Me), we are collecting data on humans that have never been able to be assessed in a scalable and centralized way.
Load more

Recommended publications
  • Inside a Phisher's Mind: Understanding the Anti-Phishing
    Inside a Phisher’s Mind: Understanding the Anti-phishing Ecosystem Through Phishing Kit Analysis Adam Oest∗, Yeganeh Safaei∗, Adam Doupe´∗, Gail-Joon Ahn∗x, Brad Wardmany, Gary Warnerz ∗Arizona State University, x Samsung Research, yPayPal, Inc., zCofense, Inc. faoest, ysafaeis, doupe, [email protected], [email protected], [email protected] Abstract—Phishing attacks are becoming increasingly preva- Phishing attacks are particularly damaging not only due lent: 2016 saw more phishing attacks than any previous year on to their prevalence, but because their impact extends beyond record according to the Anti-Phishing Working Group. At the the individuals who are directly targeted. The organizations same time, the growing level of sophistication of cybercriminals must be understood for the development of effective anti-phishing being impersonated in such attacks (such as financial institu- systems, as phishers have extensive control over the content tions or e-mail providers) expend vast resources to minimize they serve to their victims. By examining two large, real-world their losses and must work together with security firms and datasets of phishing kits and URLs from 2016 through mid- researchers to address the increasing level of sophistication 2017, we paint a clear picture of today’s anti-phishing ecosystem being observed in phishing. This gives rise to an anti-phishing while inferring the higher-level motives and thought processes of phishers. We analyze the nature of server-side .htaccess ecosystem comprised of many diverse entities working toward filtering techniques used by phishers to evade detection by the the same goal of reducing the billions of dollars of annual security community.
    [Show full text]
  • FORCEPOINT Web Security FORCEPOINT’S CLOUD and ON-PREMISE WEB SECURITY Forcepoint Web Security FORCEPOINT’S CLOUD and ON-PREMISE WEB SECURITY
    FORCEPOINT Web Security FORCEPOINT’S CLOUD AND ON-PREMISE WEB SECURITY Forcepoint Web Security FORCEPOINT’S CLOUD AND ON-PREMISE WEB SECURITY Your business and its data are under constant attack. Traditional security solutions no longer provide sufficient protection. In fact, they can put you at risk for data loss and litigation. Protecting your network and data against advanced threats, crypto-ransomware and exploit kits are crucial for the survival of your business in an increasingly risky mobile and cloud- connected digital world. Customizable with the option to expand Companies need customizable solutions that communicate together to protect against these types of threats as they happen. Forcepoint Web Security offers real-time protection against advanced threats and data theft with multiple deployment options and modules to help tailor your web protection package to your organization’s needs. Forcepoint Web Security provides robust protection through content aware defenses and cloud app discovery and monitoring, reducing risks to sensitive data for both on premise and mobile users. Best of all, Forcepoint Web Security easily integrates with other Forcepoint solutions for single, consistent security controls that can protect against inbound and outbound threats with even the smallest of security teams. Web Security Objectives Identify and Control the Risks of Shadow IT Applications and Cloud Services Most of today’s security solutions can’t address Advanced Threats as they happen. Forcepoint Web Security is » Discover cloud applications being used within your advanced, real-time threat defense. organization. Monitor usage of those applications to determine and block those that represent the Securing Every User, Everywhere, greatest risk.
    [Show full text]
  • A Look at How Five of the Biggest Tech Companies Probe New Terrain
    THEMIDDLEMARKET.COM MARCH 2020 A look at how fi ve of the biggest tech companies probe new terrain through early-stage investments CV1_MAJ0320.indd 1 2/24/20 4:16 PM Gain way. We designed our M&A Escrow experience to be a straight line from start to finish. With our comprehensive Deal Dashboard, streamlined KYC and account opening, and high-touch service through a single point of contact, try a better way on your next deal. Learn more at srsacquiom.com 0C2_MAJ0320 2 2/24/2020 11:54:58 AM Contents March 2020 | VOL. 55 | NO. 3 Cover Story 16 Fresh Terrain A look at how five of the biggest tech companies explore new territory through early-stage investments. Features 24 Viral impact How the coronavirus is affecting M&A and private equity. 27 Top investment banks Houlihan Lokey leads list based on volume of PE-backed U.S. deals 30 Top private equity firms Audax ranks first in U.S. deals. Private Equity Perspective 14 Record year for fundraising Blackstone’s $26 billion fund marked the largest buyout fund ever raised. The Buyside 15 Taking a new path XPO Logistics is selling assets and has Watercooler hired a new CFO to lead the process. 6 10 Guest article Climate change draws PE Future of auto 33 KKR raises first global impact fund to BorgWarner acquires Delphi to Women on board target clean water. position for auto industry shift. Gender diversity on corporate boards is good for performance and for 8 12 shareholders. Protecting businesses Why investors like steaks Advent and Crosspoint buy Smith & Wollensky owner purchases cybersecurity firm Forescout.
    [Show full text]
  • Secure Email Gateway - Market Quadrant 2016 ∗
    . The Radicati Group, Inc. Palo Alto, CA 94301 . Phone: (650) 322-8059 . www.radicati.com . THE RADICATI GROUP, INC. Secure Email Gateway - Market Quadrant 2016 ∗ ......... An Analysis of the Market for Secure Email Gateway Solutions, Revealing Top Players, Trail Blazers, Specialists and Mature Players. November 2016 SM ∗ Radicati Market Quadrant is copyrighted November 2016 by The Radicati Group, Inc. Reproduction in whole or in part is prohibited without expressed written permission of the Radicati Group. Vendors and products depicted in Radicati Market QuadrantsSM should not be considered an endorsement, but rather a measure of The Radicati Group’s opinion, based on product reviews, primary research studies, vendor interviews, historical data, and other metrics. The Radicati Group intends its Market Quadrants to be one of many information sources that readers use to form opinions and make decisions. Radicati Market QuadrantsSM are time sensitive, designed to depict the landscape of a particular market at a given point in time. The Radicati Group disclaims all warranties as to the accuracy or completeness of such information. The Radicati Group shall have no liability for errors, omissions, or inadequacies in the information contained herein or for interpretations thereof. Secure Email Gateway - Market Quadrant 2016 TABLE OF CONTENTS RADICATI MARKET QUADRANTS EXPLAINED .................................................................................. 2 MARKET SEGMENTATION – SECURE EMAIL GATEWAYS .................................................................
    [Show full text]
  • Insight MFR By
    Manufacturers, Publishers and Suppliers by Product Category 11/6/2017 10/100 Hubs & Switches ASCEND COMMUNICATIONS CIS SECURE COMPUTING INC DIGIUM GEAR HEAD 1 TRIPPLITE ASUS Cisco Press D‐LINK SYSTEMS GEFEN 1VISION SOFTWARE ATEN TECHNOLOGY CISCO SYSTEMS DUALCOMM TECHNOLOGY, INC. GEIST 3COM ATLAS SOUND CLEAR CUBE DYCONN GEOVISION INC. 4XEM CORP. ATLONA CLEARSOUNDS DYNEX PRODUCTS GIGAFAST 8E6 TECHNOLOGIES ATTO TECHNOLOGY CNET TECHNOLOGY EATON GIGAMON SYSTEMS LLC AAXEON TECHNOLOGIES LLC. AUDIOCODES, INC. CODE GREEN NETWORKS E‐CORPORATEGIFTS.COM, INC. GLOBAL MARKETING ACCELL AUDIOVOX CODI INC EDGECORE GOLDENRAM ACCELLION AVAYA COMMAND COMMUNICATIONS EDITSHARE LLC GREAT BAY SOFTWARE INC. ACER AMERICA AVENVIEW CORP COMMUNICATION DEVICES INC. EMC GRIFFIN TECHNOLOGY ACTI CORPORATION AVOCENT COMNET ENDACE USA H3C Technology ADAPTEC AVOCENT‐EMERSON COMPELLENT ENGENIUS HALL RESEARCH ADC KENTROX AVTECH CORPORATION COMPREHENSIVE CABLE ENTERASYS NETWORKS HAVIS SHIELD ADC TELECOMMUNICATIONS AXIOM MEMORY COMPU‐CALL, INC EPIPHAN SYSTEMS HAWKING TECHNOLOGY ADDERTECHNOLOGY AXIS COMMUNICATIONS COMPUTER LAB EQUINOX SYSTEMS HERITAGE TRAVELWARE ADD‐ON COMPUTER PERIPHERALS AZIO CORPORATION COMPUTERLINKS ETHERNET DIRECT HEWLETT PACKARD ENTERPRISE ADDON STORE B & B ELECTRONICS COMTROL ETHERWAN HIKVISION DIGITAL TECHNOLOGY CO. LT ADESSO BELDEN CONNECTGEAR EVANS CONSOLES HITACHI ADTRAN BELKIN COMPONENTS CONNECTPRO EVGA.COM HITACHI DATA SYSTEMS ADVANTECH AUTOMATION CORP. BIDUL & CO CONSTANT TECHNOLOGIES INC Exablaze HOO TOO INC AEROHIVE NETWORKS BLACK BOX COOL GEAR EXACQ TECHNOLOGIES INC HP AJA VIDEO SYSTEMS BLACKMAGIC DESIGN USA CP TECHNOLOGIES EXFO INC HP INC ALCATEL BLADE NETWORK TECHNOLOGIES CPS EXTREME NETWORKS HUAWEI ALCATEL LUCENT BLONDER TONGUE LABORATORIES CREATIVE LABS EXTRON HUAWEI SYMANTEC TECHNOLOGIES ALLIED TELESIS BLUE COAT SYSTEMS CRESTRON ELECTRONICS F5 NETWORKS IBM ALLOY COMPUTER PRODUCTS LLC BOSCH SECURITY CTC UNION TECHNOLOGIES CO FELLOWES ICOMTECH INC ALTINEX, INC.
    [Show full text]
  • Conference Agenda Wednesday, October 14, 2020
    Confronting Cybersecurity and Data Privacy Challenges in Times of Unprecedented Change October 14 and 16, 2020 New York University School of Law Virtual Conference Faculty Director Executive Director Assistant Director Jennifer H. Arlen Alicyn Cooley Clarissa D. Santiago The Program on Corporate Compliance and Enforcement (PCCE) is a law and policy program dedicated to promoting effective enforcement and compliance. Through practical discourse and legal scholar­ ship, PCCE helps shape optimal enforcement policy, guides firms in developing more effective and robust compliance programs, and educates in the fields of corporate compliance and enforcement. Confronting Cybersecurity and Data Privacy Challenges in Times of Unprecedented Change October 14 and 16, 2020 Conference Objectives This conference brings together academics, government executives’ duties and best practices in these areas. It will officials, corporate directors, in-house counsel, compli­ then examine how enforcement agencies, financial services ance officers, and private attorneys for an off-the-record providers, and corporations collectively can address the discussion of today’s most significant challenges and risks threats posed today by the misappropriation of corporate pertaining to cybersecurity and data privacy. The confer­ data, including terrorism and election interference. The ence participants will offer concrete guidance on how com­ next panel will provide practical guidance, and regulators’ panies and their counsel can overcome and even preempt perspectives,
    [Show full text]
  • Insight Manufacturers, Publishers and Suppliers by Product Category
    Manufacturers, Publishers and Suppliers by Product Category 2/15/2021 10/100 Hubs & Switch ASANTE TECHNOLOGIES CHECKPOINT SYSTEMS, INC. DYNEX PRODUCTS HAWKING TECHNOLOGY MILESTONE SYSTEMS A/S ASUS CIENA EATON HEWLETT PACKARD ENTERPRISE 1VISION SOFTWARE ATEN TECHNOLOGY CISCO PRESS EDGECORE HIKVISION DIGITAL TECHNOLOGY CO. LT 3COM ATLAS SOUND CISCO SYSTEMS EDGEWATER NETWORKS INC Hirschmann 4XEM CORP. ATLONA CITRIX EDIMAX HITACHI AB DISTRIBUTING AUDIOCODES, INC. CLEAR CUBE EKTRON HITACHI DATA SYSTEMS ABLENET INC AUDIOVOX CNET TECHNOLOGY EMTEC HOWARD MEDICAL ACCELL AUTOMAP CODE GREEN NETWORKS ENDACE USA HP ACCELLION AUTOMATION INTEGRATED LLC CODI INC ENET COMPONENTS HP INC ACTI CORPORATION AVAGOTECH TECHNOLOGIES COMMAND COMMUNICATIONS ENET SOLUTIONS INC HYPERCOM ADAPTEC AVAYA COMMUNICATION DEVICES INC. ENGENIUS IBM ADC TELECOMMUNICATIONS AVOCENT‐EMERSON COMNET ENTERASYS NETWORKS IMC NETWORKS ADDERTECHNOLOGY AXIOM MEMORY COMPREHENSIVE CABLE EQUINOX SYSTEMS IMS‐DELL ADDON NETWORKS AXIS COMMUNICATIONS COMPU‐CALL, INC ETHERWAN INFOCUS ADDON STORE AZIO CORPORATION COMPUTER EXCHANGE LTD EVGA.COM INGRAM BOOKS ADESSO B & B ELECTRONICS COMPUTERLINKS EXABLAZE INGRAM MICRO ADTRAN B&H PHOTO‐VIDEO COMTROL EXACQ TECHNOLOGIES INC INNOVATIVE ELECTRONIC DESIGNS ADVANTECH AUTOMATION CORP. BASF CONNECTGEAR EXTREME NETWORKS INOGENI ADVANTECH CO LTD BELDEN CONNECTPRO EXTRON INSIGHT AEROHIVE NETWORKS BELKIN COMPONENTS COOLGEAR F5 NETWORKS INSIGNIA ALCATEL BEMATECH CP TECHNOLOGIES FIRESCOPE INTEL ALCATEL LUCENT BENFEI CRADLEPOINT, INC. FORCE10 NETWORKS, INC INTELIX
    [Show full text]
  • Cybersecurity Survival Guide
    CYBERSECURITY SURVIVAL GUIDE Principles & Best Practices Third Edition | August 2018 Lawrence C. Miller, CISSP www.paloaltonetworks.com/academy Advisory Panel: Brian Adams Jim Boardman Steve Bradshaw Keith Cantillon James Dalton Matthew Frohlich Thomas Trevethan Palo Alto Networks, Inc. www.paloaltonetworks.com © 2018 Palo Alto Networks – all rights reserved. Aperture, AutoFocus, GlobalProtect, Palo Alto Networks, PAN-OS, Panorama, Traps, and WildFire are trademarks of Palo Alto Networks, Inc. All other trademarks are the property of their respective owners. Table of Contents Table of Contents ..................................................................................................... i Table of Figures...................................................................................................... vi List of Tables ........................................................................................................ viii Foreword ............................................................................................................... ix Introduction ............................................................................................................ x Module 1 – Cybersecurity Foundation ................................................................ 1 1.1 Cybersecurity Landscape .................................................................................................. 1 1.1.1 Modern computing trends ........................................................................................ 2 1.1.2 New
    [Show full text]
  • Making It Safe for Your People to Work Remotely
    Ebook Making It Safe for Your People to Work Remotely Security Tips for Enabling Your Teams to Work Outside the Office forcepoint.com | intelisecure.com Making It Safe for Your People to Work Remotely 2 Reducing Complexity in the New World of Remote Working Digital transformation has created an overwhelmingly complex information security environment. In this rapidly evolving new world, an abrupt surge in remote workers has made that environment even more challenging. Forcepoint is challenging the way organizations look at the problem by bringing compelling new solutions into the data protection space. InteliSecure is proud to partner with Forcepoint by helping organizations tailor data protection to effectively leverage Forcepoint’s security technology platform. Through a full array of Professional and Managed Data Protection Services, our data security experts support organizations in selecting, deploying, and implementing Forcepoint tools. With a foundational security strategy, integrated with proven security technology, InteliSecure enables organizations to protect their most critical data assets. Now, you can ensure workers can do their jobs from anywhere—with confidence. forcepoint.com | intelisecure.com Making It Safe for Your People to Work Remotely 3 Table of Contents Security Risks to Watch for When People 03 Work Remotely Extending Your Email Phishing Protection 05 Outside of the Office Safeguarding People as they Browse and 07 Use the Web Differently Ensuring Data Security in a Multi-Cloud 09 Environment Connecting Remote Workers to Internal 12 Applications and Data forcepoint.com | intelisecure.com Making It Safe for Your People to Work Remotely 4 Security Risks to Watch for When People Work Remotely Given the current global climate, it’s likely that your workforce has seen a huge increase in employees working from home.
    [Show full text]
  • Forcepoint Web Security Cloud Help
    Forcepoint Cloud Security Gateway Portal Help Forcepoint Web Security Cloud 2021 ©2021, Forcepoint Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint. All other trademarks used in this document are the property of their respective owners. Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice. Last modified: September 13, 2021 Contents Chapter 1 Getting Started . .1 Initial steps . .2 Logging on and portal security. .2 Cloud Web setup wizard . .3 Configuring your firewall to connect to the cloud service . .4 Sending end user information to the cloud service . .5 Configuring the Directory Synchronization Client . .5 Download and configure the client software . .6 Verify synchronization results . .6 Adding users manually . .6 Setting up your first policy . .7 Configuring policy connections. .7 Directing user traffic to the cloud service . .7 Testing your policy settings . .8 Reviewing your configuration. .9 Finishing the setup wizard (next steps). .9 Navigating the cloud portal . .10 Cloud portal dashboards. .11 Creating custom dashboards in the cloud portal . .16 Alerts . .18 Chapter 2 Account Settings . .21 My Account . .22 Configuring SIEM storage . .22 Contacts . .24 Adding a contact . .24 Password settings . .28 Password policy . .29 Password expiration limit . .30 User lockout . .30 Changing passwords .
    [Show full text]
  • Research Note: RSA Conference 2019
    Research Note: RSA Conference 2019 Rajeev Chand Partner Head of Research The 28th annual RSA Conference was held March 4-8, 2019, at the Moscone Center in San Francisco, California. The conference is one of the largest conferences for information security globally and hosted 42,500+ attendees. At this year’s RSA, we held 21 1-on-1 meetings with CISOs/CSOs, entrepreneurs, and Wing Venture Capital government officials over two days, and we hosted the inaugural Wing Summit on 2061 Avy Avenue Security, involving 101 CISOs/CSOs from large cap public companies and ‘unicorn’ Menlo Park, CA 94063 private tech companies in an off-the-record, closed-door setting. In addition, we held 26 pre-RSA research calls with CISOs/CSOs and government officials to understand key security issues and priorities. In this Research Note, we highlight the trends, insights, and observations from our conversations in the following sections: • Key News Announcements • CISO Priorities • Government and Private Sector Key News Announcements There were two news announcements that were prominent in our RSA 2019 meetings: 1) Chronicle’s launch of Backstory, and 2) NSA’s release Ghidra. Backstory Chronicle’s launch of Backstory was the most discussed item in our meetings. We had two observations: 1) There is pent-up demand for a Splunk alternative. Splunk has the advantage of incumbency, and Splunk is ‘more than an application, it is a way of doing business’, as stated by a colleague. However, Splunk’s data-based pricing model was frequently mentioned as expensive. A colleague commented, ‘each year we re-examine whether this is the year to replace Splunk, and each year Splunk reduces its price sufficiently to make the transition costs for tools and processes not worth it.’ 2) The most often mentioned critiques of Backstory were: a) would corporations trust Google with their telemetry data, and b) does Backstory have the product maturity required by large enterprises.
    [Show full text]
  • Insight MFR By
    Manufacturers, Publishers and Suppliers by Product Category 7/18/2019 10/100 Hubs & Switch COMPREHENSIVE CABLE IOGEAR TECHNOLOGY QUANTUM VCE COMPANY LLC 3COM COMTROL IXIA QVS INC. VERBATIM 4XEM CORP. CONNECTPRO JUNIPER NETWORKS RADWARE VERTIV ACCELL CP TECHNOLOGIES KANEX RAM MOUNTS VISIONTEK ADTRAN CRESTRON ELECTRONICS KANGURU RAPID TECHNOLOGIES LLC. VIVOTEK ADVANTECH CO LTD CYBERDATA SYSTEMS KENSINGTON RARITAN VMWARE AEROHIVE NETWORKS CYBERPOWER SYSTEMS KRAMER ELECTRONICS, LTD. RED LION CONTROLS WASP BARCODE ALCATEL LUCENT DATTO, INC. LANTRONIX RIVERBED TECHNOLOGIES WIFI‐TEXAS.COM INC ALLIED TELESIS DELL LENOVO ROSE ELECTRONIC W‐LINX TECHNOLOGY ALTRONIX DELL EMC LG ELECTRONICS ROSEWILL XIRRUS (SEE NOTES) ALURATEK, INC. DIGI INTERNATIONAL LINKSYS RUCKUS WIRELESS ZYXEL AMER NETWORKS DIGIUM MANHATTAN WIRE PRODUCTS SABRENT Adapter IDE/ATA/SATA AMX D‐LINK SYSTEMS MCAFEE SANHO ADAPTEC ANKER EATON MELLANOX SAVVIUS INC ADDONICS TECHNOLOGY INC. APC EDGECORE MICRON CONSUMER PRODUCTS GROUP SDA ALERATECH ARISTA NETWORKS EDGEWATER NETWORKS INC MICROSEMI CORP SENNHEISER ALURATEK, INC. ARRIS GROUP INC ENGENIUS MILESTONE SYSTEMS INC SHARP APRICORN ASUS ENTERASYS NETWORKS MITEL SHORETEL ARECA US ATEN TECHNOLOGY ETHERWAN MONOPRICE SIGNAMAX ATTO TECHNOLOGY ATLONA EVGA.COM MOTOROLA ISG SIIG AVAGOTECH TECHNOLOGIES AUDIOCODES, INC. EXABLAZE MOXA TECHNOLOGIES, INC. SISOFTWARE AXIOM MEMORY AUTOMATION INTEGRATED LLC EXACQ TECHNOLOGIES INC NETAPP SMARTAVI INC BYTECC AVAYA EXTREME NETWORKS NETEON TECHNOLOGIES INC. SMC NETWORKS CABLES TO GO AXIS COMMUNICATIONS EXTRON NETGEAR, INC. STAMPEDE TECHNOLOGIES INC CHENBRO B & B ELECTRONICS FORTINET NETRIA STARTECH.COM CISCO SYSTEMS BELKIN COMPONENTS FUJITSU SCANNERS NETSCOUT SYSTEMS, INC SUPERMICRO COMPUTER CORSAIR MEMORY BLACK BOX FUJITSU SERVER STORAGE NOVATEL WIRELESS SYBA TECH LTD CRU ‐ CONNECTOR RESOURCES BLACKMAGIC DESIGN USA GARRETTCOM OMNITRON TARGUS DELL BLONDER TONGUE LABORATORIES GEAR HEAD ORACLE TEK‐REPUBLIC DELL EMC BOSCH SECURITY GEFEN OVERLAND STORAGE TELEADAPT, INC.
    [Show full text]