Security Technology Executive

NOV-DEC 2017

Issue link:

Contents of this Issue


Page 29 of 71

PROVEN THE WORLD OVER. 4K Our new line of HDCVI cameras breathes new life into conventional analog surveillance systems. HDCVI delivers HD video and IP-type functionality with long distance transmission for coax infrastructure. With up to 4K resolution, it's the highest resolution imaging solution for coax available. 5 Develop realistic disaster recovery plans Disaster recovery plans need to be realistic and well- practiced in case the perimeter is breached. While tabletop exercises can provide valuable training to key personnel, these generally do not provide the opera- tions staff with the necessary experience of recover- ing systems while under stress. The limited scope of tabletop exercises can create a false sense of security for the executive team, ultimately undermining the business case for better disaster planning and invest- ments. Disaster recovery plans are not static and need to be updated frequently to respond to new threats. For example, the prevalence of ransomware has refo- cused the need for frequent offline backups that will be available following an attack as online or mirrored backups may also be compromised. 6 Ensure a communication plan for leadership is in place A defined communication plan to quickly alert execu- tive leadership is critical in the event of a breach. Valu- able time can be often lost trying to confirm the cause of a failure rather than immediately sounding the alarm. Executives can overcome organizational iner- tia and the desire to follow the "chain of command" by encouraging individuals who discover anomalies to communicate directly with senior decision mak- ers. Healthcare organizations may want to implement hotlines, with anonymous reporting capabilities, to encourage quick reactions that limit damage and get the organization on a recovery path sooner. 7 Avoiding minimally compliant goals through continuous improvement Executives should recognize that dated security standards may not be appropriate for today's threat environment. Executives should define and com- municate that security and compliance objectives must meet all current legal, regulatory, contractual requirements, and known threats. Recognize that legacy security standards are no longer adequate to protect covered entities against today's threat environ- ment. For example, HIPAA was published in 1996 and since then, ransomware and malware are frequently being used by organized crime groups, nation-states, and politically motivated actors in ways that were not imagined two decades ago. The more common stan- dard for security today in healthcare is the NIST CSF. BEST PRACTICES

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - NOV-DEC 2017