Health Information Security Session 03 : Best practise in information security

Dr. Lasantha Ranwala MBBS, Msc- Biomedical InformaticsCert. in Ethical Hacking & Cyber Forensic

Medical Officer Health Informatics

Best practices of information security management

Health Information Security Session 03:Best Practices of Information

Security Management

“Cyber security is not just about technology”

Defence in Depth

• concept in which multiple layers of security controls (defence) are placed throughout an information technology (IT) system.

• Its intent is to provide redundancy in the event of a security control fails or a vulnerability is exploited.

• cover aspects of personnel, procedural, technical and physical for the duration of the system's life cycle.

Defence in Depth continu......

Security Controls

1. Physical control2. Technical control3. administrative control

1. Physical Controls

Implementation of security measures in a defined structure used to defend or prevent unauthorized access to sensitive material.

e.g.: • Closed-circuit surveillance cameras• Motion or thermal alarm systems• Security guards• Picture Ids

2.Technical Controls

• Use of technology as a basis for controlling the access and usage of sensitive data throughout a physical structure and over a network.

• e.g.:– Encryption– Access control lists (ACLs)– File integrity auditing software

Administrative Controls

• Administrative controls define the human factors of security. • It involves all levels of personnel within an organization and

determines which users have access to what resources and information by such means as:

• e.g.:– Information Security policy– Training and awareness– Disaster preparedness and recovery plans

Best Practises - Protect your network

1. Create Specific Access Controls– Minimum user privileges

2. Collect Detailed Logs– for security and troubleshooting purposes– backup logs

3. Maintain Security Patches– make sure your software and hardware security is up to date

4. Educate and Train Your Users– users will always be your weakest link

5. Policies and Guidelines– Clear User Policies for New Employees and Vendors– Security policy and guidelines for staff

6. User Activity Monitoring7. Data Breach Response Plan8. Back up and Restore

Best Practises - Protect your network Contin..

Best Practices -Protect ourself

1. Install anti-virus software and keep all computer software patched and updates.

2. Use a strong password– Password Vs Pass phrase

3. Log off public computers/Lock your computer4. Keep personal information safe

– Be wary of suspicious e-mails– Use secure Wi-Fi connections– properly delete any personal information before sell or dispose of

your hardware

5. Limit social network information– you should be wary about how much personal information

you post.6. Download files only from trusted souses7. Regular data Back up

Thank you

@hlabcrewhealthlabcrew.lk

Health Information Security Session 03 : Best practise in information security

Healthcare

Chapter 1: Information and Data Security Fundamentals · Chapter 1: Information and Data Security ... Information Security Risk Management. ... Information Security Handbook [ 15

Workshop „Information Security“ Protecting information efficiently€¦ · ABB ABILITY™ CYBER SECURITY SERVICES Workshop „Information Security“ Protecting information efficiently

Information Security & Identity Theft - Banking with … · Information Security & Identity Theft What is Information Security? (continued) ® Information Security Core Principles

· Web view- to practise talking about films made in Uzbekistan and in foreign countries Developing: - to practise listening for detailed information - to practise writing about

Information Security Policy - British Columbia · Information Security Program, headed by the Chief Information Security Officer, as the Executive Director of the Information Security

Security Information and Event Management (SIEM) for ... · Security Information and Event Management (SIEM) ... to improve your organization’s security ... Security Information

Information security in general practice...Information security in general practice 3Practice information security policies Polices should be created to support information security

Information Technology Information and Systems Security ...€¦ · Information and Systems Security/Compliance Information Security Vulnerability ... Assessment or at the beginning

GOVERNMENT INFORMATION SECURITY REFORM ACT · PDF fileGOVERNMENT INFORMATION SECURITY REFORM ACT ... Information Technology Audits Staff ... “Government Information Security Reform

1 National Security, Human Security, and the Practise of ...mstohl.faculty.comm.ucsb.edu/failed_states/2000/papers/...1 National Security, Human Security, and the Practise of Statecraft

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga

Handbook AS-805 - Information Security - November 2019 · 2-2.21 Manager, Corporate Information Security Office Information Systems Security. information security. Service. Service

Cyber Security Specialist Information Security • Cyber ... · Cyber Security • Security Analyst • Cyber Security Specialist Information Security • Cyber Operations Manager

1 Information Security Karl F. Lutzen, CISSP Information Security Officer S&T IT Information Systems Security

In this lesson, Ss will be able to Practise making notes of the important information from a reading text. Practise using collocations. Talk about

Information Security Management. Workshop Agenda Understanding your Information Security EnvironmentUnderstanding your Information Security Environment

Information Technology Information and Systems Security/Compliance Information Security

Information Systems Security Information Security & Risk Management

Information Security Awareness Training. Agenda What is Information Security? Information Ecosystem C-I-A Godrej & Boyce Information Security Organization

Security Information Systems Security