HIPAA Technical Safeguards - How to Implement Effectively
Overview:
Often times, technical personnel are mostly focused on keeping systems operating at peak performance because this is all that they have time for in their busy schedules. This is mostly because organizations have limited budgets to invest in more head count and technology resources for both system optimal performance and effective security controls
This makes it challenging for technical personal to have enough time to:
- Conduct research and Cost Benefit Analysis (CBA) on the best security technologies for their organizations
- Implement and maintain effective technical security controls
The purpose of this session is to help technical staff and leadership understand the risks from weak security technology controls and how to mitigate the risks using technologies and practices that will allow staff to work more efficiently, which will allow them to implement and maintain both high performing systems and secure technology controls.
Key takeaways from this presentation:
- Where cybercriminals are focusing their attention and how they are successful. Some examples:
- Missing Application Patches (Java, Adobe, etc)
- Weak Application Development Practices
- Weak IT component configurations
- Overview of top technical safeguards that should be invested in. Some examples:
- Data at rest encryption controls
- Patch management controls that cover both OS and applications
- Security Information Event Management systems
- Mobile Device Management controls
- Some examples of how clients have transitioned to stronger controls, such as:
- Prioritization of investments
- Invested in technologies that remediated multiple problems first
Why should you attend: Based on HIPAA security risk assessments conducted recently, many organizations are missing critical technology safeguards that could costs their organization money and a lost reputation if a cybercriminal or auditor finds the weaknesses. This session will enable engineers and leadership to identify tactical and strategic investments in security controls that should be invested in to reduce the risks from technical weaknesses.
Areas Covered in the Session:
- Operating System and Application Patch Management Controls
- Application Development Security Controls
- Identity Management Controls
- IT Component Configuration Controls
- Anti-Malware Controls
- Logging and Audit Trail Controls
- Encryption Controls
- Network Access Controls
- Disaster Recovery and Business Continuance Controls
- Technical Policies and Procedures
Who Will Benefit:
- IT Managers
- IT Staff
- Project Managers
- Leadership Staff
- HIPAA Security Officers