An acceptable use policy or access agreement should been adopted to ensure uniform and appropriate use of an organization’s network, computer, information assets, and other electronic resources. The rules, obligations, and standards described in this policy and other policies/procedures should…
Why is access control important? Without proper access control, unauthorized users could obtain confidential information and misuse it, and authorized users could fail to follow system instructions to protect the data. To mitigate these threats, the organization should establish access…
This article will provide some guidance and best practices for the use of, and security for, remote access and mobile device technology (e.g. BYOD) that access critical information systems and sensitive or confidential information assets. Keywords you should know Mobile…
Any applications developed internally or outsourced should follow secure coding practices to prevent common vulnerabilities and potential data breaches. The application’s design and implementation should ensure that the risks of processing failures leading to a loss of integrity are minimized.…
Medical devices improve health, quality of life, and even save lives. As such, medical device use must be appropriate for the context and setting in which it is intended. They must be safe for the patient to use and abide…
The network should be designed, configured, and maintained to deliver high performance and reliability to meet the needs of the business, while also providing access controls and necessary privileges. The intent of network security management is to protect the critical…
As a follow up to the security auditing and logging article, security monitoring and reporting is an essential part of a robust information security program. Adequate procedures should be in place to monitor any log-in attempts to information systems and…
Generally accepted security auditing and logging practices should be adhered to ensure that the policies and procedures regarding compliance with the implementation specifications of certain standards and regulations (e.g. HIPAA, PCI, ISO 27001, HITRUST) are being met. Auditing and logging…