Perform vulnerability assessment before conducting penetration testing
HIM-HIPAA Insider, January 19, 2015
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
While organizations should focus on performing regular risk assessments and analyses, there are also other ways in which they must review their systems for compliance. Often, these other evaluations are overlooked despite their value, says Kevin Beaver, CISSP, an information security consultant in Atlanta. In particular, organizations should be careful not to forget about performing vulnerability assessments and penetration tests, which are components of an overall risk assessment or analysis, says Beaver.
Hackers looking to gain access to an organization's data have moderate- to high-level knowledge of how systems and networks operate and can often easily exploit weaknesses, says John Askew, senior security analyst for SDGblue in Lexington, Kentucky.
"We recommend that organizations have regular vulnerability assessments in addition to their risk analysis," Askew says.
It's not enough for organizations to know what is in place to protect their systems; they must also be aware of how safeguards operate and whether they are functioning correctly. For example, simply knowing a firewall is installed is insufficient—privacy and security officers must also be familiar with how the firewall is configured and whether it adequately protects their organization, Askew says.
Continue reading "Perform vulnerability assessment before conducting penetration testing" on the HCPro website. Subscribers to Briefings on HIPAA have free access to this article in the January issue.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Math can be tricky: TJC corrects ABHR storage requirement
- Air control equals infection control
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Five ways to safeguard your patients' valuables
- The consequences of an incomplete medical record
- Q&A: Primary, principal, and secondary diagnoses
- OB services: Coding inside and outside of the package
- Skills of effective case managers
- Practice the six rights of medication administration
- E-mailed
-
- Air control equals infection control
- OSHA HazCom updates include labeling, SDS requirements
- Plan of Care Supports Documentation of Homebound Status
- Note similarities and differences between HCPCS, CPT® codes
- Note from the instructor: CMS clarifies billing guidelines on proper billing for drugs in a single-dose or single-use vial, including billing for discarded drugs
- Neurological checks for head injuries
- Modifiers and medical necessity
- Follow these tips to properly report bladder catheter codes
- Five ways to safeguard your patients' valuables
- Differentiate between types of wound debridement
- Searched