Cybersecurity threats are everywhere, and can be especially worrisome for small businesses. Small businesses are often targets of cyber attacks because they have information that is attractive to cybercriminals, without the cybersecurity large businesses and corporations have to keep them safe. When running a business, large or small, you must take all measures to protect sensitive information, your employees, and the technology you use.
Hackers are attackers outside of an organization who exploit security weaknesses in computer systems or networks to gain unauthorized access to information, cause mischief, or make changes to files, settings, or systems. Hackers have become increasingly sophisticated over the years, and many are experts on a variety of computer systems and software.
With the increase in cyberattacks and data security lapses, many organizations have changed their overall approach to data security and are taking a risk-based approach to data security.
Christopher Plummer is a Senior Cybersecurity Engineer at Dartmouth-Hitchcock. He is a Certified Information Systems Security Professional (CISSP) and a member of Cyber Health Working Group (CHWG), FBI InfraGard, Crimedex, and the New England Healthcare Information Security Forum (NEHISF).
Plummer has worked across a wide spectrum of organizations and industries, now specializing in healthcare information security. Before moving to Dartmouth-Hitchcock, he worked as a Senior Cybersecurity Analyst for Catholic Medical Center. He also spent nearly 10 years working as an Information Systems and Security Manager for the U.S. Navy. Skye Learning is thrilled to feature Plummer’s expert commentary in the online course Cybersecurity for Healthcare Professionals.
While organizations spend a lot of time and resources working to protect their digital assets, the physical security of the workplace is just as critical and just as subject to attack as is a network.
Physical security involves securing the site, building, office space, servers, computers, and other assets from being compromised at the actual location, rather than electronically over networks. It includes site design and layout, intrusion detection, fire protection, surveillance, physical access control, and emergency response.
It's important to remember that physical security consists of protecting against man-made threats, like intrusion or internal sabotage, as well as natural disasters, severe weather, and accidents that can cause floods, fire, and other problems.
Audit functions are not only good for troubleshooting a system but also for analyzing logs that can help uncover malicious activity in the form of insider breaches or outsider intrusions. In an investigation, audit logs help verify whether the security policy was adhered to and how an employee may have been involved in a security violation. All root and administrator activities should also be logged, and the size of all logs kept to a manageable size. Actions that should be logged include user-level events, application-level events, and system-level events.
The common approach to meeting the challenges of managing data is to map the process of creating and using data to a lifecycle. This is sometimes referred to as data lifecycle management (DLM) or information lifecycle management (ILM).
The purpose of such an approach is to allow an organization to identify the distinct phases data goes through, and then within each step or phase, to identify different security controls that should be in place.
This week, Skye Learning is thrilled to spotlight Dr. S. Atyia Martin, an expert for the AEM®/CEM® Prep Course (U.S. version). Martin is a Certified Emergency Manager (CEM®) with nearly 20 years of experience in emergency management, public health, intelligence, resilience, and homeland security. She was worked for the government, the private sector, and the nonprofit sector. Currently, she is CEO & Founder of All Aces, Inc., a consulting company that advances racial equity and builds organizational resilience. Martin is a distinguished senior fellow for the Global Resilience Institute.
Organizations are increasingly concerned about the loss or theft of electronic information, known as a data breach. Data breaches that result from unauthorized access by individuals within an organization have also become more common. These types of breaches, or data leaks, are commonly called insider threats. Insiders pose a unique challenge because they know how systems are configured, how to defeat these systems, and how to cover up any evidence.
Chris Williams is an enterprise cloud consultant at GreenPages Technology Solutions in Kittery, ME. According to his LinkedIn profile, Williams holds “too many certifications.” In fact, he is a certified AWS Solutions Architect Professional, an AWS Community Hero, a VMWare Certified Implementation Experty, a VMware vExpert, and more.
Williams is an expert in digital transformation who assists customers in deploying cloud solutions. He is also a subject matter expert for Skye Learning, appearing in Introduction to Cloud Computing and Cybersecurity.
Many people use the terms "data" and "information" interchangeably; however, there is a slight distinction between data governance and information governance. Information governance has more to do with all the processes and systems that gather and use knowledge, enhance it, and share it through the organization. Data governance is a subset of that, and it specifically focuses on the gathering, storing, and usage of data—especially personal data—concerning customers, employees, and partners. This data includes financial information, PII, phone numbers, emails, etc.