Threat Process Model in the health care
delivery system: Sources of information for threats, vulnerabilities, updates,
and security news
Healthcare
cybersecurity attacks rise 320% from 2015 to 2016
(Symantec’s 2017
Internet Security Threat Report - ISTR)
A good
and effective approach to addressing threat that may affect information systems
of an organization is the threat modeling process. A structured approach for a
software-focused, or attacker-focused or asset-focused will decompose to four
basic steps:
Step 1 – Decompose the application
Step 2 - Determine and rank threats
Step 3 – Identify vulnerabilities
Step 4 – Determine controls or countermeasures and mitigation
The visioning of the security requirements and scenarios
before building would help in identifying threats to the system being built or
that has been built. It’s needful to analyze these threats, with Microsoft STRIDE, and rank the identified threats with DREAD, for example. Attack agents might exploit the
vulnerabilities in the software, application or system. There is the need to
also identify these vulnerabilities. Table 1.1 provides a list of some credible
sources of information for threats, vulnerabilities, updates, and security
news. This list is by no means exhaustive. It only represents members in this
category. These sources are credible as they not only provide current
information on threats, vulnerabilities, updates, and security news; but, are
credible, accurate and reliable sources of information security that could be
applied in many scenarios to mitigating information security risks. Symantec
provides a monthly threat report.
|
Sources
|
Website
|
|
1.
Symantec
-
Symantec internet security threat report 2017
-
Website security report 2016
2.
Verizon’s
data breach investigations report (DBIR) - 2017
3.
Forbes
-
Top 2016 Cybersecurity reports from AT&T, Cisco,
Dell, Google, IBM, McAfee, Symantec and Verizon
4.
Federal Communications Commission
5.
Health IT security
– Healthcare data
security
incidents in 2016
6.
John
Schneier Blogs
7.
Security
Wizardry Radar
8.
Homeland Security Cybersecurity
9.
CVE details
-
Security vulnerability data source
10.
Microsoft Service and Update Center
11. Oracle
Help Center
12. Homeland
Security newswire
13. Tech
News World
-
Cybersecurity
|
https://websitesecurity.symantec.com/campaigns/16963-campaign/current/landing/assets/wstr-pt1-us.pdf
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/
http://www.technewsworld.com/perl/section/cyber-security/
|
Table
1.1 List of some credible sources of information for threats, vulnerabilities, updates,
and security news.
In the event of getting conflicting reports from some
online sites, it is needful to cross check with some of these and some other
credible cybersecurity news sites, CBS cybersecurity, Security Magazine Cyber
Security News, HuffPost Cyber Security, Secure Works, and Tech Republic, for
example.
References
Symantec Security Center. 2017
Internet Security Threat Report (ISTR). (2017).
Retrieved
(2017-15-6) from https://www.symantec.com/security-center/threat-report
Morgan, S. Top 2016
Cybersecurity Reports Out From AT&T, Cisco, Dell, Google, IBM,
McAfee,
Symantec and Verizon. (2016-9-5). Forbes. Retrieved (2017-15-6) from https://www.forbes.com/sites/stevemorgan/2016/05/09/top-2016-cybersecurity-reports-out-from-att-cisco-dell-google-ibm-mcafee-symantec-and-verizon/#12912edb1caf
Health IT Security. Healthcare
Data Security Incidents Second Highest in 2016. (2017-
26-4).
Retrieved (2017-15-6) from https://healthitsecurity.com/news/healthcare-data-security-incidents-second-highest-in-2016
No comments:
Post a Comment