SlideShare a Scribd company logo

HIPAA_CheatSheet

D
Derrick McBreairty
1 of 2
Download to read offline
ALERTLOGIC.COM / U.S. 877.484.8383 / U.K. +44 (0) 203 011 5533 HIPAA COMPLIANCE: A CHEAT SHEET SELECTING TECHNOLOGIES FOR Selecting technologies to help your organization comply with HIPAA regulations can be overwhelming. Here are few things you should look for when evaluating technologies against your HIPAA requirements. INTRUSION DETECTION SYSTEM (IDS) Intrusion detection systems run the gamut from complex host-based detection to lightweight network-based detection. Generally, any credible IDS will provide core functionality designed to detect known bad activity based on known signatures. To comply with the administrative and technical HIPAA safeguards — and to protect your network —be sure to ask the following questions: WEB APPLICATION PROTECTION Hackers and cybercriminals are exploiting poorly protected websites at an alarming rate. Organizations are impacted almost daily. An excellent way to protect your internet-facing websites and applications is to implement a Web Application Firewall (WAF). Depending on your deployment preference, the WAF can provide inline protection from invalid/malformed requests made against your website or simply monitor web requests, alerting when these bad requests are encountered. While WAFs are a critical component of your security framework, they also assist you in complying the specific administrative safeguards related to HIPAA. During your evaluation, find out the following: 01 Do you provide signatures of known bad and known good files/network traffic? 02 How often are your signatures updated? Do I have to update them myself or is the system auto-updating? 03 How much training does someone need to become proficient in your solution? 04 Is your IDS integrated with any other security technology? 05 Will your IDS work in both my on-premises data center and my cloud environments? 01 Who manages the Web Application Firewall? 02 How does your WAF handle changes made to my website? Do I have to reconfigure the solution myself? 03 What website attack vectors is your WAF blocking? 04 Can your WAF work across my different public cloud hosting providers? 05 How quickly can your WAF be implemented and start protecting my environment?
SELECTING TECHNOLOGIES FOR HIPAA COMPLIANCE: A CHEAT SHEET © 2015 Alert Logic, Inc. All rights reserved. Alert Logic and the Alert Logic logo are trademarks, registered trademarks, or servicemarks of Alert Logic, Inc. All other trademarks listed in this document are the property of their respective owners. ABOUT ALERT LOGIC Alert Logic, the leader in security and compliance solutions for the cloud, provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Fully managed by a team of experts, the Alert Logic Security-as-a-Service solution provides network, system and web application protection immediately, wherever your IT infrastructure resides. Alert Logic partners with the leading cloud platforms and hosting providers to protect over 3,500 organizations worldwide. Built for cloud scale, our patented platform stores petabytes of data, analyses over 400 million events and identifies over 50,000 security incidents each month, which are managed by our 24x7 Security Operations Center. Alert Logic, founded in 2002, is headquartered in Houston, Texas, with offices in Seattle, Dallas, Cardiff, Belfast and London. For more information, please visit www.alertlogic.com. LOG MANAGEMENT By far, log management solutions provide the broadest coverage in regards to your HIPAA mandates. Log management solutions vary in complexity and deployment models. There are a myriad of solutions that provide complex query languages that enable skilled users to mine logs for indicators of compromise, as well as any activity that may indicate a HIPAA mandate may have been broken. For those not well-versed in log analysis, there are highly automated solutions that enable users to easily produce reports, search logs, and comply with audit requests without significant training. Selection of a log management solution should be driven not only by HIPAA requirements but also by your ability to manage the day-to-day usage of the solution. Ask these questions when looking for a log management solution: 01 Does your solution have the ability to archive log data long term? Where are the logs stored? 02 How do I search collected logs? Is there a proprietary query language I would have to learn? 03 Where is your solution deployed? How often is the solution updated? Are there additional costs associated with upgrading when a new version is released? 04 Does your solution include pre-built HIPAA reports? If not, how hard is it to make them? 05 I have a hybrid environment. Will your single solution work for all my environments? To learn more about how Alert Logic Security-as-a-Service solutions can help meet your HIPAA compliance needs visit: www.alertlogic.com/solutions/compliance/hipaa-hitech-compliance

Recommended

HIPAA
HIPAAHIPAA
HIPAADruce MacFarlane
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
Bitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarCipherCloud
 
Office365 security in depth
Office365 security in depthOffice365 security in depth
Office365 security in depthAlberto Pascual
 
Magix Value Proposition Ar
Magix Value Proposition ArMagix Value Proposition Ar
Magix Value Proposition Aralanrehbock
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust NetworksPractical Code, LLC
 

Recommended

HIPAA
HIPAAHIPAA
HIPAADruce MacFarlane
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
Bitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass Webinar - A Primer on CASBs and Cloud Security
Bitglass Webinar - A Primer on CASBs and Cloud SecurityBitglass
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarCipherCloud
 
Office365 security in depth
Office365 security in depthOffice365 security in depth
Office365 security in depthAlberto Pascual
 
Magix Value Proposition Ar
Magix Value Proposition ArMagix Value Proposition Ar
Magix Value Proposition Aralanrehbock
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust NetworksPractical Code, LLC
 
Een praktische aanpak naar GDPR met Microsoft 365
Een praktische aanpak naar GDPR met Microsoft 365Een praktische aanpak naar GDPR met Microsoft 365
Een praktische aanpak naar GDPR met Microsoft 365Marketing Team
 
Awingu deck for eurosys gdpr march 2018
Awingu deck for eurosys gdpr march 2018Awingu deck for eurosys gdpr march 2018
Awingu deck for eurosys gdpr march 2018Marketing Team
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperDavid J Rosenthal
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Avi Networks
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systemsCognic Systems Pvt Ltd
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCipherCloud
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteEdgar Alejandro Villegas
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With ITNainil Chheda
 
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise dataSecuring Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise dataPistoia Alliance
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
Data Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsData Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsJone Smith
 
Web security
Web securityWeb security
Web securityHimanshu Tyagi
 
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsHow to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsInfo-Tech Research Group
 
Protecting the Healthcare Database
Protecting the Healthcare DatabaseProtecting the Healthcare Database
Protecting the Healthcare DatabaseSteve Dunn
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeVishwas Manral
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 
Projects
ProjectsProjects
Projectsgegantdelrec
 
Argie bond quant track record
Argie bond quant track recordArgie bond quant track record
Argie bond quant track recordFrancisco Prack
 

More Related Content

What's hot

Een praktische aanpak naar GDPR met Microsoft 365
Een praktische aanpak naar GDPR met Microsoft 365Een praktische aanpak naar GDPR met Microsoft 365
Een praktische aanpak naar GDPR met Microsoft 365Marketing Team
 
Awingu deck for eurosys gdpr march 2018
Awingu deck for eurosys gdpr march 2018Awingu deck for eurosys gdpr march 2018
Awingu deck for eurosys gdpr march 2018Marketing Team
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperDavid J Rosenthal
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Avi Networks
 
CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCipherCloud
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteEdgar Alejandro Villegas
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With ITNainil Chheda
 
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise dataSecuring Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise dataPistoia Alliance
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
Data Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsData Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsJone Smith
 
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsHow to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsInfo-Tech Research Group
 
Protecting the Healthcare Database
Protecting the Healthcare DatabaseProtecting the Healthcare Database
Protecting the Healthcare DatabaseSteve Dunn
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeVishwas Manral
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 

What's hot (20)

Een praktische aanpak naar GDPR met Microsoft 365
Een praktische aanpak naar GDPR met Microsoft 365Een praktische aanpak naar GDPR met Microsoft 365
Een praktische aanpak naar GDPR met Microsoft 365
 
Awingu deck for eurosys gdpr march 2018
Awingu deck for eurosys gdpr march 2018Awingu deck for eurosys gdpr march 2018
Awingu deck for eurosys gdpr march 2018
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 Whitepaper
 
Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance Secure Your Web Applications and Achieve Compliance
Secure Your Web Applications and Achieve Compliance
 
It security cognic_systems
It security cognic_systemsIt security cognic_systems
It security cognic_systems
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
CIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud AdoptionCIO's Guide to Enterprise Cloud Adoption
CIO's Guide to Enterprise Cloud Adoption
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With IT
 
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise dataSecuring Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
 
Data Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS SolutionsData Loss Prevention with WatchGuard XCS Solutions
Data Loss Prevention with WatchGuard XCS Solutions
 
Web security
Web securityWeb security
Web security
 
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsHow to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS Environments
 
Protecting the Healthcare Database
Protecting the Healthcare DatabaseProtecting the Healthcare Database
Protecting the Healthcare Database
 
Zero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at AdobeZero Trust Enterprise Network at Adobe
Zero Trust Enterprise Network at Adobe
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | Seclore
 

Viewers also liked

Argie bond quant track record
Argie bond quant track recordArgie bond quant track record
Argie bond quant track recordFrancisco Prack
 
2015_Vizocom_Company_Profile
2015_Vizocom_Company_Profile2015_Vizocom_Company_Profile
2015_Vizocom_Company_ProfileJayme Jamal Pedro
 
методолзробка.букієвська і.виготовлення ялинки
методолзробка.букієвська і.виготовлення ялинкиметодолзробка.букієвська і.виготовлення ялинки
методолзробка.букієвська і.виготовлення ялинкиOlena Pyzaenko
 
Eresie del Basso Medioevo
Eresie del Basso MedioevoEresie del Basso Medioevo
Eresie del Basso MedioevoDavide Bellini
 
Responsibilities and Accomplishments - Senior Accounting Associate
Responsibilities and Accomplishments - Senior Accounting AssociateResponsibilities and Accomplishments - Senior Accounting Associate
Responsibilities and Accomplishments - Senior Accounting AssociateMellissia Allen
 
Mv perivalvular leak
Mv perivalvular leakMv perivalvular leak
Mv perivalvular leakUlrich Luft
 
Buques frigoríficos
Buques frigoríficosBuques frigoríficos
Buques frigoríficosArturo Aldama
 
Processo de formação de palavras
Processo de formação de palavrasProcesso de formação de palavras
Processo de formação de palavrasKaren Olivan
 
8 ano cap 4 sistema digestório
8 ano cap 4 sistema digestório8 ano cap 4 sistema digestório
8 ano cap 4 sistema digestórioSarah Lemes
 
Relación entre-cultura-ciencia-y-tecnología
Relación entre-cultura-ciencia-y-tecnologíaRelación entre-cultura-ciencia-y-tecnología
Relación entre-cultura-ciencia-y-tecnologíakarina ledesma
 

Viewers also liked (15)

Projects
ProjectsProjects
Projects
 
Argie bond quant track record
Argie bond quant track recordArgie bond quant track record
Argie bond quant track record
 
AWS Business Dev Cert
AWS Business Dev CertAWS Business Dev Cert
AWS Business Dev Cert
 
Event Marketing Ecosystem 360/5
Event Marketing Ecosystem 360/5Event Marketing Ecosystem 360/5
Event Marketing Ecosystem 360/5
 
2015_Vizocom_Company_Profile
2015_Vizocom_Company_Profile2015_Vizocom_Company_Profile
2015_Vizocom_Company_Profile
 
Reklama Natywna
Reklama Natywna Reklama Natywna
Reklama Natywna
 
методолзробка.букієвська і.виготовлення ялинки
методолзробка.букієвська і.виготовлення ялинкиметодолзробка.букієвська і.виготовлення ялинки
методолзробка.букієвська і.виготовлення ялинки
 
Eresie del Basso Medioevo
Eresie del Basso MedioevoEresie del Basso Medioevo
Eresie del Basso Medioevo
 
Nós, consultores especialistas v 0
Nós, consultores especialistas v 0Nós, consultores especialistas v 0
Nós, consultores especialistas v 0
 
Responsibilities and Accomplishments - Senior Accounting Associate
Responsibilities and Accomplishments - Senior Accounting AssociateResponsibilities and Accomplishments - Senior Accounting Associate
Responsibilities and Accomplishments - Senior Accounting Associate
 
Mv perivalvular leak
Mv perivalvular leakMv perivalvular leak
Mv perivalvular leak
 
Buques frigoríficos
Buques frigoríficosBuques frigoríficos
Buques frigoríficos
 
Processo de formação de palavras
Processo de formação de palavrasProcesso de formação de palavras
Processo de formação de palavras
 
8 ano cap 4 sistema digestório
8 ano cap 4 sistema digestório8 ano cap 4 sistema digestório
8 ano cap 4 sistema digestório
 
Relación entre-cultura-ciencia-y-tecnología
Relación entre-cultura-ciencia-y-tecnologíaRelación entre-cultura-ciencia-y-tecnología
Relación entre-cultura-ciencia-y-tecnología
 

Similar to HIPAA_CheatSheet

Top 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTop 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTawnia Beckwith
 
SAM Services powered by AUPIT
SAM Services powered by AUPITSAM Services powered by AUPIT
SAM Services powered by AUPITJames Galera
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperMohd Anwar Jamal Faiz
 
Test Automation Processes Log4j Vulnerability
Test Automation Processes Log4j VulnerabilityTest Automation Processes Log4j Vulnerability
Test Automation Processes Log4j VulnerabilityaNumak & Company
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxgriffinruthie22
 
Owasp_Security_Labeling_System
Owasp_Security_Labeling_SystemOwasp_Security_Labeling_System
Owasp_Security_Labeling_SystemluisenriquezA
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONInfosec Train
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the CloudRapidScale
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfVishnuGone
 
Quick heal-presentation
Quick heal-presentationQuick heal-presentation
Quick heal-presentationDarshan Khant
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksEmmanuel Oshogwe Akpeokhai
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxcockekeshia
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code ProtectionPerforce
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
PaloAlto Training pptx
PaloAlto Training pptxPaloAlto Training pptx
PaloAlto Training pptxIDES TRAININGS
 

Similar to HIPAA_CheatSheet (20)

Top 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTop 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management Provider
 
SAM Services powered by AUPIT
SAM Services powered by AUPITSAM Services powered by AUPIT
SAM Services powered by AUPIT
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
 
Test Automation Processes Log4j Vulnerability
Test Automation Processes Log4j VulnerabilityTest Automation Processes Log4j Vulnerability
Test Automation Processes Log4j Vulnerability
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
 
Owasp_Security_Labeling_System
Owasp_Security_Labeling_SystemOwasp_Security_Labeling_System
Owasp_Security_Labeling_System
 
Beka Technology
Beka TechnologyBeka Technology
Beka Technology
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTION
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdf
 
Quick heal-presentation
Quick heal-presentationQuick heal-presentation
Quick heal-presentation
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External Attacks
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417
 
[EMC] Source Code Protection
[EMC] Source Code Protection[EMC] Source Code Protection
[EMC] Source Code Protection
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
PaloAlto Training pptx
PaloAlto Training pptxPaloAlto Training pptx
PaloAlto Training pptx
 
PaloAlto Training pdf
PaloAlto Training pdfPaloAlto Training pdf
PaloAlto Training pdf
 

HIPAA_CheatSheet

  • 1. ALERTLOGIC.COM / U.S. 877.484.8383 / U.K. +44 (0) 203 011 5533 HIPAA COMPLIANCE: A CHEAT SHEET SELECTING TECHNOLOGIES FOR Selecting technologies to help your organization comply with HIPAA regulations can be overwhelming. Here are few things you should look for when evaluating technologies against your HIPAA requirements. INTRUSION DETECTION SYSTEM (IDS) Intrusion detection systems run the gamut from complex host-based detection to lightweight network-based detection. Generally, any credible IDS will provide core functionality designed to detect known bad activity based on known signatures. To comply with the administrative and technical HIPAA safeguards — and to protect your network —be sure to ask the following questions: WEB APPLICATION PROTECTION Hackers and cybercriminals are exploiting poorly protected websites at an alarming rate. Organizations are impacted almost daily. An excellent way to protect your internet-facing websites and applications is to implement a Web Application Firewall (WAF). Depending on your deployment preference, the WAF can provide inline protection from invalid/malformed requests made against your website or simply monitor web requests, alerting when these bad requests are encountered. While WAFs are a critical component of your security framework, they also assist you in complying the specific administrative safeguards related to HIPAA. During your evaluation, find out the following: 01 Do you provide signatures of known bad and known good files/network traffic? 02 How often are your signatures updated? Do I have to update them myself or is the system auto-updating? 03 How much training does someone need to become proficient in your solution? 04 Is your IDS integrated with any other security technology? 05 Will your IDS work in both my on-premises data center and my cloud environments? 01 Who manages the Web Application Firewall? 02 How does your WAF handle changes made to my website? Do I have to reconfigure the solution myself? 03 What website attack vectors is your WAF blocking? 04 Can your WAF work across my different public cloud hosting providers? 05 How quickly can your WAF be implemented and start protecting my environment?
  • 2. SELECTING TECHNOLOGIES FOR HIPAA COMPLIANCE: A CHEAT SHEET © 2015 Alert Logic, Inc. All rights reserved. Alert Logic and the Alert Logic logo are trademarks, registered trademarks, or servicemarks of Alert Logic, Inc. All other trademarks listed in this document are the property of their respective owners. ABOUT ALERT LOGIC Alert Logic, the leader in security and compliance solutions for the cloud, provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Fully managed by a team of experts, the Alert Logic Security-as-a-Service solution provides network, system and web application protection immediately, wherever your IT infrastructure resides. Alert Logic partners with the leading cloud platforms and hosting providers to protect over 3,500 organizations worldwide. Built for cloud scale, our patented platform stores petabytes of data, analyses over 400 million events and identifies over 50,000 security incidents each month, which are managed by our 24x7 Security Operations Center. Alert Logic, founded in 2002, is headquartered in Houston, Texas, with offices in Seattle, Dallas, Cardiff, Belfast and London. For more information, please visit www.alertlogic.com. LOG MANAGEMENT By far, log management solutions provide the broadest coverage in regards to your HIPAA mandates. Log management solutions vary in complexity and deployment models. There are a myriad of solutions that provide complex query languages that enable skilled users to mine logs for indicators of compromise, as well as any activity that may indicate a HIPAA mandate may have been broken. For those not well-versed in log analysis, there are highly automated solutions that enable users to easily produce reports, search logs, and comply with audit requests without significant training. Selection of a log management solution should be driven not only by HIPAA requirements but also by your ability to manage the day-to-day usage of the solution. Ask these questions when looking for a log management solution: 01 Does your solution have the ability to archive log data long term? Where are the logs stored? 02 How do I search collected logs? Is there a proprietary query language I would have to learn? 03 Where is your solution deployed? How often is the solution updated? Are there additional costs associated with upgrading when a new version is released? 04 Does your solution include pre-built HIPAA reports? If not, how hard is it to make them? 05 I have a hybrid environment. Will your single solution work for all my environments? To learn more about how Alert Logic Security-as-a-Service solutions can help meet your HIPAA compliance needs visit: www.alertlogic.com/solutions/compliance/hipaa-hitech-compliance