One of the ongoing discussion points about the healthcare industry’s acceptance of the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) has centered on the difference between a framework and compliance.
After all, healthcare organizations already follow a number of regulations, most notably the Health Insurance Portability and Accountability Act of 1996, better known as HIPAA. During Symantec’s most recent webinar for the series, “Demystifying the NIST CSF for Healthcare,” Axel Wirth compared the CSF with HIPAA.
“HIPAA defines the what, but not the how,” he said. “Think of HIPAA as what you need to accomplish, but not how you get there.”
As any successful cybersecurity professional will tell you – the devil is in the details. An organization could be deemed “successful” if they’ve avoided a large data breach, but that doesn’t mean their systems meet proper benchmarks. Instead, healthcare organizations should use the NIST CSF as the roadmap to creating a more risk-adverse enterprise.
That is true for the DETECT function of the NIST CSF, which was the main subject of our most recent webinar. The DETECT function looks at three main areas:
- Anomalies and events
- Continuous monitoring
- Detection processes
The goal of this function is to be able to tell when events happen, as well as to gain insights into them. For detecting anomalies and events, the DETECT function helps organizations gauge how they can understand their attack targets, the overall impact of an event and if they have established alert thresholds.
Continuous monitoring has become one of the most effective cybersecurity practices. The DETECT function of the NIST CSF looks at how individual networks are monitored, including the personnel activity and the physical environment the data is hosted in, along with things like new malicious code and even potential cybersecurity events. The detection processes focus on the governance structure in place to make sure the processes are well defined, comply with all requirements and are tested for accuracy.
The NIST CSF comes down to looking at where an organization is, where they want to be, what gaps currently exist and what needs to be done to fix them. It is a great mechanism to identify an organization’s security baseline and provides a path to ensure steps are taken to strengthen the security posture. When dealing with personal patient information, this is of utmost importance to the healthcare community.
To view the webinar in its entirety, click here. And join us on September 12 for the next webinar in our series as we’ll explore the RESPOND function of the NIST CSF, including what tools and processes healthcare organizations need in order to minimize impact during a cyber incident.