Dr. Lasantha Ranwala MBBS, Msc- Biomedical InformaticsCert. in Ethical Hacking & Cyber Forensic

Medical Officer Health Informatics

Best practices of information security management

Health Information Security Session 03:Best Practices of Information

Security Management

“Cyber security is not just about technology”

Defence in Depth

• concept in which multiple layers of security controls (defence) are placed throughout an information technology (IT) system.

• Its intent is to provide redundancy in the event of a security control fails or a vulnerability is exploited.

• cover aspects of personnel, procedural, technical and physical for the duration of the system's life cycle.

Defence in Depth continu......

Defence in Depth continu......

Security Controls

1. Physical control2. Technical control3. administrative control

1. Physical Controls

Implementation of security measures in a defined structure used to defend or prevent unauthorized access to sensitive material.

e.g.: • Closed-circuit surveillance cameras• Motion or thermal alarm systems• Security guards• Picture Ids

2.Technical Controls

• Use of technology as a basis for controlling the access and usage of sensitive data throughout a physical structure and over a network.

• e.g.:– Encryption– Access control lists (ACLs)– File integrity auditing software

Administrative Controls

• Administrative controls define the human factors of security. • It involves all levels of personnel within an organization and

determines which users have access to what resources and information by such means as:

• e.g.:– Information Security policy– Training and awareness– Disaster preparedness and recovery plans

Best Practises - Protect your network

1. Create Specific Access Controls– Minimum user privileges

2. Collect Detailed Logs– for security and troubleshooting purposes– backup logs

3. Maintain Security Patches– make sure your software and hardware security is up to date

4. Educate and Train Your Users– users will always be your weakest link

5. Policies and Guidelines– Clear User Policies for New Employees and Vendors– Security policy and guidelines for staff

6. User Activity Monitoring7. Data Breach Response Plan8. Back up and Restore

Best Practises - Protect your network Contin..

Best Practices -Protect ourself

1. Install anti-virus software and keep all computer software patched and updates.

2. Use a strong password– Password Vs Pass phrase

3. Log off public computers/Lock your computer4. Keep personal information safe

– Be wary of suspicious e-mails– Use secure Wi-Fi connections– properly delete any personal information before sell or dispose of

your hardware

5. Limit social network information– you should be wary about how much personal information

you post.6. Download files only from trusted souses7. Regular data Back up

Thank you

@hlabcrewhealthlabcrew.lk