Gartner puts worldwide spending on information security products and services in 2016 at $81.6 billion. That\u2019s about $5 billion more than the year before, yet no one is under any illusions that breaches are on the decline.why-security-spending-is-not-enough-banner.png<\/p>\n
That\u2019s because spending isn\u2019t enough. You need to be building on a bedrock of best practices to get results. ITIL (formerly the Information Technology Infrastructure Library), for instance, is an excellent place for healthcare IT departments to start. It is, however, just one collection of best practices.<\/p>\n
Fundamental to maintaining system integrity, you should be starting from a well-known and secure configuration. Whatever the demands and pressures of the business to implement change quickly, it should only be to another well-known and secure configuration. It\u2019s important that the integrity of a configuration be maintained during any change process.<\/p>\n
ITIL defines three closed-loop processes that healthcare IT departments can use as foundational controls. They drive availability but have additional benefits in terms of uptime and a solid security footing.<\/p>\n
The processes in question are:<\/p>\n
Configuration management
\nChange management
\nRelease management
\nFollowing these processes closely means knowing your servers are secure and validated with a working configuration. When you have those things, you have a strong incentive to be rigorous when considering (let alone applying) changes like patches, adding new software, or changing hardware.<\/p>\n
Managing change well is absolutely fundamental to an organization\u2019s security. The best security policies, procedures, and technologies can be undermined the instant change management goes wrong.<\/p>\n
Again, ITIL is not the only choice when looking for a best practice guide. But if you are not following a recognized guide of some stripe\u2014whether it\u2019s ITIL, COBIT, or another\u2014alarm bells should be ringing.<\/p>\n
Presently, doctors might separate out behavioural health\u2014such as forming better habits to stay healthy longer\u2014from other medical health issues when delivering care. But the smart use of data offers an opportunity to fix that artificial separation. One golden opportunity for IT is to explore technology that integrates various aspects of healthcare, which would save time and money as well as improve health outcomes.<\/p>\n
This is just one example of the sort of area where enterprise IT can do what it does best: getting to the root of the problem and designing technology to fix it, not just implementing technology because it\u2019s \u201csexy\u201d.<\/p>\n
When you\u2019re too focused on point-based technology solutions and not focused enough on following best practices, you can expect to be breached.<\/p>\n
A philosophy that gives priority to core control processes will lead to a higher availability rate and fewer breaches. That\u2019s something that is easier to achieve when you don\u2019t see security as a feature that is bolted onto an existing IT framework or system. Bolting on security can\u2019t help you if your underlying environment is insecure.<\/p>\n
Look to balance your spending appropriately between impressive new threat intelligence tools and the fundamentals of employing and maintaining controls. If your IT control process is broken, it\u2019s probably a good indicator your security is broken, too.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Why network security spending is not enough Gartner puts worldwide spending on information security products and services in 2016 at $81.6 billion. That\u2019s about $5 billion more than the year before, yet no one is under any illusions that breaches are on the decline.why-security-spending-is-not-enough-banner.png That\u2019s because spending isn\u2019t enough. You need to be building on […]<\/p>\n","protected":false},"author":4,"featured_media":17043,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[15,30,31,38,34],"tags":[],"class_list":["post-4107","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-all","category-budget","category-healthcare-it","category-it-security","category-technical-consulting"],"translation":{"provider":"WPGlobus","version":"3.0.2","language":"es","enabled_languages":["en","es"],"languages":{"en":{"title":true,"content":true,"excerpt":false},"es":{"title":false,"content":false,"excerpt":false}}},"acf":[],"yoast_head":"\n