Johannesburg, 10 Feb 2021
The targeting and theft of sensitive health information continues to be a challenge. Increased regulation combined with a dynamic threat landscape requires today's healthcare leader to have a clear understanding of relevant legislation and how to measurably defend patient data and related systems. We can support you with practical advice for stopping even the most advanced attacks that may target your healthcare organisation.
Web casts:
https://www.youtube.com/watch?v=74ppDXT-Zvs
https://www.youtube.com/watch?v=EHD5hpnc6fY
https://www.youtube.com/watch?v=LUwd5TvRaME&t=2s
Blog:
Applying Cyber Hygiene to Defend Health Care Data and Systems, Greg Porter
White papers:
SANS Top New Attacks and Threat Report, John Pescatore
Cybersecurity in the Age of the Cloud, Frank Kim
Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework, John Hubbard
Implementer's Guide to Deception Technologies, Kyle Dickinson
Generating Hypotheses for Successful Threat Hunting, Robert M. Lee & David Bianco
2020 SANS Cyber Threat Intelligence (CTI) Survey, Robert M. Lee
Detecting Malicious Activity in Large Enterprises, Matt Bromiley
An Evaluator's Guide to NextGen SIEM, Barbara Filkins
Spends and Trends: SANS 2020 IT Cybersecurity Spending Survey, Barbara Filkins & John Pescatore
Making and Keeping Work-at-Home Operations Safe and Productive, John Pescatore
Healthcare NetWars:
The SANS Institute is super-excited to announce its newest cyber range, exclusively focused on securing healthcare environments! In this series of challenges, you’ll help Generic Hospital deal with some major cyber security issues facing similar organisations around the world today. Generic Hospital’s cyber security staff has identified suspicious events that require an immediate investigation. Also, new medical IOT devices in the hospital need to be analysed for vulnerabilities. What’s more, the organisation has deployed a new telemedicine Web application that requires a security test. And, to top it all off, Generic Hospital is being targeted with some nasty ransomware! Participants will build critically important cyber security skills in each of these areas vital to defending healthcare environments. Don’t miss this brand new Healthcare Mini-NetWars experience.
For more information, check out our flyer for our Healthcare NetWars.
Courses:
SEC474: Building A Healthcare Security & Compliance Program
There are three huge reasons why SEC474: Building a Healthcare Security and Compliance Program is important to all healthcare organisations.
First, the problem of healthcare security is big and only getting bigger. Adversaries are becoming more sophisticated in their approach and more focused on healthcare because of the value of the sector's data. Healthcare organisations of all sizes and types are concerned that the lack of properly trained security professionals is resulting in IT systems that are insecure and that they may be out of compliance and face steep fines.
Second, fines under the Health Insurance Portability and Accountability Act (HIPAA) are only getting bigger. Recent years have seen many million-dollar+ fines levied against healthcare organisations for not being "HIPAA compliant". Recent trends show that this situation is getting worse, not better.
Third, HIPAA compliance regulations don't actually tell you how to attain "HIPAA compliance". With absent specific guidance, organisations are left to figure out these challenges on their own. This course has been designed to help organisations with concrete guidance to build a secure and compliant environment.
Coming soon: SEC556 IOT penetration testing
This course will immerse students into the interfaces commonly observed in IOT devices and provide a process and testing framework (IoTA) to evaluate these devices within many layers of the OSI model.
Interested in SEC556? Fill out the form here to receive notifications about the course.
Share