Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • CyberSecurity
  • HITRUST: the Path to Cyber Resilience
  • CyberSecurity

HITRUST: the Path to Cyber Resilience

4 years ago Maurice Uenuma
HITRUST: the Path to Cyber Resilience

There has been a lot of talk recently about cyber resilience. There is no doubt that the ability to bounce back from a security event is important, however, all of the resiliency banter seems to be happening at the peril of sound risk management processes.  It is safe to say that the path to resilience is paved with risk management.

Risk management can be a tricky endeavor. Too many security professionals have been ambushed in meetings with a risk manager who drifts into wild flights of fancy. These types of unbridled catastrophic imaginings miss the point of solid risk management. One way to reign in these “journeys of the unlikely” is with the use of a solid assurance framework. One of the most notable assurance frameworks for risk management is offered by HITRUST.

What is HITRUST?

Many people in the healthcare industry are familiar with HITRUST, but the approach is not specific, or limited to health care. In fact, it is industry agnostic. The different assurance approach offered is useful for all industries that need to address compliance and risk management. What makes it superior to the other available models? The answer lies in the way that it engages an organization’s risk profile.

Building upon the Capability Maturity Model (CMM), and NIST’s PRISMA, the HITRUST approach leverages best in class components for a comprehensive information risk management and compliance program that integrates and aligns the following:

  • HITRUST CSF – a robust privacy and security controls framework which harmonizes dozens of authoritative sources such as HIPAA, ISO 27001, and NIST 800-171.
  • HITRUST Assurance Program — a scalable and transparent means to provide reliable assurances to internal and external stakeholders.
  • HITRUST MyCSF — a HITRUST CSF compliance operations and audit management platform used by organizations adopting the HITRUST CSF, their external assessors, and HITRUST.
  • HITRUST Shared Responsibility Program — a suite of matrices and inheritance workflows clarifying service provider and customer responsibilities and enabling the sharing of assessment results between service providers and their customers.
  • HITRUST Assessment XChange — a third-party risk management solution.
  • HITRUST Third Party Assurance Program — a third-party risk management process.

Today, many compliance gap assessments (including HITRUST, ISO 27001, etc.) represent a “point-in-time” evaluation to determine whether a particular benchmark of control implementation and operation is achieved. The assessment activities are then reviewed and re-performed periodically (e.g., annually). Unfortunately, this method requires assessors and certification bodies to extrapolate across a future time period based on current-state assessment results.

HITRUST is working to incorporate concepts of Information Security Continuous Monitoring into their assurance program’s methodology and offerings. The end goal of HITRUST’s efforts is to change the “point-in-time” nature of traditional security assessments to one of an ongoing, prospective nature by providing assessed entities, HITRUST assessors, and HITRUST itself a view into the status of controls with a frequency sufficient to make ongoing, risk-based decisions. The end result is even greater rely-ability of HITRUST as well as the possibility of ongoing HITRUST certifications valid for much longer today’s HITRUST certification offerings.

The only thing worse than discovering gaps in a security program is finding controls that have gone neglected to the point that an old gap is re-opened. An ISCM approach prevents this by creating less degradation over time than the traditional periodic review. Other tangible benefits include:

  • Longer periods between comprehensive control gap assessments.
  • Reduced time and effort needed to maintain certification.
  • Reduced lifecycle costs for maintaining certification.
  • Higher levels of assurance and trust with and amongst external stakeholders such as regulators, business partners, and customers.

Certification is important, as it offers objective verification that a security program is operating within the parameters of its intended design. This has implications beyond the comfort of a successful audit cycle. Through ISCM, the HITRUST CSF Assurance Program will allow the findings in the CSF Assessment Report to be truly prospective.

Many security initiatives are viewed as “cost centers,” not adding value to an organization. From a monetary perspective, a HITRUST certification adds value by not only helping a company to meet cybersecurity insurability standards, but it can also lower those insurance premiums. This is because the HITRUST standard holds high confidence in the industry. This is also recognized by entities such as the US Government Accountability Office (GAO), which is tasked with saving taxpayer money.

HITRUST & Tripwire

Continuous monitoring is not an entirely new concept, however, the challenge of achieving it requires tools that can facilitate this ideal. The HITRUST ISCM methodology integrates perfectly with Tripwire to move an organization towards this state of constant compliance and security.  Whether it is monitoring, or configuration management, these all add to a near real-time awareness of an organization’s risk profile.

With HITRUST ISCM, coupled with Tripwire, an organization can move away from the annual “heavy assessment”, to a baseline of understanding and continual compliance throughout the period of time to understand if a control stops functioning. Tripwire can help an organization change the way assurance is obtained, maintained, and communicated.

Security assurance and compliance can be achieved and maintained with the HITRUST ISCM approach, coupled with Tripwire. This also transforms security into a measurable, metric-based discipline, which is a vital stepping-stone towards security resiliency.

To learn more, download this solution brief to learn how Tripwire Enterprise users can automate HITRUST compliance with advanced reporting, broad platform support, and remediation guidance.

The post ” HITRUST: the Path to Cyber Resilience” appeared first on TripWire

Source:TripWire – Maurice Uenuma

Tags: Compliance, Finance, Goverment, High Severity, Privacy, TripWire

Continue Reading

Previous Not with a Bang but a Whisper: The Shift to Stealthy C2
Next The Problem with the U.S. Power Grid: It’s too Vulnerable to Attacks

More Stories

  • CyberSecurity

Badges, Bytes and Blackmail

1 week ago [email protected] (The Hacker News)
  • CyberSecurity

Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites

1 year ago [email protected] (The Hacker News)
  • CyberSecurity

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

1 year ago [email protected] (The Hacker News)
  • CyberSecurity

10 Most Impactful PAM Use Cases for Enhancing Organizational Security

1 year ago [email protected] (The Hacker News)
  • CyberSecurity

North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs

1 year ago [email protected] (The Hacker News)
  • CyberSecurity

Cyber Story Time: The Boy Who Cried "Secure!"

1 year ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT