Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.
Issue link: http://sdi.epubxp.com/i/703941
28 Security Dealer & Integrator / www.SecurityInfoWatch.com July 2016 source for data breach prevention, if they are not considering data pro- tection when they are working with a healthcare customer, they will be doing them a disservice. "With so many regulatory consid- erations and huge consequences if there's a data breach, we are seeing a lot more focus on data management — not only on the cyber side, which is really its own science — but on the physical security side as well," Warren says. "Anyplace that deals with where medical records are stored is right up there with the emergency department, behavioral health, and labor and deliv- ery as far as security-sensitive areas in a healthcare setting." The Role of the Integrator In attempting to answer the question, what is the role of the security integra- tor in healthcare data protection, you can find a lot of different responses depending on the source — end-user, traditional physical security integra- tor, IT security specialist or health- care end-user. For Bill Bozeman, President and CEO of the PSA Security Network of integrators, the role involves accep- tance, adaptation, education and communication. "Step one for the physical security integrator is to accept the fact that cybersecurity is an important issue that must be dealt with. e integrator needs to build cybersecurity education, processes and services into their business plan," Bozeman explains. "Step two is getting the integration company employees educated on the potential risk and possible solutions available to the integrator community for cybersecurity as it is related to the healthcare community," he adds. "Step three is communication to the healthcare organization of the cyber- security policies and procedures both the integrator and the chosen manu- facturer of the security products have taken to protect the facility as best as possible from a potential cybersecu- rity breach." "Health data networks must upgrade their security — this includes building a skilled and trained team of information data security profes- sionals who can monitor for attacks and maintain a current, protective firewall," says Dr. Kirsten Hoyt, Aca- demic Dean with University of Phoe- nix College of Information Systems and Technology and co-director of the University of Phoenix Cybersecu- rity and Security Operations Institute. Obviously, the security integrator's responsibilities have evolved nearly as quickly as the threats have. at said, according to Warren — who is on the front lines of the problem — physical security remains a cornerstone of an effective IT security posture. "e IT security folks need to understand that the virtual security that they provide is incredibly important, but at the same time, the physical and operational solutions that security integrators can provide are just as important," Warren says. "You can have all the best VPNs and firewalls and malware protection in the world, but that's not going to stop a person from walking in the back door with a thumb drive. A lot of times the IT guys forget about the old-school security measures." Data Security Meets Physical Security "Integrators can start by focusing on reducing the attack surface to make it more difficult for attackers, while reducing reliance on detection soware," says James Maude, Senior Security Engineer at Avecto, a provider of cybersecurity soware solutions. "If a data center calls an integra- tor and asks for help with security, Cover Story Step one for the physical security integrator is to accept the fact that cybersecurity is an important issue that must be dealt with. The integrator needs to build cybersecurity education, processes and services into their business plan." — Bill Bozeman, CEO, PSA Security Network Physical security devices can be used by attackers to pivot into a network, so it is important that security integrators have a good grasp on their own security." — James Maude, Senior Security Engineer, Avecto