OIG: HHS Making Info Security Progress, But Still Has Gaps
Many of the ongoing HHS security weaknesses identified in the HHS Office of Inspector General’s ‘ fiscal 2016 review of HHS compliance with the Federal Information Security Modernization Act of 2014 – including those related to continuous monitoring, configuration management and identity and access management – are also common at many healthcare organizations, some security experts say.
Real-time monitoring is a necessity,” says Keith Fricke, partner and principal consultant at tw-Security. “Hundreds or thousands of digital events take place in an organization’s computing environment every minute. Identifying events of concern amidst that volume is not possible for IT staff to do manually. You can’t respond, contain and remediate these bad events if you can’t detect them in the first place.”…….