This preview has intentionally blurred parts. Sign up to view the full document

View Full Document

Unformatted Document Excerpt

Jesus Vazquez IS-4550 Unit 1 Assignment 1: Security Policies Overcoming Business Challenges 10 Best Practices for the Small Health Care Environment 1. Use Strong Passwords and Change Them Regularly Passwords are the first line of defense in preventing unauthorized access to any computer. Regardless of type or operating system, a password should be required to log in. Although a strong password will not prevent attackers from trying to gain access, it can slow them down and discourage them. In addition, strong passwords, combined with effective access controls, help to prevent casual misuse, for example, staff members pursuing their personal curiosity about a case even though they have no legitimate need for the information. Strong passwords are ones that are not easily guessed. Since attackers may use automated methods to try to guess a password, it is important to choose a password that does not have characteristics that could make it vulnerable. Strong passwords should not include : o Words found in the dictionary, even if they are slightly altered, for example by replacing a letter with a number. o Personal information such as birth date, names of self, or family, or pets, social security number, or anything else that could easily be learned by others. Remember: If a piece of information is on a social networking site, it should never be used in a password. Strong passwords should : o Be at least eight characters in length o Include a combination of upper case and lower case letters, one number and at least one special character, such as a punctuation mark Finally, systems should be configured so that passwords must be changed on a regular basis. While this may be inconvenient for users, it also reduces some of the risk that a system will be easily broken into with a stolen password. Passwords and Strong Authentication Strong, or multi-factor, authentication combines multiple different authentication methods resulting in stronger security. In addition to a user name and password, another authentication method is used. For example a smartcard or key -fob, or a fingerprint iris scan. Under Federal regulations permitting e-prescribing of controlled substances, multi-factor authentication must be used. 2. Install and Maintain Anti-Virus Software The primary way that attackers compromise computers in the small office is through viruses and similar code that exploits vulnerabilities on the machine. These vulnerabilities are ubiquitous due to the nature of the computing environment. Even a computer that has all of the latest security updates to its operating system and applications may still be at risk because of previously undetected flaws. In addition, computer scan become infected by seemingly innocent outside sources such as CD-ROMs, email, flash drives, and web downloads. Therefore, it is important to use a product that provides continuously updatedprotectionagainst these exploits.Anti-virus software is widely available, well-tested to bereliable,and costs relatively little.well-tested to bereliable,and costs relatively little.... View Full Document

End of Preview

Sign up now to access the rest of the document