Cyber security safeguards are protective measures and controls prescribed to meet the security requirements specified for an information system.
Safeguards may include
security features, management constraints, personnel security, and security of
physical structures, areas, and devices.
The 3 categories for
data protection safeguards are administrative, physical, and technical which
are intended to ensure the confidentiality, integrity and availability of data
files and records.
Administrative
Safeguards
Administrative data
protection safeguards or procedural controls refer to approved policies,
procedures, standards and guidelines for running the business. From a security
standpoint, they include access requests and approvals, periodic access
reviews, supervision, and training.
Administrative
safeguards are operational processes and procedures which are used to control
an individual’s access to systems and data.
Physical Safeguards
Physical safeguards are
physical measures, policies, and procedures to protect a covered entity’s
electronic information systems and related buildings and equipment from natural
and environmental hazards, and unauthorized intrusion. The standards under
physical safeguards include facility access controls, workstation use,
workstation security, and device and media controls. The Security Rule requires
covered entities to implement physical safeguard standards for their electronic
information systems whether such systems are housed on the covered entity’s
premises or at another location.
Technical Safeguards
Technical data
protection safeguards in a broader sense are the system controls and tools
which are designed to protect data such as user authentication and passwords,
account lockout during extended inactivity periods, and network intrusion
prevention or detection controls. Another example of technical safeguard is
system configuration to require strong passwords from our associates and lock
the system down if too many unsuccessful attempts are made to gain entry to the
system.
Technical Safeguards
involve the hardware and software components of an information system,
including:
- Identification and authentication
- Encryption
- Firewalls
- Malware protection
- Application design
No comments:
Post a Comment