lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: shrdlu at deaddrop.org (Etaoin Shrdlu) Subject: More Unusual request First, I must say I'm surprised that the only two posts I've seen in answer to this have come from folk whom I suspect have absolutely NO experience with HIPAA. The answer here needs to be more specific to the problem. Eric Wright wrote: > > Seeing the positive and helpful comments from the before mentioned thread > 'Unusual request', I would also like to ask for help. I work for a company > that deals a good bit in healtcare and with the hippa requlations coming > down the pipe I have been asked to help with the security aspects of our > network. First, if you are attempting to help address HIPAA, then the security aspects you need to address are quite specific, and already well documented. I can only hope that you are working with others in this matter, and have not been cast alone on the waters, in some strange belief that there is anything you can possible do in the very short time before these requirement come into effect. As others have requested, you really need to supply more information. What exactly is your role? How many others are helping you? Is there an IT audit group of some sort that is charged with ensuring various portions of the company? Have you someone whose specific task it is to know whether you are complying with HIPAA, and you are just trying to harden the network? > I have been in the comp field for a number of years but am fairly > new to security (at least to the depth that I need now). I am only asking > for help, knowledge, experience, guidance, or anything else that would be > useful. You may or may not have come to the right place, depending on your answers to the questions above. If this is your company's first real attempts at addressing HIPAA, run, don't walk, to the nearest group of want ads. You're in a lot of trouble. Unless your company is very, very small, with a very limited budget, hearing that you are "new to security" is not good. You need to acquire a consultant that is NOT new, and is well-versed in the specific industry you are in, and that needs to be done yesterday. If there isn't the budget for that, tell them you don't want the job. > It's easy to search for exploits and run them but what I am after > is an "Understanding". I am not a programmer so code is a new area and > challenge. I need help in understanding the exploits and how to search for > them and diagnose them on our network. You should not be concerned with "exploits" but rather with hardening your network. I suspect that it is something older, and I'm wondering if it is the usual shop of ex-mainframe types transferring all they know and do to a pile of PCs, without the requisite knowledge that would keep them safe. You have already identified precisely who and where you work (don't you just LOVE hotmail), so I can see that it is indeed a medical place of business, and that you really, truly do need help. > I would like to work on a personal > basis with anyone who is willing to help, but could also go directly through > this board, if that is a better way. Thanks in advance. Putting more public information on this, or any mailing list, would be a bad idea for you, since it seems that you are quite open in your inexperience. I answer publically in the awareness that this list is archived, and that there may be other innocents also reading who will gain information from this. I have a certain experience in HIPAA and similar privacy issues, and can point you in helpful directions if you'd like to take this off line. -- Open source should be about giving away things voluntarily. When you force someone to give you something, it's no longer giving, it's stealing. Persons of leisurely moral growth often confuse giving with taking. -- Larry Wall
Powered by blists - more mailing lists