- Cybersecurity Task Force Urges IT Infrastructure Improvements
- HIMSS Finds Improved HIT Network Security Infrastructure
The update also includes more efficient and cost-effective ways to manage infrastructure as organizations prepare for upgrade over the next several years.
In the draft, NIST encourages organizations to facilitate better communication among C-level executives and the IT department to make sure they are always on the same page. Better communication will convey acceptable limits for security protocols and implementation for better control and overall understanding.
The update also emphasizes the need to establish organization-wide identification of common controls so everyone in the organization is operating on the same privacy and security baseline. This will reduce individual system workloads and cut costs.
Consolidation of health IT infrastructure should also optimize systems and applications and reduce network complexity.
Looking to the future, the update encourages organizations to identify what systems have priority for updates. These high-impact systems can be moved to the cloud to reduce infrastructure footprints.
The new framework is a response to the President’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, according to a blog post by NIST Fellow Ron Ross.
“NIST Special Publication 800-37, Revision 2, empowers customers to take charge of their protection needs and provide security and privacy solutions to support organizational missions and business objectives,” said Ross. “It includes a new organizational preparation step, instituted to achieve more timely, effective, efficient and cost-effective risk management processes.”
“The enterprise-wide preparation also facilitates the identification of common controls and the development of organization-wide tailored security and privacy control baselines,” Ross continued. “This significantly reduces the workload on individual system owners, provides more customized security and privacy solutions, and lowers the overall cost of system development and protection.”
Implementing advanced technology to increase the protection and efficiency of high-value assets, such as EHRs and data center technology. Considering moving systems to the cloud or using virtualization to consolidate workloads give organizations more visibility and control over their assets. This increases security as well as workflow.
“Such complexity reduction is critical to identifying, prioritizing and focusing organizational resources on high-value assets that require increased levels of protection — taking steps commensurate with risk such as moving assets to cloud-based systems or shared services, systems and applications,” Ross explained.
“The transformation to consolidated security and privacy guidelines will help organizations strengthen their foundational security and privacy programs, achieve greater efficiencies in control implementation, promote greater collaboration of security and privacy professionals, and provide an appropriate level of security and privacy protection for systems and individuals,” he concluded.
Objectives will be different for each organization, however these guidelines will help entities reduce their infrastructure footprint to improve workflows and cut costs.