HealthcareCISO

In response to the growing threat of identity-centric cyberattacks in healthcare, the Health Information Sharing and Analysis Center has published a framework for managing identity for the full work lifecycle of employees, practitioners, patients and business partners.

The white paper, H-ISAC Framework for CISOs to Manage Identity, lays out the groundwork for how to guard against common attacks on identity, lower risk and increase operational efficiencies.

Key steps, H-ISAC says, include creating identity directories and figuring out proper levels of authorization, authentication and access.

"The framework we've outlined is not a one-size fits-all approach, however," H-ISAC notes. "Depending on your organization's particular environment or uses cases, the framework components may be applied differently."

Keith Fricke, principal consultant at tw-Security, tells Information Security Media Group that an identity framework is a helpful way to teach correct procedures.

"Most organizations use one or more frameworks," Fricke says, although smaller facilities may lack the budget or staffing to implement the guidelines.

Identity Governance
The H-ISAC framework calls for creating an