Platform X - Cybersecurity Threat Intelligence Sources Standard

This is the standard Platform X Procedure Template

Purpose
1. The purpose of this document is to provide the Platform X threat intelligence source standard
Definitions
1. Electronic Protected Health Information (ePHI): Any individually identifiable health information protected by HIPAA that is transmitted or stored in electronic media.
2. Threat Intelligence: cyber threat information that has been evaluated for its integrity and reliability, provided from a trusted entity, used to reduce uncertainty in threat identification. A security professional with extensive knowledge of a given environment can determine what pieces of threat intelligence are applicable to their specific environment.
Standard Sources
1. UW-Madison Office of Cybersecurity
2. Multi-State Information Sharing and Analysis Center
3. SANS
4. OCR (Office for Civil Rights) Security announcements
  1. via the OCR Security distribution list
5. Educause Security Listserv
6. CVE via Qualys
Responsibilities
1. The CHI2 Data Security Officer, in conjunction with the CHI2 system owner will review one or more of the threat intelligence sources listed in this standard, distill which announced vulnerability-threat combinations are applicable to Px and take the appropriate action based on a risk analysis score created by one or both parties.
2. Tasks for addressing the vulnerabilities are prioritized by risk to Px, as calcuated in IV.(A), and assigned to the DevOps or SecDevOps team for remediation.

Keywords:

Procedure,Template, Platform X, Px, cybersecurity, threat, threats, vulnerabilities

Doc ID:

113461

Owned by:

Tom C. in SMPH Research Informatics

Created:

2021-09-03

Updated:

2024-08-19

Sites:

SMPH Research Informatics , SMPH Research Informatics TEST