Platform X - Cybersecurity Threat Intelligence Sources Standard

This is the standard Platform X Procedure Template
  1. Purpose
    1. The purpose of this document is to provide the Platform X threat intelligence source standard
  2. Definitions
    1. Electronic Protected Health Information (ePHI): Any individually identifiable health information protected by HIPAA that is transmitted or stored in electronic media.
    2. Threat Intelligence: cyber threat information that has been evaluated for its integrity and reliability, provided from a trusted entity, used to reduce uncertainty in threat identification. A security professional with extensive knowledge of a given environment can determine what pieces of threat intelligence are applicable to their specific environment.
  3. Standard Sources
    1. UW-Madison Office of Cybersecurity
      1. MIST meetings and MIST email distribution list information
      2. Cybersecurity vulnerability and threat announcements via Tech Partners
      3. Presentations in HIPAA Operations Committee meetings
    2. Multi-State Information Sharing and Analysis Center
    3. SANS
      1. SANS News Bites
      2. SANS "OUCH!" News Letter
      3. SANS Institute email distribution list
    4. OCR (Office for Civil Rights) Security announcements
      1. via the OCR Security distribution list
    5. Educause Security Listserv
    6. CVE via Qualys
  4. Responsibilities
    1. The CHI2 Data Security Officer, in conjunction with the CHI2 system owner will review one or more of the threat intelligence sources listed in this standard, distill which announced vulnerability-threat combinations are applicable to Px and take the appropriate action based on a risk analysis score created by one or both parties.
    2. Tasks for addressing the vulnerabilities are prioritized by risk to Px, as calcuated in IV.(A), and assigned to the DevOps or SecDevOps team for remediation.


Keywords:
Procedure,Template, Platform X, Px, cybersecurity, threat, threats, vulnerabilities 
Doc ID:
113461
Owned by:
Tom C. in SMPH Research Informatics
Created:
2021-09-03
Updated:
2024-08-19
Sites:
SMPH Research Informatics , SMPH Research Informatics TEST