IDS is
pretty much a risk based countermeasure, not compliance driven by HIPAA.
Key network segments and servers may demand the oversight of an IDS...and audit
trail analysis of legacy applications may only be feasible using an IDS console
as the concentrator and analysis engine.
IDS
may have more compliance value for the evaluation and audit requirements of
HIPAA. Take the time to evaluate if its reasonable and
appropriate.
Bill
Dobson, CISSP
TrustWave Corporation
Donna,
There are A LOT more that six IDS providers, ranging form open-source
to extremely complex/expensive. While of course HIPAA does not specify an IDS
requirement, all Federal and Industry best practices for security speak to
using them in some form to build "defense in depth" - establishing DMZs, etc -
for maximum network protection.
IDSes come with a price though in terms of cost, operations, and
filtering. I would recommend some simpler IDSes being installed at
your network boundary.
Jim
Does
anyone know whether health care providers are using
or considering the use
of IDS (Intrusion Detection Systems) to comply with the
security regulations under HIPAA. We
understand that there are about six firms that provide this type
of service. Does anyone know of any
healthcare organizations that have purchased or are
considering this? Is it cost effective considering the level of risk for a 700 bed hospital or a 300 bed nursing
home? Thanks,
Donna --- The WEDI SNIP
listserv to which you are subscribed is not moderated. The discussions on
this listserv therefore represent the views of the individual participants,
and do not necessarily represent the views of the WEDI Board of Directors
nor WEDI SNIP. If you wish to receive an official opinion, post your
question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.
These listservs should not be used for commercial marketing purposes or
discussion of specific vendor products and services. They also are not
intended to be used as a forum for personal disagreements or unprofessional
communication at any time.
You are currently subscribed to
wedi-security as: [EMAIL PROTECTED] To unsubscribe from this list,
go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a
blank email to [EMAIL PROTECTED] If you need
to unsubscribe but your current email address is not the same as the address
subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org --- The WEDI SNIP listserv to which
you are subscribed is not moderated. The discussions on this listserv
therefore represent the views of the individual participants, and do not
necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP.
If you wish to receive an official opinion, post your question to the WEDI
SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should
not be used for commercial marketing purposes or discussion of specific vendor
products and services. They also are not intended to be used as a forum for
personal disagreements or unprofessional communication at any time.
You
are currently subscribed to wedi-security as:
[EMAIL PROTECTED] To unsubscribe from this list, go to the
Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email
to [EMAIL PROTECTED] If you need to unsubscribe
but your current email address is not the same as the address subscribed to
the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
|