Cybersecurity Practices for Health Care Organizations~ RJ BLANCHARD BENEFIT SERVICES

Sub-Practices for Medium-Sized Organizations 1.M.A

Basic E-mail Protection Controls

NIST FRAMEWKORK REF: PR.DS-2, ID.RA-2, PR.PT-3, DE.CM-4, PR.AC-4, PR.AC-1, PR.AC-7

Standard antispam and antivirus (AV) filtering controls are basic protections that should be implemented in any e-mail system. Both are implemented directly on the e-mail platform. These controls assess inbound and outbound e-mails from known malicious senders or patterns of malicious content. Table 1 provides a list of suggested security implementations for e-mail protection controls. Table 1. E-mail Protection Controls Control 



Description

 Real-time blackhole 3 list

Community-based lists of IP addresses and host names of known or poten�al spam originators. Consider Spamhaus, Spamcop, DNSRBL, or lists provided by your e-mail vendor.

 Distributed checksum clearinghouse (DCC)

The DCC is a distributed database that contains a checksum of messages. E-mail messages go through a checksum algorithm and then checked against the database. Depending upon the threshold of checksum matches, these can be determined to be spam or malicious messages.



Open relays are Simple Mail Transfer Protocol (SMTP) servers that enable the relay of third-party messages. SMTP is cri�cal for the delivery of messages, but you must conﬁgure it to allow messages only from trusted sources. Failure to do this may permit a spammer or hacker to exploit the “trust” of your mail server to transmit malicious content.



Spam/virus checks on outbound e-mails can detect malicious content, revealing compromised accounts and poten�al security incidents. Review e-mail spam/virus rules as part of Cybersecurity Practice #8: Security Operations Center and Incident Response.



Scan all e-mail content against an AV engine with up-to-date signatures. If possible, this control should unpack compressed ﬁles (such as zip ﬁles) to check for embedded malware.



Removal of open relays



Spam/virus check on outbound messages



AV check

3. Murthy Raju, “Using RBL and DCC for Spam Protection,” Linux/com, last modified June 14, 2007, https://www.linux.com/news/using-rbl-and-dcc-spam-protection. 15

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Cybersecurity Practices for Health Care Organizations~ RJ BLANCHARD BENEFIT SERVICES

Articles inside

Appendix B: References

Table 13. Incident Response Plays for Attacks Against Medical Devices

Table 15. Acronyms and Abbreviations

Table 14. Example Cybersecurity Policies for Consideration

Cybersecurity Practice #9: Medical Device Security

Table 12. Timeframes for Resolving Medical Device Vulnerabilities

Table 11. Roles and Responsibilities for an Organizational CIRT

Table 9. Factors for Consideration in Penetration Test Planning

Cybersecurity Practice #6: Network Management

Cybersecurity Practice #8: Security Operations Center and Incident Response

Table 10. Example Incident Response Plays for IR Playbooks

Cybersecurity Practice #7: Vulnerability Management

Cybersecurity Practice #5: IT Asset Management

Table 7. Expanding DLP to Other Data Channels

Table 6. Data Channels for Enforcing Data Policies

Table 3. Example of a Data Classification Schema

Table 5. Security Methods to Protect Data

Table 4. Suggested Procedures for Data Disclosure

Cybersecurity Practice #4: Data Protection and Loss Prevention

Cybersecurity Practices at Medium-Sized Health Care Organizations

Table 1. E-mail Protection Controls

Cybersecurity Practice #3: Identity and Access Management

Cybersecurity Practice #2: Endpoint Protection Systems

Table 2. Basic Endpoint Controls to Mitigate Risk at Endpoints

Cybersecurity Practices at Large Health Care Organizations

Cybersecurity Practice #1: E-mail Protection Systems

Introduction