In this chapter, you will learn to
Appreciate the evolution from information security to cybersecurity
Recognize application of information confidentiality, integrity, and availability
Understand fundamental cybersecurity terms
Explain data encryption and identity access management
Become familiar with information assurance practices such as business continuity and systems recovery
Some people who read this book will already have years of experience in information technology or security. Some may even have certifications such as CISSP (Certified Information Systems Security Professional) or CISA (Certified Information Systems Auditor). This chapter will be a refresher for those readers, but do not bypass it. One of the changes taking place, even as this book is written, is the evolution (or revolution) from information security to cybersecurity. As mentioned previously, this text brings together readers from other traditional areas of information protection that principally applied to privacy concerns or medical device technology that is now more networked. Therefore, the focus of Chapter 8 is on providing a solid foundational understanding of cybersecurity concepts, especially with non-cybersecurity professionals in mind. So, if you come to this chapter with a healthcare professional background that now includes responsibility for cybersecurity, you will benefit.
Healthcare organizations are similar to every other industry that must collect and use sensitive information to produce a good or perform a service. As such, healthcare organizations generally must adhere to information protection practices. What increases the importance of risk management in healthcare is the merging of a traditionally robust effort to protect patient privacy and the digitization of health information. With digitization brings cybersecurity requirements and new professional skill requirements for healthcare workers. There is a terrific amount of information to try to understand, and it may be too much to expect anyone to be an expert in both privacy and cybersecurity. However, healthcare employees are finding it almost impossible to be successful with privacy responsibilities without a fundamental understanding of cybersecurity and vice versa.
Evolving Information Security to Cybersecurity
The difference between information security and cybersecurity is a subject of debate. For many, there is really no difference except that cybersecurity as a term recognizes the evolution from paper-based record collection to digital information collection, storage, use, and transfer in just about every organization across the globe. Cybersecurity is increasingly the more appropriate term for how such information is protected, and this is especially true in the United States. This text would not be current if it did not at least address the terminology. The next two sections of this chapter present relevant sources for information security and cybersecurity, providing the focus and definitions for each. Depending on the location of your organization, in the United States or internationally, the terms may be used synonymously or a distinction may still exist between the two.
ISO/IEC 27001, Information Security Management, is an information security standard published by ...