TIM-6735

Ayala, L. (2016). Cybersecurity for hospitals and healthcare facilities: A guide to detection and prevention [eBook edition]. Apress.
NOTE* If it is your first time accessing O’Reilly, it may prompt you to choose an institution. If so, select "Not Listed? Click Here" from the Institution List and sign in for access using your NU school email address.
Reading: Chapter 1
Chapter 1 provides information on hacker reconnaissance in a healthcare network environment detailing various attack vectors, targets, and behaviors on the network.

The Homeland Security Systems Engineering and Development Institute. (HSSEDI). (2018, April 7). Cyber threat modeling: Survey, assessment, and representative framework. MITRE Corporation.
Reading: Section 5 (Initial Cyber Threat Model) pages 60-79 and Appendix A (Modeling Constructs) pages 86-93.
The appendix provides a threat modeling construct to be used specifically based on the technical context of application to develop a suitable threat model.

Sion, L., Yskout, K., Van Landuyt, D., van den Berghe, A., & Joosen, W. (2020). Security threat modeling: Are data flow diagrams enough? In Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops (ICSEW'20). Association for Computing Machinery, 254–257.

Stobert, E., Barrera, D., Homier, V., & Kollek, D. (2020). Understanding cybersecurity practices in emergency departments. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (CHI '20). Association for Computing Machinery, 1–8.
This journal article discusses the unique operational requirements of hospital emergency rooms, the extent of computer and medical device usage, and the cybersecurity implications.

Envision, I. (2013). The HIPAA rule: Healthcare privacy, security, and enforcement [Video/DVD]. Envision, Inc.
This video explains the importance of protecting personal health information in the healthcare industry.

(ISC)2 (n.d.). (ISC)2 The HCISPP Certification.
Healthcare security certification.
The HCISPP certification combines cybersecurity skills with privacy best practices and techniques. The information provided details skills acquisition in security and privacy controls to protect healthcare organizations using policies and procedures established by the cybersecurity experts at (ISC)².

Virtue, T., & Rainey, J. (2014). HCISSP study guide. ProQuest Ebook Central. https://ebookcentral.proquest.com
This e-book is a valuable reference on core cybersecurity issues in the healthcare industry. Specifically, the topics of regulatory environment, privacy and security, information governance and risk management, information risk assessment, and third-party risk management are discussed.

The Information Technology Information Sharing and Analysis Center. (n.d.). In the news.
The IT-ISAC website is an officially sanctioned source of information for IT departments in important government and enterprises by the FBI, Critical Infrastructure areas defined by DHS, and InfraGard. Focus on the news articles listed at the top of the current year column to get the latest news in the field of cybersecurity. This website is a valuable tool as a reference.

Siegel, C.A., & Sweeney, M. (2020). Cyber strategy: Risk-driven security and resiliency. Auerbach Publications.
This e-book describes cybersecurity strategies using several of the industry-standard frameworks discussed in this class. Some of the topics detailed are cyber risks and controls, current and target statement assessments, and measuring cybersecurity plan performance. This e-book is a valuable tool to have as a reference, and specific chapters are valuable resources for the weekly assignments.