LibGuides: TIM-6735: Cybersecurity Threats and Vulnerabilities in Healthcare: Week 4 Resources

Week 4 Resources

Cybersecurity for Hospitals and Healthcare Facilities: A Guide to Detection and Prevention
Ayala, L. (2016). Cybersecurity for hospitals and healthcare facilities: A guide to detection and prevention [eBook edition]. Apress.
NOTE* If it is your first time accessing O’Reilly, it may prompt you to choose an institution. If so, select "Not Listed? Click Here" from the Institution List and sign in for access using your NU school email address.
Reading: Chapter 4
This chapter provides information on how cyber-physical attacks occur in an entire medical facility infrastructure.
Reading: Chapter 5
This chapter provides information on types of insider threats that can occur in a healthcare facility.
Building Blocks of Cyber Intelligence
Office of the Director of National Intelligence (n.d.). Cyber threat framework. ODNI.
This web page provides details on the layout of the cyber threat framework, including the stages, objectives, actions, and indicators used to document internal and external actions.
Application of the Common Cyber Threat Framework-Lexicon
Office of the Director of National Intelligence (2018). Application of the Common Cyber Threat Framework. ODNI.
Application of the Common Cyber Threat Framework-Use Cases
Office of the Director of National Intelligence (2018, July). Application of the common cyber threat framework. DNI.
This unclassified document demonstrates the application of the cyber threat framework through the stages of preparation, engagement, presence, and effect/consequence. Specific examples of documentation and reporting are provided.

Week 4 Optional Reading

Health Industry Cybersecurity Practices White Paper Archive
Health-ISAC (HHS). (n.d.). White paper archive. H-ISAC.
This website provides informative white papers on a variety of cybersecurity topics in healthcare, including medical device cybersecurity lifecycle management.
A Framework for Reasoning about the Human in the Loop
Cranor, L. F. (2008). A framework for reasoning about the human in the loop. In Proceedings of the 1st Conference on Usability, Psychology, and Security (UPSEC’08). USENIX Association, USA, Article 1, 1–15.
This article details the importance of considering the “human in the loop” when approaching cybersecurity responses and planning. The author makes a case for maximizing the probability of successful security outcomes before, during, and after human interaction with the system.