The biggest challenge in ensuring HIPAA data security is people. At its core, HIPAA compliance is simply about maintaining patient privacy by ensuring the appropriate access to and use of patient data by your users.
Due to the growing and ever-changing digital market, the EU took a major step to protect EU citizens’ personal data and privacy rights in today’s digital world. From proposal to adoption, the General Data Protection Regulation (GDPR) took over four years to become law regulating the data collection and security during processing and movement of personal data of EU citizens. The GDPR is applicable in all EU markets/countries, including by association, Norway, Switzerland, and the UK.
In Mr. Robot‘s episode 9 of season 2 (13:53), Angela Moss needs to obtain the Windows domain password of her superior, Joseph Green, in order to download sensitive documents that would potentially incriminate EvilCorp. Since her attack requires physical access to his computer, she starts with a good old-fashioned social engineering attack to get the only currently present employee in the office to leave.
Forseti Security is open source security tool built for Google Cloud Platform. It can keep track of your environment, monitor your policies and even enforce in the future. The install is pretty simple since it’s contained within a Deployment Manager template. Deployment Manager automates infrastructure deployments of Google Cloud Platform resources. I’m going to highlight some of the notes from the official Forseti documentation in this post for completeness.
With the proper auditing enabled (Logon/Logoff – Logon (Failure)) and EventSentry installed however, we can permanently block remote users / hosts who attempt to log on too many times with a wrong password. Setting this up is surprisingly simple.