Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Suppose you are an experienced IT professional or consultant working in the private sector. You get a new job working in the US Healthcare industry. On starting your new job, you learn about the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the consequences of failure to comply with it. As an IT professional, you understand that a crucial component of mitigating cyber threats is to implement server hardening, but how does this relate to HIPAA?

Before we move forward with our exploration of HIPAA, HITRUST, and server hardening, let’s review what we learned in Part One. We began as experienced IT professionals and consultants working in the private sector, after starting a new job in the US Healthcare industry.

The Payment Card Industry Data Security Standard (PCI DSS) is a global initiative that provides a consistent, baseline framework of security measures, facilitating their adoption and implementation. PCI DSS Requirement 2.2 states that System components are configured and managed securely. In this guide, we will provide the necessary background and context to understand and comply with Requirement 2.2.

Linux distributions, such as Red Hat Enterprise Linux (RHEL), dominate the enterprise and cloud computing sectors. One of the many reasons for the success and popularity of Linux is its support of convenient and straightforward remote access protocols, such as Secure Shell (SSH). In the right hands, SSH’s ability to securely access remote servers enables access to any Linux server, regardless of the environment. The problem is that, in the wrong hands, SSH can be a security nightmare.