Security Guidelines for Storage Infrastructure

Chandramouli, Ramaswamy; Pinhas, Doron

doi:10.6028/nist.sp.800-209

Cited by 4 publications

(8 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similarly, psychologists should seek wireless access point (WAP) routers that give them or their organization full network control access (Chandramouli & Pinhas, 2020;Grassi et al, 2020). These routers provide wireless access to a wired network.…”

Section: Network Controlmentioning

confidence: 99%

“…To limit the potential for viruses, Ransomware, or other malware, psychologists should utilize automated risk detection and prevention software. Such programs should not only provide general ongoing monitoring for all data on the system/ database, but also conduct scheduled scans of all the systems to ensure nothing has become compromised (Chandramouli & Pinhas, 2020;Grassi et al, 2020). As there is a multitude of free and paid malware software packages, psychologists are suggested to review each for specific features to meet their needs.…”

Section: Malware Software and Continuous Data Protectionmentioning

confidence: 99%

“…More specifically, psychologists or their organizations should: (a) identify the files that require backing up (vs. a full database level copy), (b) determine the time required for a restoration/repair, (c) determine the relationships among systems to understand any dependencies required to repair or restore the files (e.g., one file is used by multiple programs), (d) determine what backup files need to be secured offline (e.g., encryption keys, passwords, digital certificates or other information needed to reestablish business operations quickly), (e) plan to save more than one backup file following the 3-2-1 rule (i.e., keep three copies of important files that includes one primary and two backups, keep the files on two different media types, and store one copy off-site/outside of the business facility), (f ) develop response and recover procedures and determine the appropriate technical approach to generating backups (e.g., automatic vs. manual), and (g) test the plan (Bartock et al, 2016;NIST and NCCoE, 2020;Paulsen & Toth, 2016). Additionally, a full "point-in-time copy" (i.e., a copy of original data as it appeared at a point in time) of the entire database is recommended to occur on a set schedule (Chandramouli & Pinhas, 2020). Having such a system and plan can reduce disruptions to telehealth services that may arise from an impaired system/database.…”

Section: Data Backup and Recoverymentioning

confidence: 99%

See 2 more Smart Citations

Data security in the digital age: A consolidated guide for psychologists to understand Health Insurance Portability and Accountability Act-compliant telehealth.

Perle,

Frye,

McCoy

2024

Translational Issues in Psychological Science

View full text Add to dashboard Cite

Despite the exponential increase in psychologists' use of telehealth, literature has highlighted variable degrees of preparation to guide their digital practices. Due to the many unique aspects of the use of technology in clinical care, a lack of evidence-informed knowledge can negatively influence psychologists and their organizations, as well as affect patient outcomes. One of the more unique considerations of telehealth use is the data security of electronic protected health information. To ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA), as well as updates presented through the Health Information Technology for Economic and Clinical Health (HITECH) Act, psychologists must be aware of specific-methods to ensure data security in order to foster an ethical and legal practice, as well as mitigate issues. Due to the complex nature of data security, combined with limited graduate training or continuing education materials to guide psychologists in the use of telehealth, guides are needed to clarify recommendations for graduate-level trainees first becoming literate with telehealth, as well as for licensed psychologists, whether early career or seasoned. To address this gap, the current discussion provides a consolidated, psychologist-focused guide for data security recommendations that align with HIPAA and HITECH in efforts to support ethical and legal telehealth practices. Summarized topics include network controls, continuous data protection programs, data backup and recovery, passwords, encryption, business associate agreements, technological administrators, and data breach reporting methods.What is the significance of this article for the general public? Ethical and legal practice of telehealth involves ensuring data security of protected health information stored or transferred. This consolidated summary details specific evidence-informed strategies psychologists should employ to foster adherence to Health Insurance Portability and Accountability Act (HIPAA), thus optimizing telehealth services and security for their practice. Considerations for a HIPAA-compliant practice include network controls, continuous data protection programs, data backup and recovery, passwords, encryption, business associate agreements, technological administrators, and data breach reporting plans.

show abstract

Section: Network Controlmentioning

confidence: 99%

Section: Malware Software and Continuous Data Protectionmentioning

confidence: 99%

Section: Data Backup and Recoverymentioning

confidence: 99%

See 1 more Smart Citation

Data security in the digital age: A consolidated guide for psychologists to understand Health Insurance Portability and Accountability Act-compliant telehealth.

Perle,

Frye,

McCoy

2024

Translational Issues in Psychological Science

View full text Add to dashboard Cite

show abstract

“…The main concerns are about confidentiality, integrity and privacy of the outsourced data [2,3] CSPs are leveraging cryptography as lever for mitigating security concerns in order to strength confidence of end users on their services. Cryptography can be involved in two major levels of security, namely secure storage [11,[4][5][6][7] and secure gain provided by the solution. The lack of detailed technical information about the solution and about the span of its adoption by final cloud users make the final statement very difficult.…”

Section: Introductionmentioning

confidence: 99%

Secure Cloud Key Management based on Robust Secret Sharing

Bentajer¹,

Hedabou²,

Ennaama³

et al. 2021

Computer Science &Amp; Information Technology (CS &Amp; IT)

View full text Add to dashboard Cite

The aim of this paper is to propose a model to strengthen the security of key management in cloud computing, where the model is shared or entirely controlled by a non-trusted third party provider. Key management is not a straightforward matter for IT-teams, in addition to critical issues related to properly managing and securing the keys on providers’ infrastructures, they have to deal with concerns specific to multi-cloud key management. Hardware Security Module (HSM) solution that offers a secure on-premise encryption key management turned out be impracticable for widespread cloud deployment. HSM as a Service seems to be the best approach for key management in multi-cloud, but the service is wholly owned and managed by another cloud provider. In This paper, we present an efficient and secure cloud key management that fulfills the requirements of multi-cloud deployment. The proposed design splits the key into a blinded version of n shares that will be stored in encrypted format at the cloud provider side. To demonstrate the efficiency of the proposed design, we implement a fully featured prototype and evaluate its performance. Results analysis shows that the proposed design is highly efficient and can serve as a groundwork for using secret share as a way to protect keys in a multi-cloud environment.

show abstract

“…More people can only access information services with secure data transfer. Chandramouli & Pinhas (2020) argue that data encryption is a fundamental security method used to protect computer data stored outside of system memory to stop data theft and other malicious activities. Encrypted data makes essential documents much more secure as it makes them difficult to decrypt, even if lost or leaked.…”

mentioning

confidence: 99%

Comparative Analysis of Encryption Algorithms Using Simulation Technique

Yabo,

Aliyu,

Auyo

et al. 2024

CaJoST

View full text Add to dashboard Cite

The unprotected electronic document may be subjected to a data breach in which private or sensitive information is stolen, taken, altered, copied, communicated, viewed, or used without authorization. This study evaluates the four most common encryption algorithms like Data Encryption Standard (DES) Algorithms, Rivest Cipher2 Algorithm (RC2), Triple Data Encryption Standard (3DES), and Advanced Encryption Standard (AES). This aims to compare four (4) encryption algorithms using simulation in VB.NET programming approach that uses time and data size parameters to encrypt and decrypt data with greater efficiency. The simulation comparison technique using the VB.Net programming was adopted as the method for the study. A graphical user interface (GUI) was developed, and four algorithms were programmed to evaluate their performance based time and data size. As a result, the four Encryption Algorithms were evaluated and found that the Advanced Encryption Standard algorithm (AES) performs much faster in VB.Net.

show abstract

Security Guidelines for Storage Infrastructure

Cited by 4 publications

References 10 publications

Data security in the digital age: A consolidated guide for psychologists to understand Health Insurance Portability and Accountability Act-compliant telehealth.

Data security in the digital age: A consolidated guide for psychologists to understand Health Insurance Portability and Accountability Act-compliant telehealth.

Secure Cloud Key Management based on Robust Secret Sharing

Comparative Analysis of Encryption Algorithms Using Simulation Technique

Contact Info

Product

Resources

About