On Aug. 21, the Cybersecurity and Infrastructure Security Agency published guidance concerning best practices for event logging of security concerns in order to fight cyberthreats.
The document, reported by Coronis Health citing the American Hospital Association, was developed with input from the FBI, the National Security Agency and multiple international cybersecurity agencies. It outlines recommendations to "improve organizational resilience in the current cyberthreat environment," according to the AHA.
The CISA guidance broadly defines "event logging" and gives a summary of what it should entail, including network visibility as a key component of continuing operations and improving system security and resilience.
In a Sept. 11 blog post, Coronis Health highlighted four key aspects to consider in building best practices for cybersecurity:
1. Enterprise-approved event logging policy
2. Centralized event log and access correlation
3. Secure storage and event log integrity
4. Detection strategy for relevant threats
In his comments on the new CISA security guidance, AHA's deputy national advisor for cybersecurity recommended hospitals store log data for at least one year. He also underscored the discounted services offered by Microsoft for rural hospitals who might need assistance in adhering to the guidance recommendations.