Case Studies

SCVA Case-Study

Issue link:

Contents of this Issue


Page 0 of 1

SECURITY CONTROL VALIDATION ASSESSMENT CASE STUDY THE CLIENT A not-for-profit health system with multiple hospitals, medical groups, and medical centers located in California. THE SITUATION As a three-year managed service client, this organization works closely with the CynergisTek team to define short- and long-term goals towards being prepared, rehearsed, and resilient against cyber threats. When the covid-19 pandemic started, the organization, along with most of the country moved to a remote workforce, transitioned a fair amount of patient care to telehealth appointments and had deployed new technology in their network, including a new primary data center. This visibly increased the threat landscape, in addition to the number of ransomware attacks on healthcare providers, caused the organization to take a different perspective to understanding risk in their environment. Bottomline they wanted to know if… • Their people were trained adequately on how to use the new technology • Determine if there was redundancy in their tech stack • Understand if the processes they had in place were sufficient • If the technology implemented is configured and working as expected THE SOLUTION A Security Control Validation Assessment (SCVA) was performed to challenge the assumptions they had about their security posture. The primary purpose of an SCVA is to identify risk that is not uncovered during an annual risk assessment or through standard technical testing. Secondary objectives are verifying whether or not security controls are working and to show a positive or negative ROI that can often lead to an important board discussion that may lead to a change in business philosophy and commitment to securing their data, their patient's data and maintaining their highly regarded reputation in the community. During a SCVA, people, processes, and technology are tested against real world malicious attack scenarios using a suite of tools to perform testing under tightly controlled conditions. Afterwards a comprehensive report and interactive workshop was provided including a discussion of the process, results, and recommendations. Copyright © 2021 CynergisTek. All Rights Reserved. Undertand the Effectiveness of Security Controls

Articles in this issue

Links on this page

view archives of Case Studies - SCVA Case-Study