You are a network administrator at XYZ, a large, publicly traded healthcare organization. XYZ has 25 sites across the region, 2,000 staff members, and thousands of patients.
Protecting sensitive customer information is highly important to XYZ management and stakeholders. Due to the nature of business and HIPAA requirements, XYZ is audited regularly. Your manager wants you to identify five critical controls that are typically verified during a compliance audit. The controls should be a part of the CIS Security Controls (Formerly known as the SANS Critical Security Controls for Effective Cyber Defense).
Based on this organizational scenario, complete the following tasks:
· Identify five critical security control points throughout the IT infrastructure that must be verified for compliance.
· Formulate a plan to help the organization strengthen the security control points.
Write a report that addresses the tasks above.