Healthcare security and privacy breaches are occurring in the United States (US), and increased substantially during the pandemic. This paper reviews the National Institute of Standards and Technology (NIST) publication base as an effective solution. The NIST Special Publication 800-66 Revision 1 was an essential standard in US healthcare, which was withdrawn in February 2024 and superseded by SP 800-66 Revision 2. This review investigates the academic papers concerning the application of the NIST SP 800-66 Revision 1 standard in the US healthcare literature. A systematic review method was used in this study to determine current knowledge gaps of the SP 800-66 Revision 1. Some limitations were employed in the search to enforce validity. A total of eleven articles were found eligible for the study. Consequently, this study suggests the necessity for additional academic papers pertaining to SP 800-66 Revision 2 in the US healthcare literature. In turn, it will enhance awareness of safeguarding electronic protected health information (ePHI), help to mitigate potential future risks, and eventually reduce breaches.
近年来,美国商务部国家标准与技术研究所(National Institute of Standards and Technology,NIST)陆续发布或更新了针对太空系统空间段、控制(地面)段、用户段等部分及混合太空网络的网络安全风险管理跨部门报告,以风险管理为基础,建立了一个主要步骤为识别、保护、检测、响应和恢复的太空系统网络空间安全管理的框架。对该系列报告内容进行了介绍,并总结了对我国太空网络安全建设方面的启示。
Saudi Arabian banks are deeply concerned about how to effectively monitor and control security threats. In recent years, the country has taken several steps towards restructuring its organizational security and, consequently, protecting financial institutions and their clients. However, there are still several challenges left to be addressed. Accordingly, this article aims to address this problem by proposing an abstract framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and International Organization for Standardization/International Electrotechnical Commission (ISO/IEC 27001). The framework proposed in this paper considers the following factors involved in the security policy of Saudi banks: safety, Saudi information bank, operations and security of Saudi banks, Saudi banks’ supplier relationships, risk assessment, risk mitigation, monitoring and detection, incident response, Saudi banks’ business continuity, compliance, education, and awareness about all factors contributing to the framework implementation. This way, the proposed framework provides a comprehensive, unified approach to managing bank security threats. Not only does the proposed framework provide effective guidance on how to identify, assess, and mitigate security threats, but it also instructs how to develop policy and procedure documents relating to security issues.
