Overview:
Procedures for guarding against, detecting, and reporting malicious software.
Action Items:
1) Obtain and review documentation demonstrating that the procedures for guarding against, detecting, and reporting malicious software are incorporated in the security awareness and training program. Elements to review may include but are not limited to: The malicious software protection mechanism that has been implemented; Information system protection capabilitiesWorkforce members' roles and responsibilities in malicious software protection procedures; Steps to protect against malicious software; Steps to detect malicious software; Action(s) to be taken in response to malicious software detection.
2) Obtain and review documentation demonstrating that procedures are in place to guard against, detect, and report malicious software. Evaluate and determine whether such procedures are in accordance with malicious software protection procedures included in the training material.
3) Obtain and review documentation of the workforce members who should be trained on the procedures to guard against, detect, and report malicious software.
4) Obtain and review documentation of the workforce members who were trained on the procedures to guard against, detect, and report malicious software. Evaluate and determine if appropriate workforce members are being trained on the procedures to guard against, detect, and report malicious software.
Related Documents:
1) Documentation demonstrating that the procedures for guarding against, detecting, and reporting malicious software are incorporated in the security awareness and training program.
2) Documentation of the workforce members who should be trained on the procedures to guard against, detect, and report malicious software.
Additional Guidance:
Malicious software can be thought of as any program that harms information systems, such as viruses, Trojan horses or worms. As a result of an unauthorized infiltration, EPHI and other data can be damaged or destroyed, or at a minimum, require expensive and time-consuming repairs. Malicious software is frequently brought into an organization through email attachments, and programs that are downloaded from the Internet. Under the Security Awareness and Training standard, the workforce must also be trained regarding its role in protecting against malicious software, and system protection capabilities. It is important to note that training must be an ongoing process for all organizations.
Article ID: 449
Created: September 28, 2022
Last Updated: September 28, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/hipaa-protection-from-malicious-software-164-308-a-5-ii-b-449.html