ABSTRACT
This chapter focuses on the steps that one should take to periodically validate and evaluate the technical security safeguards of applications, systems and network equipment. Access controls are used for limiting the number of individuals who can access patient information and determine their privileges within an application or system. Some system controls can be programmed to automatically disable inactive accounts, thus eliminating the need for a manual review of inactive accounts; for example, automatically disabling a user account when the last logon was more than 60 days. Assessment tools for web applications usually scan for Structured Query Language injection, cross-site scripting and many other types of vulnerabilities. Prior to conducting the active testing of computer systems, a security specialist usually does “reconnaissance” work to discover, through public means, as much information as they can that may be useful to an attacker about the organization’s network and systems.
