Request A Consultation

Take a Cue from Healthcare With Cyber SOAP Note

By: Tim Coleman, Vice President of Secured Managed Services at Cerberus Security

More Than Just a Test

In the early 1970s, during the nascent stages of the internet, cybersecurity paralleled the rise of information technology as both a response to perceived security issues and as a concerted effort to better understand computer programming. In fact, the first computer viruses were developed in-house and served as a type of security test. 

One of these first viruses, “Creeper,” actually earned its name from the cartoon Scooby Doo. In 1971, BBN computer programer Bob Thomas created the experimental program Creeper – when a computer was infected, a message read: “I’m the creeper, catch me if you can!”  Collective learning from these tests was integral to the advancement and eventual widespread adoption of computing technologies across industries. 

Take a Cue from Healthcare With Cyber SOAP Note featured image

Learn Everywhere

The Information Age, defined by the internet as we know it, continues to shape and be shaped by both internal and external forces, as experience drives innovation and innovations shape user experiences. 

When seeking novel solutions to issues that are siloed in a specific industry, looking outside your industry or in analogous fields, has the potential to create powerful synergies.  As it is, terms so commonly associated with cybersecurity like “virus,” “worms,” or even “Trojan,” all made their linguistic debuts outside of IT culture and have helped to define thinking in and around the industry. 

Could Cybersecurity Learn from Healthcare? 

Taking a step back and tapping into larger or other pools of knowledge, through open innovation, can lead to those breakthrough moments that your organization might be looking for. 

The Healthcare industry makes use of a thoughtful, transparent, and thorough approach to documentation by using the SOAP Note, which stands for Subjective, Objective, Assessment, and Plan. The SOAP note is a widely used method of documentation for healthcare providers. The standardization and widespread use of the SOAP note was theorized by Dr. Larry Weed a half a century ago. The inspiration came when he found a lack of documentation in the practice of medicine. 

The standardization of information sharing to enable faster diagnosis and treatment is a best practice that has the potential for widespread application across industries, especially in creating a cybersecurity culture. In cybersecurity, this would translate into standardized and rapid information sharing among professionals to enable faster, better decision-making and prevention of cybersecurity events.

The existing SOAP protocol in cybersecurity is a messaging protocol. This means that SOAP security is primarily concerned with preventing unauthorized access to messages and users information, thus establishing Web Standards Security, through the controls of extensibility, neutrality, and independence.  SOAP security protects sensitive data that may otherwise fall into the wrong hands. It is a means of integrating security into the APIs infrastructure and protecting the interests of your clients. 

Expanding the framework of SOAP in cybersecurity to that of the healthcare industry, as outlined in the SOAP note, would provide enhanced intelligence sharing that could be used to assess, diagnose, and treat a cybersecurity event through accrual and review of open source documentation across IT environments.

Organizations will still need to invest in qualitative and quantitative tools as well as experts to know how to make sense of and take action from the information shared with them. Sharing data across organizations–with increased transparency–can better equip the global cybersecurity community to better protect businesses, governments, and organizations.

A Rising Tide Lifts All Boats

Working together to create productive and sustainable working environments will foster economic development and prevent the devastating setbacks caused by a data breach or ransomware attack. It is the aspiration that data can come from governments, large and small companies, and cybersecurity organizations from around the world to be able to create a stronger network of interconnected intelligence, so as to mitigate threats from cybercriminals and international bad actors. 

If you are ready to improve your organization’s cybersecurity culture. reach out to CISO Global today!