Enterprise Security Program Overview Presenter: Braulio J. Cabral NCI-CBIIT/caBIG Enterprise Security Program Coordinator.

Slides:



Advertisements
Similar presentations
Whos the Architect? Credential Provisioning Network Access Directory Services Authentication, Authorization and Accounting Federation Single.
Advertisements

2/11/2014 8:44 AM The CDA Release 3 Specification Stack September 2009 HL7 Services-Aware Enterprise Architecture Framework (SAEAF)
Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
BENEFITS OF SUCCESSFUL IT MODERNIZATION
Delivering Digital Services Information Management Theme Presented By: Deborah Cowell, FAA, AIT Date:August 27, 2014.
Looking ahead: caGrid community requirements in the context of caGrid 2.0 Lawrence Brem 7 February 2011.
NCI Enterprise Security Program
Modeling with the ECCF SS ● UML Profile for ECCF ● UML Redefinition Semantics ● Compliance ● Consistency ● Conformance ● Validation ● Transformation ●
Adopt & Adapt Tips on Enterprise Data Management Annette Pence September 10, 2009 MITRE.
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
Knowledge, Skills, and Abilities Working Group Hua Min Jahangheer Shaik Natasha Sefcovic Kahn Aleksey.
1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
1 ECCF Training 2.0 Introduction ECCF Training Working Group January 2011.
Measurable Interoperability for Archival Data Lewis J. Frey, PhD
project management office(PMO)
Purpose of the Standards
December 3, 2010 SAIF Governance Framework A Brief Update on work to date.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
FHIM Overview How the FHIM can organize other information modeling efforts.
Internal Auditing and Outsourcing
Clinic Security and Policy Enforcement in Windows Server 2008.
Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.
Initial slides for Layered Service Architecture
NCI-CBIIT Security in the System/Services Development Life Cycle Presenter: Braulio J. Cabral CBIIT Enterprise Security Coordinator.
Continual Service Improvement Process
1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.
Computer Science and Engineering 1 Cloud ComputingSecurity.
Initial thoughts on a Global Strategy for the Implementation of the SEEA Central Framework Ivo Havinga United Nations Statistics Division.
SALSA-NetAuth Joint Techs Vancouver, BC July 2005.
CaBIG Semantic Infrastructure 2.0: Supporting TBPT Needs Dave Hau, M.D., M.S. Acting Director, Semantic Infrastructure NCI Center for Biomedical Informatics.
Cancer Clinical Trial Suite (CCTS): An Introduction for Users A Tool Demonstration from caBIG™ Bill Dyer (NCI/Pyramed Research) June 2008.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
CRIX: toward a secure, standards-based, clinical research information exchange.
Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.
CaBIG ® VCDE Workspace Tactics thru June 14, 2010: How working groups fit together, and other activities Brian Davis April 1, 2010 VCDE WS Teleconference.
Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.
CLARIN work packages. Conference Place yyyy-mm-dd
Geneva, Switzerland, April 2012 Introduction to session 7 - “Advancing e-health standards: Roles and responsibilities of stakeholders” ​ Marco Carugi.
1 Here to There (Gap Analysis) Architecture/VCDE Joint Face-to-Face June,3, 2010 St. Louis, Missouri.
1 ECCF Training 2.0 Introduction ECCF Training Working Group January 2011.
1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.
SAIF and VCDE Evolving VCDE Roles with SAIF Sherri de Coronado MS, MBA NCI VCDE lead Center for Biomedical Informatics & Information Technology.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Ex Libris Developers Network Develop. Experiment. Collaborate.
Behavioral Framework Background & Terminology. Behavioral Framework: Introduction  Background..  What was the goal..
What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
1 ECCF Training Computationally Independent Model (CIM) ECCF Training Working Group January 2011.
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
 Copyright 2005 Digital Enterprise Research Institute. All rights reserved. SOA-RM Overview and relation with SEE Adrian Mocan
1 HL7 SAIF Enterprise Conformance and Compliance Framework (ECCF) Overview Baris E. Suzek Bob Freimuth VCDE Monthly Meeting December, 2010.
Enterprise Architectures Course Code : CPIS-352 King Abdul Aziz University, Jeddah Saudi Arabia.
10/08/20041 © 2004 Pete Palmer Federated Identity Management and Regional Health Information Organizations Pete Palmer, Principal Security Analyst, Guidant.
C3PR: An Introduction for Users A Tool Demonstration from caBIG™ Vijaya Chadaram Duke Cancer Center April 29, 2008.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Integrated Public Alert and Warning System
Bob Jones EGEE Technical Director
EI Architecture Overview/Current Assessment/Technical Architecture
The Components of Information Systems
EOSC MODEL Pasquale Pagano CNR - ISTI
Enterprise risk management
Computer Science and Engineering
How To Identify and Reduce Business Risk
Data Governance & Management Skills and Experience
1 Envision 3 Outline 4 Design
Presentation transcript:

Enterprise Security Program Overview Presenter: Braulio J. Cabral NCI-CBIIT/caBIG Enterprise Security Program Coordinator

Topics NCI-CBIIT Enterprise Security Program Overview Vision and Mission Operational Security Framework Security and the Service-Aware Interoperability Framework The role of security in SAIF Architectural Deliverables Implementing security through the Enterprise Compliance and Conformance Framework (ECCF)

Topics Security as a Service Why moving towards SaaS caGrid Security Services Project Bridging the gap between security needs and caGrid 1.3/1.4 Project Scope What Should You Expect?

The NCI-CBIIT/caBIG Enterprise Security Program

The Vision A holistic Approach to Information Security Integrates community needs, business, strategy, and regulations Follows a well-defined framework for security Supports caBIG vision to Connect the cancer research community through a shareable, interoperable infrastructure Deploy and extend standard rules and a common language to more easily share information Build or adapt tools for collecting, analyzing, integrating and disseminating information associated with cancer research and care

The Vision

The Mission Support caBIG in its mission as an information network enabling all constituencies in the cancer community – researchers, clinicians, patients – to share data and knowledge to accelerate the discovery of new diagnostics and therapeutics, and improve patient outcomes

caBIG ES Security Framework Contextual Security Architecture The contextual architecture defines security business strategic goals, business vision and the security needs to accomplish the business strategy Contextual Security Architecture The contextual architecture defines security business strategic goals, business vision and the security needs to accomplish the business strategy Conceptual Security Architecture The conceptual architecture defines business attributes, and the business needs for security Conceptual Security Architecture The conceptual architecture defines business attributes, and the business needs for security Logical Security Architecture The logical architecture defines the security policy, security requirements, data sharing security needs, security services, privilege profiles Logical Security Architecture The logical architecture defines the security policy, security requirements, data sharing security needs, security services, privilege profiles Physical Security Architecture The physical security architecture is concerned with security rules, practice, procedures, and security mechanism Physical Security Architecture The physical security architecture is concerned with security rules, practice, procedures, and security mechanism Component Security Architecture The component architecture includes, security standards and procedures, security products and security tools, processes, and protocols Component Security Architecture The component architecture includes, security standards and procedures, security products and security tools, processes, and protocols Operational Security Architecture The operational architecture is concerned with assurance of operational continuity, risk management, security service management, and security metrics and performance Operational Security Architecture The operational architecture is concerned with assurance of operational continuity, risk management, security service management, and security metrics and performance The SABSA® Model

The role of security in the Services- Aware Interoperability Framework caBIG SAIF Approach to Security Security and the SDLC Inception, Elaboration, Construction, Transition Architectural Deliverables for Security Use-case model, Analytical model, Design model, Development model, Integration model, Testing model Implementing security through the ECCF Security in the Computational Independent Model (CIM) Use-cases for security (security requirements), security model Preliminary security risk assessment and security controls selection Security in the Platform Independent Model (PIM) Logical representation of security (policies, service contracts, services behavioral constraints) Security in the Platform Specific Model (PSM) Security tools, technology, standards, protocols Security in the Technology Bounding process (Testing security assertions)

Security as a Service Why moving towards SaaS Scalability Consistent security implementation Easier implementation of levels of assurance Ease of use Interoperable ECCF compliant Transitioning Strategy Service Integration Guide (allows the use of existing technology for authentication and authorization as services) Development of other services for security non-existing in the current infrastructure including de-identification, auditing, and data sharing policy service Service Integration Guide for new services

caGrid Security Services Project Advancing caGrid Security Infrastructure Authentication Third party credentials (InCommon, OpenID) Authorization Authorization at service level (CSM/GG) Other Services Audit Service Data sharing policy service De-identification service

What Should You Expect Current ActivitiesStatus caBIG Wiki page on Security Completed caGrid Security Policy handbooks – Completed (see wiki)Completed (see wiki) caGrid host agreement forms/policy – Completed (see wiki)Completed (see wiki) Security Services Project (auditing, de-identification, data sharing policies) In progress Service Integration Guide for caGrid 1.3/1.4In progress Third party credentials (InCommon, OpenID) integration projectIn progress

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.