Cyber Security and Open Source Community Call Seong K. Mun, PhD Don Hewitt, CISSP OSEHRA Arlington, Virginia Webex: https://osehra.webex.com/osehra/onstage/g.php?M.

Slides:



Advertisements
Similar presentations
EDOS Workgroup Update July 16, 2013 Laboratory Orders Interface Initiative.
Advertisements

Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Calista AVCP Regional Energy Plan. Preliminary Planning and Stakeholder Involvement Resource Inventory and Data Analysis Develop and Review Draft Energy.
Roadmap for Sourcing Decision Review Board (DRB)
Summit 2011 Outcomes PRESENTED BY __________. About the Summit Over 180 application security experts from over 120 companies, 30 different countries,
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO] [ENTITY NAME] [FUNCTION CERTIFYING] Certification [LOCATION] – [DATES OF ON-SITE VISIT] [Presenter Name,
SOFTWARE QUALITY ASSURANCE Maltepe University Faculty of Engineering SE 410.
8/4/2015 Support Services Review (SSR) is a representative, responsive form of assessment and self-evaluation to ensure continuous quality improvement.
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
LSU 07/07/2004Communication1 Communication & Documentation Project Management Unit – Lecture 8.
Query Health Business Working Group Kick-Off September 8, 2011.
Electronic Submission of Medical Documentation (esMD) Author of Record Workgroup Wednesday June 20,
IWCE Conference - Project 25 Compliance Assessment Program and Beyond Wednesday, March 26, 2014 – 4:15-5:30 PM Chris Essid Deputy Director DHS Office of.
Security Assessments FITSP-A Module 5
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO] [ENTITY NAME] [FUNCTION CERTIFYING] Certification Review for [RELATED ENTITIES] [LOCATION] – [DATES OF ON-SITE.
Automate Blue Button Initiative Push Workgroup Meeting January 7, 2013.
Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?
Interoperability and Health Information Exchange Workgroup April 2, 2015 Micky Tripathi, chair Chris Lehmann, co-chair 1.
SALSA-NetAuth Joint Techs Vancouver, BC July 2005.
1 Collaboration and Concept Exploration Nationwide Health Information Organization (NHIO) Gateway March 28, 2007.
Larry Wolf, chair Marc Probst, co-chair Certification / Adoption Workgroup March 19, 2014.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Taking stock and next steps CCWG F2F, 23 March 2015.
Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.
EDOS Workgroup Update May 21, 2013 Laboratory Orders Interface Initiative.
EU-US eHealth/Health IT Cooperation Initiative Workforce Development Work Group August 22,
Larry Wolf, chair Marc Probst, co-chair Certification / Adoption Workgroup March 6, 2014.
PMC Update on Cyber Sprint June 18, Overview: 30-Day Cyber Sprint 1.Interagency Cyber Sprint Team: Launched June 11 and executing against the.
NIST / URAC / WEDi Health Care Security Workgroup Presented by: Andrew Melczer, Ph.D. Illinois State Medical Society.
Query Health Distributed Population Queries Implementation Group Meeting October 11, 2011.
The Future of our Colleges: Student Success ASCCC Futures Committee.
Lab Results Interface Validation Suite WG July 28, 2011.
January 8, 2009www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
Electronic Submission of Medical Documentation (esMD) Electronic Determination of Coverage PMD User Story & Harmonization August 7, 2013.
Ocean Observatories Initiative R2.0 Beta Test Field Report January 24, ION R2.0 Beta Test 2013-Jan-24 Field Report Susanne Jul, Carolanne Fisher,
LIGHT RAIL PERMITTING ADVISORY COMMITTEE COMMITTEE MEETING January 15, 2014|3:00PM -5:00PM | ROOM 1E-113.
Draft – discussion only Consumer Workgroup Christine Bechtel, chair Neil Calman, co-chair December 8, 2014.
FCT Communication Practices Agenda FCT specific communications – Scrum: Mon, Wed, Thur. – Weekly Call: Tuesday – Mentorship Presentations:
Lab Results Interfaces S&I Framework Initiative Bi-Weekly Initiative Meeting August 29, 2011.
NATIONAL CONVENTIONAL ARMS CONTROL AMENDMENT BILL Briefing to the Portfolio Committee on Defence 12 August 2008.
Taking stock and next steps CCWG F2F, 23 March 2015.
OSEHRA Interoperability Work Group (OSEHRA IWG) December 16, 2013 Mario G. Hyland Chair and Senior Vice President AEGIS.net, Inc. Interopguy.
Health eDecisions (HeD) All Hands Meeting February 21st, 2013.
California Department of Public Health / 1 CALIFORNIA DEPARTMENT OF PUBLIC HEALTH Standards and Guidelines for Healthcare Surge during Emergencies How.
1 Briefing on the TPB Transportation Planning Process Certification Summary Report Sandra Jackson Federal Highway Administration Transportation Planning.
CSBG ROMA NEXT GENERATION
Dial-in: Pass code: SPDG Grant Management PLC Webinar 524b SPDG Annual Performance Reporting 101: How to efficiently and effectively.
Department of Defense Voluntary Protection Programs Center of Excellence Development, Validation, Implementation and Enhancement for a Voluntary Protection.
CFS / Global – 09 June, 2010 PM Report: SB2009: –4 two-day workshops form the core of ‘TOP LEVEL CHANGE CONTROL’ –  as advised by AAP, PAC and etc –Written.
Cyber Security and Open Source Community Call Seong K. Mun, PhD President and CEO, OSEHRA Arlington, Virginia Webex:
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
December 17, 2014 popHealth® OSEHRA Update Fred Prior, PhD Special Projects Consultant Peter Li Director, Engineering Don Hewitt VP, Business Operations.
1 3:00 PM, EST. 2 Don Hewitt Vice President, Business Operations OSEHRA Ramina Toy Program Manager Brad Triebwasser.
Department of Defense Voluntary Protection Programs Center of Excellence Development, Validation, Implementation and Enhancement for a Voluntary Protection.
Lab Results Interfaces S&I Framework Initiative Bi-Weekly Initiative Meeting September 12, 2011.
Cybersecurity and Open Source Community Call Don Hewitt OSEHRA Arlington, Virginia Webex: TID=ed80e9e1ef fe28dc5f063d03edhttps://osehra.webex.com/osehra/onstage/g.php?M.
Open Source Policy Community Call 1:00 PM, Eastern Thursday, March 24, 2016 Seong K. Mun, PhD Don Hewitt Arlington, VA.
Join us for the 2017 OSEHRA Open Source Summit! summit.osehra.org
ONAP security meeting
Open Source Policy Community Call Seong K. Mun, PhD
Community Call: OSEHRA Response to VA RFI for ODHP Seong K. Mun, PhD
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO]
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO]
WELCOME Future Vision/Strategy Work Group (or words to that effect…)
NMDWS CONSORTIUM PROJECT Sue Anne Athens, CIO March 2014.
Request for Information
Critical Infrastructure Protection Committee
Jul 12, /12/10 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Response to PAR and 5C Comments.
Joint Application Development (JAD)
Presentation transcript:

Cyber Security and Open Source Community Call Seong K. Mun, PhD Don Hewitt, CISSP OSEHRA Arlington, Virginia Webex: TID=ed80e9e1ef fe28dc5f063d03edhttps://osehra.webex.com/osehra/onstage/g.php?M TID=ed80e9e1ef fe28dc5f063d03ed Call-in number: Access code: :00 pm (Eastern) Wednesday, March 23, 2016

Specific Questions and Lead Volunteers Workgroup Reports Question 1 Question 3 Question 4 Work Schedule Any Questions or Comments? Please Note: Calls are Recorded for Future Reference and Collected Documents are Open Agenda 2

OSEHRA Cybersecurity Workgroup Onboarding 1.Join OSEHRA as an Associate member (free)Join OSEHRA 2.Join Cybersecurity Workgroup to receive meeting notice and minutes.Join Cybersecurity Workgroup Workgroup Resources (located at the Group homepage)Group homepage –Section Leaders - –Reference Documents List –Draft Response Documents –Members Weekly Call Meetings (Weekly: Wed, 1:00 PM Eastern) –Webex: e1ef fe28dc5f063d03edhttps://osehra.webex.com/osehra/onstage/g.php?MTID=ed80e9 e1ef fe28dc5f063d03ed Call-in number: , Access code: Cybersecurity Workgroup 3

1.Does the open source community have a focus on cyber security? Mun - OSEHRA 2.Are projects to enhance cybersecurity proposed to OSEHRA by the open source community? If so, have any been completed? Hewitt – OSEHRA 3.Are there lessons learned from Red Hat/LINUX WRT cybersecurity that might be applicable to health IT? Hilburger – Redhat 4.What is the relationship of OSEHRA certification to cybersecurity? Hewitt - OSEHRA Need Lead Volunteers 4

OSEHRA does not (yet) Some examples in greater OS community – Available OS Security Resources – NIST – DHS (Q1) Focus on Cyber Security 5

Previous special project for vulnerability remediation –M2M Broker Vulnerability –Joint effort, closed project group under non-disclosure –Precedent and process established No project proposals for explicit security upgrades Project Metron and Apache NiFi proposed as items of interest VA has proposed an open source project for a code scanning tool (similar to HP Fortify) for M code –OSEHRA recommends enhancing the existing Xindex tool rather than starting from scratch –Most effective approach would be a funded community open source project (Q2) Open Source Projects 6

Are there lessons learned from Red Hat/LINUX WRT cybersecurity that might be applicable to health IT? (Q3) – Red Hat Reporting 7

8

9

10

11

12

What is the relationship of OSEHRA Certification to cyber security? Brief answer: OSEHRA Certification is intended as a prerequisite for, not a replacement of, the in-depth testing required for specific implementations. As such, while specific tools may be run during code review, OSEHRA does not intend to certify the security of code. However… (Q4) Certification 13

(Q4) Certification Components 14

Standards and Conventions Compliance –Critical aspect of security –Dependent upon quality / breadth of SAC rule base –Example: scope checking Susceptible to use of scanning tools –Fortify –Xindex (currently limited) (Q4) SAC Checking 15

Major advantage of open source – More eyes on code is better – Security through obscurity is a myth Proper facilitation is key – Bugs – Possible improvements – Possible (or definite) vulnerabilities Documented issues and results (Q4) Code Review 16

Continuous Unit Testing – Emergent best practice – Critical part of defense in depth – Required for higher OSEHRA certification levels M-Unit available for M code (Q4) Regression Testing 17

No overt security certification by OSEHRA Substantial contribution to security of incoming open source code – Use of automated scan tools – Open code review – Requirement for unit tests As tools improve (e.g. Xindex), OSEHRA contribution to security will increase (Q4) Summary 18

Weekly Calls 1:00 PM (Eastern) – Volunteer Leaders Will Facilitate Wednesday, March 30 Wednesday, April 6 Wednesday, April 13– SUBMISSION TO VA Workgroup Schedule 19

Thoughts? Comments? Questions? Closing… 20

Adjournment

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.