Cyber-Security for Healthcare Jim Rice Director, Security Consulting During this presentation, we will review the Security Consulting services offered to Sirius clients
Professional Profile: Dr. Jim Rice Jim Rice is a Director of Security Consulting Services for Sirius Computer Solutions. After joining Sirius in 2000, he has worked with clients in a wide variety of industries - including healthcare, financial services, government, manufacturing, and insurance; addressing a wide variety of IT optimization, availability, recoverability, security, regulatory response, IT service deployment, and IT service governance challenges. He has been responsible for building Consulting, Enterprise Architecture, and Security Consulting capabilities ensuring client solutions are optimized for business. Jim holds degrees in electrical engineering, business information systems, an MAPM, and an MBA. Jim holds a doctorate in organizational leadership and information systems technologies. His dissertation examined the correlation between IT governance maturity and patient care costs in United States healthcare systems. Jim is ITIL v2 and v3 certified. He holds an IBM healthcare industry masters certification. He was a member of the ISO/IEC JTC 1, WG6 focusing on IT service governance standards. Jim is a Research Fellow for the Center for Global Business Research and mentors doctoral students in the University of Phoenix, School of Advanced Studies. Jim is also on the board of directors for the Minnesota chapter of HIMSS. jim.rice@siriuscom.com jamescrice@email.phoenix.edu 612-384-7709 (m) 210-918-9462 (w) Hello. My name is Jim Rice. I am the director of the IT consulting team that delivers security solutions services to our clients. I have had the privilege of working with the IT consulting team for more than 13 years. During my tenure, it has been my pleasure to work with some of the best and most talented business and technology consultants in the industry. The IT consulting team brings to Sirius clients, in a wide variety of industries, decades of business process and industry specific information technology experience. Our services help Sirius client to optimize financial performance, improve availability, enhance resilience, and meet the security needs of their organization by delivering IT solution consulting services that meets their business needs.
Sirius Healthcare Consulting Format & Rules of the Road Facilitated Discussion Summary Finding Provided Following Workshop Sirius offers our clients a comprehensive collection of security solutions. The three types of security services we offer are Standard Security Framework Assessments, Regulatory and Compliance assessments, and Remediation Activities Standard Security Framework Assessments examine the security standards that establish the frameworks within which businesses govern their information assets. Client who have experienced changes in leadership or business structure – such changes resulting from mergers or acquisitions – often result in the need for a Sirius client to assess their security posture. Regulatory and Compliance assessments (our most common consulting assessment). Helps clients ensure that their businesses operate within well-defined regulatory controls. For example, health care must comply with HIPAA/HITECH controls, while retail businesses must meet PCI standards. Whatever the industry, organizations need to periodically ensure that their business is compliant with the appropriate regulations. Sirius has the ability to internally or with certified partners, assess the compliance of our client’s business and recommend products and solutions to close identified gaps. Remediation Activities result when gaps in security posture are identified. In response to security standards or compliance needs, Sirius clients often need to improve their security posture. Sirius is uniquely qualified to offer technical architecture reviews, vulnerability scans, and offer security products from our brands and partners to improve the security of our client business.
Healthcare Consulting Building a Program Activities Current State Analysis Policies, Practice, Controls, Audit Future State Planning Business Alignment, Goals, Priorities GAP Analysis People Skills & Capacity Governance Process Technology Sirius offers our clients a comprehensive collection of security solutions. The three types of security services we offer are Standard Security Framework Assessments, Regulatory and Compliance assessments, and Remediation Activities Standard Security Framework Assessments examine the security standards that establish the frameworks within which businesses govern their information assets. Client who have experienced changes in leadership or business structure – such changes resulting from mergers or acquisitions – often result in the need for a Sirius client to assess their security posture. Regulatory and Compliance assessments (our most common consulting assessment). Helps clients ensure that their businesses operate within well-defined regulatory controls. For example, health care must comply with HIPAA/HITECH controls, while retail businesses must meet PCI standards. Whatever the industry, organizations need to periodically ensure that their business is compliant with the appropriate regulations. Sirius has the ability to internally or with certified partners, assess the compliance of our client’s business and recommend products and solutions to close identified gaps. Remediation Activities result when gaps in security posture are identified. In response to security standards or compliance needs, Sirius clients often need to improve their security posture. Sirius is uniquely qualified to offer technical architecture reviews, vulnerability scans, and offer security products from our brands and partners to improve the security of our client business. Rowe, B. R., & Pokryshevskiy, I. D. (2013, February). Economic analysis of an inadequate cyber-security technical infrastructure. Nation Institute of Standards and Technology. Retrieved from https://www.nist.gov/sites/default/files/documents/director/planning/report13-1.pdf
Healthcare Consulting 2017 Outlook Security in Healthcare equals Reputation Rapidly evolving regulatory environment creates business risk Significant M&A results in inconsistent security controls Nature of information increases its value to identity thieves Malicious modification of medical data results in patient risk – health & safety Privacy Safety Reputation Compliance Sirius offers our clients a comprehensive collection of security solutions. The three types of security services we offer are Standard Security Framework Assessments, Regulatory and Compliance assessments, and Remediation Activities Standard Security Framework Assessments examine the security standards that establish the frameworks within which businesses govern their information assets. Client who have experienced changes in leadership or business structure – such changes resulting from mergers or acquisitions – often result in the need for a Sirius client to assess their security posture. Regulatory and Compliance assessments (our most common consulting assessment). Helps clients ensure that their businesses operate within well-defined regulatory controls. For example, health care must comply with HIPAA/HITECH controls, while retail businesses must meet PCI standards. Whatever the industry, organizations need to periodically ensure that their business is compliant with the appropriate regulations. Sirius has the ability to internally or with certified partners, assess the compliance of our client’s business and recommend products and solutions to close identified gaps. Remediation Activities result when gaps in security posture are identified. In response to security standards or compliance needs, Sirius clients often need to improve their security posture. Sirius is uniquely qualified to offer technical architecture reviews, vulnerability scans, and offer security products from our brands and partners to improve the security of our client business.
Healthcare Security Security Architecture Review (SAR) A Security Architecture Review is a client collaboration to learn about and prioritize gaps and value opportunities in the security environment Healthcare Client Security Posture Reviews the depth and breadth of the client security capabilities with client security team Delivers a color coded gap analysis of the client capability Executive prioritize gaps in the security framework and identify industry best practices for remediation Security touches every aspect of our client’s business For our brands, leads for products and services uncovered during security assessments - are often motivated by regulatory compliance. As a result, these leads have shorter sales cycles and may have fewer budget constraints and experience shorter sales cycles. As this diagram illustrate, security touches every aspect of our client’s information services. Every technology brand in Sirius – software, servers, network, and storage – have offers that may improve the security posture or satisfy regulatory requirements for our clients. All we need to do is help our client identify the need and close the security gap.
Sirius Security Consulting Services Framework Security Architecture Review Consulting (SAR – Identify and Prioritize Client Security Gaps) Technical Architecture Review, Remediation, and Oversight Consulting IT Service Security Roadmap Consulting (Data Classification, Review Application Configuration, & Perform Code Review) External Vulnerability Assessment Service (External Scan, Report, Recommendation) Internal Vulnerability Assessment Service (Internal Scan, Report, Recommendation) Security Risk Remediation Services (Security Technologies, Products, & Product Affinity Services) Penetration Testing Services Security and Policy Awareness Consulting (Educate stakeholders about business protection policies and processes) Security & Risk Governance Consulting (Policies, Roles and Decision Making Processes) (ISO27001, ISO38550, NIST, FISMA, ITIL, Calder-Moir, COBIT Regulatory Compliance Assessment & Audit Services (Assessment & Audit Services for Compliance with Industry Controls) (HIPAA/HITECH, SOX, HITRUST, PCI, TAC202) Vendor & Partner Risk Assessment Service (Vender Management and Due Diligence) Managed Security Services (Monitor Network Devices and Network Traffic, Identify Events, & Escalate Incidents) (Sirius Managed Services) Security Incident Response, Forensics and Remediation Services (Respond Exploitation, Root Cause Analysis, & Legal Expert Services) (Sirius Security Services) Security means many things to many people. As any Certified Information Systems Security Professional (CISSP) will tell you they’re all probably right. Security is a broad topic with many important elements. All of which are important to developing a security posture that protects the business-critical assets but doesn’t hinder the creation of business value. When planning a comprehensive security program for business, Sirius clients have many things to consider in a comprehensive security program. For each element of the program, Sirius will review the specific client business needs, describe the Sirius Security Solution offerings (products and services) designed to meet the need, and highlight the client value at each step.
Sirius Healthcare Consulting 2017 Outlook Its All About the Data Medical Data Analytics is Driving Aggregation (MDM) Significant Biometric Data Collection is Increasing the Volume of Information and Opportunity for Corruption (IoT) Data Privacy Stewardship is the focus of legislation and regulation Sirius offers our clients a comprehensive collection of security solutions. The three types of security services we offer are Standard Security Framework Assessments, Regulatory and Compliance assessments, and Remediation Activities Standard Security Framework Assessments examine the security standards that establish the frameworks within which businesses govern their information assets. Client who have experienced changes in leadership or business structure – such changes resulting from mergers or acquisitions – often result in the need for a Sirius client to assess their security posture. Regulatory and Compliance assessments (our most common consulting assessment). Helps clients ensure that their businesses operate within well-defined regulatory controls. For example, health care must comply with HIPAA/HITECH controls, while retail businesses must meet PCI standards. Whatever the industry, organizations need to periodically ensure that their business is compliant with the appropriate regulations. Sirius has the ability to internally or with certified partners, assess the compliance of our client’s business and recommend products and solutions to close identified gaps. Remediation Activities result when gaps in security posture are identified. In response to security standards or compliance needs, Sirius clients often need to improve their security posture. Sirius is uniquely qualified to offer technical architecture reviews, vulnerability scans, and offer security products from our brands and partners to improve the security of our client business.
Sirius Healthcare Consulting 2017 Outlook 2017 Threats are evolving Social Hacking is resulting in more focus on identity and authorization management and security awareness programs Data Theft by Professional Hackers is is driving a focus on end-point protection and encryption Malicious Data Modification threat is increasing because of biometric data collection (IoT) and is driving a focus on network security and threat analytics Data Ransom as a Service is returning data protection to its roots and increasing the use of ”air-gap” backup methods Sirius offers our clients a comprehensive collection of security solutions. The three types of security services we offer are Standard Security Framework Assessments, Regulatory and Compliance assessments, and Remediation Activities Standard Security Framework Assessments examine the security standards that establish the frameworks within which businesses govern their information assets. Client who have experienced changes in leadership or business structure – such changes resulting from mergers or acquisitions – often result in the need for a Sirius client to assess their security posture. Regulatory and Compliance assessments (our most common consulting assessment). Helps clients ensure that their businesses operate within well-defined regulatory controls. For example, health care must comply with HIPAA/HITECH controls, while retail businesses must meet PCI standards. Whatever the industry, organizations need to periodically ensure that their business is compliant with the appropriate regulations. Sirius has the ability to internally or with certified partners, assess the compliance of our client’s business and recommend products and solutions to close identified gaps. Remediation Activities result when gaps in security posture are identified. In response to security standards or compliance needs, Sirius clients often need to improve their security posture. Sirius is uniquely qualified to offer technical architecture reviews, vulnerability scans, and offer security products from our brands and partners to improve the security of our client business.
Sirius Security Consulting Security Roadmap Consulting Extended Analysis & Planning Collects internal and external security posture details through interviews and automated tools. Evaluates security and compliance of environment against established security controls, such as HIPAA/HITECH, MU, PCI, NIST, FISMA, and ISO. Produce a specific and actionable roadmap to remediate identified compliance gaps and security vulnerabilities Designed for clients who need to address audit findings, support executive initiatives, support M&A activity, plan for post incident remediation, enable contractual commitments, and support brand reputation efforts. Security touches every aspect of our client’s business For our brands, leads for products and services uncovered during security assessments - are often motivated by regulatory compliance. As a result, these leads have shorter sales cycles and may have fewer budget constraints and experience shorter sales cycles. As this diagram illustrate, security touches every aspect of our client’s information services. Every technology brand in Sirius – software, servers, network, and storage – have offers that may improve the security posture or satisfy regulatory requirements for our clients. All we need to do is help our client identify the need and close the security gap.
Thank you for taking a few moments to learn about Sirius Security Solutions.
Sirius Security Consulting Security Consulting Resources More Information: Sirius Security & Compliance http://www.siriuscom.com/solutions/security-compliance/