5 Steps to get funding for IT Security

Slides:

Advertisements

Similar presentations

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

HIPAA Regulations What do you need to know?.

HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.

1 1 Risk Management: How to Comply with Everything July 11, 2013.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

Information Security Policies and Standards

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.

SECURITY POLICIES Indu Ramachandran. Outline General idea/Importance of security policies When security policies should be developed Who should be involved.

Where’s the Money Going? 10 Things You Should Know about Internal Controls and Fraud Donna S. Brown, CPA Bob Powell, CPA November 12, 2010.

Security Architecture

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

MU and HIPAA Compliance 101 Robert Morris VP Business Services Ion IT Group, Inc

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Computer Concepts 2014 Chapter 10 Information Systems Analysis and Design.

What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.

REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services.

Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.

INTERNAL CONTROLS What are they? Why should I care?

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

© Goulston & Storrs, 2004 The Investment Advisers Act and Its Impact on “Real Estate Only” Investment Advisers Rebecca O’Brien Radford Goulston & Storrs,

Information Security tools for records managers Frank Rankin.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

PHASE II OF HIPAA AUDIT PROGRAM June 2016 Presented by John P. Murdoch II, Esq. of Wilentz, Goldman & Spitzer, P.A. Two Industrial Way West Two Industrial.

HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.

Security Standard: “reasonable security”

Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration.

Leverage What’s Out There

Information Security based on International Standard ISO 27001

IS4550 Security Policies and Implementation

CMGT 431 Competitive Success/snaptutorial.com

CMGT 431 Education for Service-- snaptutorial.com.

CMGT 431 STUDY Lessons in Excellence--cmgt431study.com.

CMGT 431 Teaching Effectively-- snaptutorial.com.

Building a Security Operations Center

Protecting Your Credit

Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client.

Business Impact Analysis 101

County HIPAA Review All Rights Reserved 2002.

The Practical Side of Meaningful Use:

Small Business Technical Checkup for the 21st Century

HIPAA Privacy & Security- The OCR, Audits, and Sanctions 2018

What is Software Testing?

Drew Hunt Network Security Analyst Valley Medical Center

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Security week 1 Introductions Class website Syllabus review

About EverydayComply A Solution designed to:

Neopay Practical Guides #2 PSD2 (Should I be worried?)

HIPAA Security Risk Assessment (SRA)

School of Medicine Orientation Information Security Training

Presentation transcript:

5 Steps to get funding for IT Security Show Me the Money 5 Steps to get funding for IT Security

Pssst.. Who is this guy? Rob Garbee Technical Security Analyst 20 or so years in IT Banking, DOD, HIPAA CISSP What does all that mean?

I’m Just Like you… A minion trying to figure it out

Why do this stuff Advocate $5.55 Million Didn’t conduct an accurate and thorough assessment of the potential risks and vulnerabilities to all of its ePHI; Did not reasonably safeguard an unencrypted laptop when left in an unlocked vehicle overnight. University of Mississippi Medical Center 2.75 Million Did not implement appropriate policies and procedures to prevent, detect, contain, and correct security violations; Did not implement physical safeguards for all workstations that access ePHI to restrict access to authorized users; $1 Million Morgan Stanley The SEC found that MSSB violated Regulation S-P due to its failure to implement sufficient safeguards to protect customer information.

Lets Get Started

Step 1 - Policies and Procedures (or whatever you call them) Are you and your company following them Do procedures align with policy Are procedures documented Identify gaps and document them Policy and procedures Review your policies and procedures? Are you and your company following them? Do procedures align with policy Are you procedures documented Where are they stored Online / Offline Identify gaps

Step 2 Speak to your management team What keeps them up at night What are you responsible for Where is your important data How much is that data worth Note these items What keeps them up at night? What are you responsible for? Where is your important info? How much is that data worth? Seriously what is it worth? Note these items?

Step 3 Perform an inventory Where is your stuff Where is your important data If you don’t know how can you protect it Where are your assets? Where does your important data live? Servers Laptops PC's Printers BYOD, Phones

Before we move on you should now have the following STOP Before we move on you should now have the following What the important data is Where the important data lives How much the important data is worth Policy discrepancies

Use the data you have collected Logical Risk Assessment Step 4 Risk Assessment Use the data you have collected Logical Risk Assessment Physical Risk Assessment isk analysis Use the data that you have collected Physical risk assessment Spreadsheet example (template) Walkthrough Logical risk assessment

Step 4 Risk Assessment (British mathematician and professor of statistics at the University of Wisconsin

Step 5 Demonstrate the results Use the data that you have collected Hard to argue with their own words Demonstrate the need by use of monetary loss Report, PowerPoint, etc. Present your findings Use the data that you have collected Hard to argue with their own words - Policy, etc. Demonstrate the need by use of monetary loss

If we have done it right..

5 Steps to get funding for IT Security Show Me the Money 5 Steps to get funding for IT Security

Additional stuff Use external resources if needed Use free tools if needed Nessus Security Onion Present your findings Use the data that you have collected Hard to argue with their own words - Policy, etc. Demonstrate the need by use of monetary loss