Tom Walsh, CISSP President

Slides:



Advertisements
Similar presentations
BalaBit Shell Control Box
Advertisements

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
Hacking Capture Save and Playback User Session Screens.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
Data Security The Best Data Security In The Industry.
Lesson 17: Configuring Security Policies
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Access Control Chapter 3 Part 5 Pages 248 to 252.
Chapter 7 Database Auditing Models
Network security policy: best practices
Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.
Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
1 LOGICAL ACCESS FOR University Medical Group Saint Louis University Click the Speaker Icon for Audio.
Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.
HIPAA COMPLIANCE WITH DELL
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
What is FORENSICS? Why do we need Network Forensics?
CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:
Professional Development: Group 1 Career Topic COMPUTER FORENSICS.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
© 2009 Level 3 Communications, LLC. All Rights Reserved. Level 3 Communications, Level 3, the red 3D brackets, the (3) mark and the Level 3 Communications.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
S-1 © RGP & UW-CISA 2010 Business & Technology Environment Summer 2010 Robert G Parker.
Changing Organizational Culture through Effective Training, Education, and Awareness March 11, 2004 Tom Walsh, CISSP President, Tom Walsh Consulting, LLC.
Ifs ProShare John Collison Head of Employee Share Ownership ifs ProShare.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Safeguarding your Business Assets through Understanding of the Win32 API.
1 Chapter Overview Understanding User Accounts Planning New User Accounts Creating, Modifying, and Deleting User Accounts Setting Properties for User Accounts.
Module 15 Managing Windows Server® 2008 Backup and Restore.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
ManageEngine ADManager Plus. AGENDA The aim of this presentation is to showcase: * how ADAudit Plus works. * how ADAudit Plus be configured to extract.
Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.
Using Event Viewer Event Levels Creating Custom Views Windows Logs Monitoring Performance.
Frontline Enterprise Security
Understand Audit Policies LESSON Security Fundamentals.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
SHERRYANNE MEYER [ ASUG INSTALLATION MEMBER MEMBER SINCE: 2000 ANUP MAHESHWARI [ ASUG INSTALLATION MEMBER MEMBER SINCE: 2008 AJAY VONKAREY [ ASUG INSTALLATION.
Chapter 15 Telecommunication Department Management.
Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO.
September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.
«My future profession»
Blackboard Security System
Audit Trail LIS 4776 Advanced Health Informatics Week 14
1D0-570 CIW CIW v5 Security Professional
Assignment # 8.
Module Overview Installing and Configuring a Network Policy Server
Information Security Professionals
Unit OS7: Security 7.4. Quiz Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze.
Leveraging the Power of Collaboration
Who is AAHAM and what can they do for me as a college student?
Online Testing System Assessment Viewing Application (AVA)
Active Directory Auditing Headaches (and How to Solve Them)
Online Testing System Assessment Viewing Application (AVA)
Online Testing System Assessment Viewing Application (AVA)
March 11, 2004 Tom Walsh, CISSP President, Tom Walsh Consulting, LLC
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Enterprise Auditing with SQL Server Audit
Compliance….GlobalSearch……WHAT?!?!
Online Testing System Assessment Viewing Application (AVA)
Thursday, June 5 10: :45 AM Session 1.01 Tom Walsh, CISSP
REDCap and Data Governance
A 5-minute overview of ADAudit Plus
Online Testing System Assessment Viewing Application (AVA)
Bethesda Cybersecurity Club
Drew Hunt Network Security Analyst Valley Medical Center
Bethesda Cybersecurity Club
Presentation transcript:

Tom Walsh, CISSP President Audit Controls Tom Walsh, CISSP President

Copyright © 2003, Tom Walsh Consulting, LLC Certified Information Systems Security Professional (CISSP) Co-authored a book on HIPAA Security Invited speaker at national conferences Former information security manager for large healthcare system in Kansas City, MO DOE-certified safeguards and security instructor A little nerdy, but overall, a nice guy  Copyright © 2003, Tom Walsh Consulting, LLC

Copyright © 2003, Tom Walsh Consulting, LLC Why do we audit? Investigations Troubleshooting Employee misconduct Forensic evidence Random sampling to keep users in check Users are randomly selected for audit Audit data is provided to their managers Compliance Because it is required in HIPAA Copyright © 2003, Tom Walsh Consulting, LLC

Copyright © 2003, Tom Walsh Consulting, LLC What do we audit? Operating system Programs/files modifications Directory or file access or failed attempts Password changes, strength, etc. Application Order entry, changes, updates, deletions, etc. Access control lists to Data Owners Network Internal (User’s logging on and off) External (Vendors, workforce members, file transfers, etc.) Copyright © 2003, Tom Walsh Consulting, LLC

What do we do with audit logs? Controlling access to logs Are they stored on a separate system? System administrators - Should they have access to audit logs? Reviewing logs Network engineer? Information Security Officer? Clinical manager? Internal audit? Storing logs (retention) Operating system Application Network Copyright © 2003, Tom Walsh Consulting, LLC

Copyright © 2003, Tom Walsh Consulting, LLC Other Issues... Are warning banners are displayed at logon to any system or network to notify users of auditing and monitoring activities? Have Data Owners determined the events that will trigger an audit trail? Have we checked with our vendors on audit capability and performance impact? What tools are available for quickly reviewing audit data? What are other organizations doing? Copyright © 2003, Tom Walsh Consulting, LLC

Determining Audit Controls Management: “We need audit controls.” IT: “Okay, what activities do you need to capture in an audit log?” IT: “How long will you want to retain the audit logs?” IT: “What performance impacts are you willing to accept?” “… and so it goes…” Copyright © 2003, Tom Walsh Consulting, LLC

Copyright © 2003, Tom Walsh Consulting, LLC Participation This panel discussion offers you the opportunity to share your thoughts on audit controls and to hear from our panel of experts. Thank you for being here! Copyright © 2003, Tom Walsh Consulting, LLC

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.