Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.

Slides:



Advertisements
Similar presentations
Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.
Advertisements

Author(s): Paul Conway, License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): Michael Hortsch, Ph.D., 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): John Doe, MD; Jane Doe, PhD, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): John Doe, MD; Jane Doe, PhD, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Templates for editing U-M OER Materials
Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.
Author(s): Paul Conway, License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Module: Leadership Training Workshop for Health Professionals Organization: East Africa HEALTH Alliance Author(s): Dr. Roy William Mayega, Resource.
Module: Leadership Training Workshop for Health Professionals Organization: East Africa HEALTH Alliance Author(s): Prof. John T. Kakitahi, Resource.
Project: Ghana Emergency Medicine Collaborative Document Title: Open Educational Resources Author(s): University of Michigan Department of Emergency Medicine.
Author(s): Steve Jackson, 2009 License: Unless otherwise noted, this material is made available under the terms of the Attribution - Noncommercial - Share.
Author(s): Steve Jackson, 2009 License: Unless otherwise noted, this material is made available under the terms of the Attribution - Noncommercial - Share.
We have reviewed this material in accordance with U.S. Copyright Law and have tried to maximize your ability to use, share, and adapt it. The citation.
Module: Public Health Disaster Planning for Districts Organization: East Africa HEALTH Alliance, Author(s): Dr. Roy William Mayega (Makerere.
Author(s): Brenda Gunderson, Ph.D., 2011 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Non-commercial–Share.
Author: Michael Jibson, M.D., Ph.D., 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Share.
We have reviewed this material in accordance with U.S. Copyright Law and have tried to maximize your ability to use, share, and adapt it. The citation.
Author(s): MELO 3D Project Team, 2011 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Module: Leadership Training Workshop for Health Professionals Organization: East Africa HEALTH Alliance Author(s): Prof. William Bazeyo, Resource.
We have reviewed this material in accordance with U.S. Copyright Law and have tried to maximize your ability to use, share, and adapt it. The citation.
Author(s): Steve Jackson, 2009 License: Unless otherwise noted, this material is made available under the terms of the Attribution - Noncommercial - Share.
Author(s): MELO 3D Project Team, 2011 License: This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. To view a.
Project: Ghana Emergency Medicine Collaborative Document Title: Approach to Acute Chest Pain Author(s): Rockefeller Oteng (University of Michigan), MD.
Author(s): Joan Durrance, 2009 License: Unless otherwise noted, this material is made available under the terms of the Attribution - Non-commercial 3.0.
Author(s): Paul Conway, PhD, 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author: Victor Rosenberg, 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution 3.0.
Author: Michael Jibson, M.D., Ph.D., 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Share.
Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.
Author(s): Kate Saylor, 2011 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Non-commercial–Share.
Author(s): Paul Conway, PhD, 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): Gerald Abrams, M.D., 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Non-commercial–Share.
Author(s): Brenda Gunderson, Ph.D., 2011 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Non-commercial–Share.
Module: Leadership Training Workshop for Health Professionals Organization: East Africa HEALTH Alliance Author(s): Dr. Elizabeth Ekirapa, Resource.
Author: Michael Jibson, M.D., Ph.D., 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Share.
Author(s): Michael Hortsch, Ph.D., 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): Paul Conway, PhD, 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): Paul Conway, PhD, 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): Brenda Gunderson, Ph.D., 2011 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Non-commercial–Share.
Author: Michael Jibson, M.D., Ph.D., 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Share.
Author(s): Michael Hortsch, Ph.D., 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.
Author(s): MELO 3D Project Team, 2011 License: This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. To view a.
Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.
Author(s): Steve Jackson, 2009 License: Unless otherwise noted, this material is made available under the terms of the Attribution - Noncommercial - Share.
Author(s): Paul Conway, Ph.D., 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Noncommercial–Share.
Author(s): MELO 3D Project Team, 2011 License: This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. To view a.
Author(s): Gabriel Krieshok, Alex Pompe, 2011 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons.
Author(s): MELO 3D Project Team, 2011 License: This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. To view a.
Author(s): Gerald Abrams, M.D., 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Non-commercial–Share.
Author(s): Paul Conway, PhD, 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): Paul Conway, PhD, 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
Author(s): Paul Conway Ph.D., 2011 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution–Noncommercial–Share.
Author(s): Paul Conway, PhD, 2010 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution.
1 Author(s): Andrew Rosenberg
Author: Michael Jibson, M.D., Ph.D., 2009
Author(s): John Doe, MD; Jane Doe, PhD, 2009
Author(s): Rajesh Mangrulkar, MD, 2009
Author(s): Paul Conway, PhD, 2010
Module: Leadership Training Workshop for Health Professionals
Author: Michael Jibson, M.D., Ph.D., 2009
Attribution: University of Michigan Medical School, Department of Internal Medicine License: Unless otherwise noted, this material is made available under.
Author(s): Paul Conway, PhD, 2010
1 Author(s): Rebecca W. Van Dyke, M.D., 2012
Author(s): Joan Durrance, 2009
1 Author(s): Rebecca W. Van Dyke, M.D., 2012
Attribution: University of Michigan Medical School, Department of Microbiology and Immunology License: Unless otherwise noted, this material is made available.
Attribution: Department of Neurology, 2009
Author: Michael Jibson, M.D., Ph.D., 2009
Module: Leadership Training Workshop for Health Professionals
Presentation transcript:

Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial – Share Alike 3.0 license We have reviewed this material in accordance with U.S. Copyright Law and have tried to maximize your ability to use, share, and adapt it. The citation key on the following slide provides information about how you may share and adapt this material. Copyright holders of content included in this material should contact with any questions, corrections, or clarification regarding the use of content. For more information about how to cite these materials visit Any medical information in this material is intended to inform and educate and is not a tool for self-diagnosis or a replacement for medical evaluation, advice, diagnosis or treatment by a healthcare professional. Please speak to your physician if you have questions about your medical condition. Viewer discretion is advised: Some medical content is graphic and may not be suitable for all viewers.

Citation Key for more information see: Use + Share + Adapt Make Your Own Assessment Creative Commons – Attribution License Creative Commons – Attribution Share Alike License Creative Commons – Attribution Noncommercial License Creative Commons – Attribution Noncommercial Share Alike License GNU – Free Documentation License Creative Commons – Zero Waiver Public Domain – Ineligible: Works that are ineligible for copyright protection in the U.S. (USC 17 § 102(b)) *laws in your jurisdiction may differ Public Domain – Expired: Works that are no longer protected due to an expired copyright term. Public Domain – Government: Works that are produced by the U.S. Government. (USC 17 § 105) Public Domain – Self Dedicated: Works that a copyright holder has dedicated to the public domain. Fair Use: Use of works that is determined to be Fair consistent with the U.S. Copyright Act. (USC 17 § 107) *laws in your jurisdiction may differ Our determination DOES NOT mean that all uses of this 3rd-party content are Fair Uses and we DO NOT guarantee that your use of the content is Fair. To use this content you should do your own independent analysis to determine whether or not your use will be Fair. { Content the copyright holder, author, or law permits you to use, share and adapt. } { Content Open.Michigan believes can be used, shared, and adapted because it is ineligible for copyright. } { Content Open.Michigan has used under a Fair Use determination. }

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 3 Enterprise Roles Data Security and Privacy: Legal, Policy, and Enterprise Issues University of Michigan School of Information Week 8

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 4 Enterprise Security Approach  Multidisciplinary responsibility  Managerial  Operational  Technical  Legal  Avoid stovepipe view

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 5 ESP Input From Roadmap to an Enterprise Security Program

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 6 Elements  Risk management  Security plan  Procedures  Controls  Implementation  Audit

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 7 Challenges  Educate constituencies  Need for enterprise approach  Interests and requirements of other groups  Identify and develop processes  Develop cross-department links  Foster team approach  Address turf problems  Question knowledge  Question skills  Question understanding

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 8 Elements  Networks  Applications  Information  Digital  Analog

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 9 P6STN1  People  Products  Plants  Processes  Policies  Procedures  Systems  Technology  Networks  Information Evaluate all with multidisciplinary approach

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 10 The Process  Security Plan  Strategic document  Security Policies  Broad statements that account for management’s risk tolerance and expectations  Security Procedures  Actual steps in the security process  Controls  Standards for each element

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 11 Development Stages  Governance  Security Integration and Operations  Implementation and Evaluation  Capital Planning and Investment Controls

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 12 Governance  Risk management decision makers  Operational management staff  Cross-organizational teams  Inventory assets  Establish ownership  Catalogue compliance requirements  Threat and risk assessments and reviews  Risk management categorization  Criteria: confidentiality, integrity, availability

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 13 Security Integration/Ops  ID standards, best practices, system specific requirements  Determine controls needed  Set performance metrics  Implementation  Efficiency  Effectiveness  Impact  Set contingency and continuity plans

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 14 Security Integration/Ops -2  Develop security plan  Business operations and strategic goals  Management goals and organization culture  Legal compliance  System architecture  Develop policies  Develop procedures

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 15 Policies  Framework for decisions  Elements  Internal policy  Compliance and monitoring discussion  Enforcement mechanism  Levels  Organizational  Functional  Computing  Baseline

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 16 Procedures  Take policies to day-to-day operations level  “How-to”  Detailed

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 17 Controls  Evaluation criteria  Provide basis for security assessment  Description of item and statement of goal  May be flexible

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 18 Implementation and Evaluation  Hands on; documentation and security management software not enough  Training  Vary by responsibilities  Mechanism to compel  Test and evaluate  Implementation, efficiency, effectiveness, impact  Identify weaknesses and have correction mechanism

CC: BY NC SA 2010 – Don M. Blumenthal Enterprise Roles - 19 Capital Planning & Investment Controls  Make security part of processes  ROI

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 20 Security Programs

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 21 Security Plan Norms  Must be consistent with  Business operations  Legal compliance framework  Management goals  Organizational culture  Systems architecture

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 22 Security Plan Organization  Boards of Directors  Senior management  Internal management  Operational staff

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 23 Internal Management  Business unit managers  HR  Legal  Financial  Technical  Security  PR

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 24 Assessment  Includes Gap Analysis  Analyze environment and assess risks and vulnerabilities  Assess potential for problem  Identify solutions or countermeasures  Appropriate and cost effective safeguards

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 25 Risk Assessment Strategies  Avoid  Mitigate  Accept  Transfer/Insure

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 26 IT Risk Managers  Comparatively new concept  Core of any approach, even if term not used  Often taken from financial auditors and analysts

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 27 Common Flaws  Failure to focus on value of information and business reputation  Fix as little as possible and not follow up  Assign untrained people and not give them instruction  Ignoring problems  Using surface solutions

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 28 Change Management  Another relatively new concept  Can help with many problems  Systematic way to introduce and manage change  Procedures for introducing and implementing  Audit trail to trace problems back

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 29 Classification  Gives framework for setting risk priorities  Seems straightforward  Can be complicated  Often not done in systematic way  Flexible process  Must examine data life cycle  Create, access, use, modify, store  Similar approach for applications and systems

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 30 Policies  Components of plan  Frameworks for decisions  Place to add standards, guidelines, best practices  Four levels  Corporate  Functional  Computing  Security baseline

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 31 Procedures  Put into effect

CC: BY NC SA 2010 – Don M. Blumenthal Data Security - 32 Review  At least annually for:  Effectiveness  Compliance  Vulnerability