NEGASC NEW ENGLAND GRADUATE ACCOUNTING STUDY CONFERENCE 2014.

Slides:



Advertisements
Similar presentations
IT Security Policy Framework
Advertisements

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
1 HIPAA Privacy & Security Overview Know HIPAA Presents.
Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Security Controls – What Works
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Developing a Records & Information Retention & Disposition Program:
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Payment Card Industry (PCI) Data Security Standard
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
New Data Regulation Law 201 CMR TJX Video.
1 1 MA201 CMR John Hally January 2012 GIAC GSEC, GCIA, GCIH, GCFA, GCWN, GPEN.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
April 23, Massachusetts’ New Data Security Regulations: Ten Steps To Compliance Amy Crafts
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
Evolving IT Framework Standards (Compliance and IT)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
SPH Information Security Update September 10, 2010.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
© Copyright 2010 Hemenway & Barnes LLP H&B
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
CPT 123 Internet Skills Class Notes Internet Security Session B.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
Santa Clara, CA (408)
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Protecting PHI & PII 12/30/2017 6:45 AM
Best Practices for Data Security and Protecting Personal Information
Protection of CONSUMER information
Current ‘Hot Topics’ in Information Security Governance Auditing
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Move this to online module slides 11-56
IIA District Conference Seminar Presenter David Cole, CPA, CISA, CRISC
County HIPAA Review All Rights Reserved 2002.
HIPAA Overview.
Cyber Security: What the Head & Board Need to Know
Move this to online module slides 11-56
Introduction to the PACS Security
PERSONALLY IDENTIFIABLE INFORMATION: AUDIT CONSIDERATIONS
Presentation transcript:

NEGASC NEW ENGLAND GRADUATE ACCOUNTING STUDY CONFERENCE 2014

KONRAD M. MARTIN, CPA, CEO Konrad Martin is CEO of Tech Advisors, a comprehensive IT support firm that provides tailored services to manage, protect, and improve business’ unique networks. Konrad drives Tech Advisors’ development and marketing, and ensures that quality service is delivered to over 100 clients throughout the Boston area. Before founding Tech Advisors with his brother, Konrad was a Senior Accountant, concentrating in tax and audit. He led over 20 seminars on technology and compliance for the Massachusetts Society of CPAs. While working at a major accounting firm, Konrad learned that a strategic, tailored IT support system not only prevents costly breaches—it’s fundamental for driving growth. An entrepreneur through and through, Konrad thrives when growing businesses. He has owned a hotel and restaurant, and founded several small startups, including KRK Productions. He enjoys being a frequent guest and contributor to Radio Entrepreneurs, a daily broadcast to enrich and inspire the entrepreneurial community. Konrad grew up in Bangor Maine and attended the University of Maine, where he was a Top collegiate swimmer. In his spare time, he enjoys playing golf, hiking, cooking, and reading.

ACCOUNTING FIRMS AND TECHNOLOGY 1.Different types of Networks a.Peer to Peer b.LAN c.WAN 2.Security for your network a)Written Information Security Program b)Disaster Recovery c)Business Continuity 3.WISP in detail: 4.Checklist: 5.Microsoft Office 365 and Hosted Exchange 6.Accounting Software a)CCH Profx b)Lacert c)Thomson d)QuickBooks, Peachtree, Xero, Bill.com Etc.

Peer to Peer LAN (Local Area Network)WAN (Wide Area Network)

WISP Written Information Security Program 201-CMR-17 (93H) (personal information security) HIPAA (Health Insurance Portability and Accountability Act) PCI DSS (Payment Card Industry Data Security Standards) Each of these laws and standards require a WISP

FIREWALLS: YOUR FIRST LINE OF DEFENSE! A firewall is a network security system that controls the incoming and outgoing network traffic based on applied rule set. The firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted

DATA BACKUP:

Backing up your data is necessary. Testing that backup is necessary What is actually being backed up? Data (I know, shocker) You pay per GB per Month in most cases

DISASTER RECOVERY PLAN:

DISASTER RECOVERY: You should have a written plan Data backup is part of Disaster recovery. Imaging of the servers should be part of Disaster recovery Local device (external hard drives work) piece of software (Symantec endpoint recovery). Why? To recovery from a disaster as quickly as possible, you need to have a written plan, an image of the servers, and data backup.

BUSINESS CONTINUITY How do you keep working during a disaster?

BUSINESS CONTINUITY Written plan Data backup Image of servers Offsite image of servers. This is key. If a disaster happens in your area, the image can be turned on in The Cloud and accessed from anywhere.

YOUR NETWORK AND BUSINESS CONTINUITY

MICROSOFT 365 (OFFICE AND HOSTED EXCHANGE) MS Office 365 is more powerful than Google Apps but of course at a cost. Before choosing google apps, you need to be it will do what you need it to do. In most cases it will, in larger, more complex organizations, it will not.

MICROSOFT 365 (OFFICE AND HOSTED EXCHANGE) Bandwidth is a big deal when using Software as a Service. We have several clients using both products. If the internet is down, your is down and maybe your office products.

WISP For compliance with 201-CMR-17, HIPPA and PCI, businesses must develop, implement, maintain and monitor a comprehensive, Written Information Security Plan (WISP) that is consistent with industry standards. Personal Information (201-CMR-17) Personal Health Information (HIPPA)

REGULATORY OVERVIEW The program must be monitored on a regular basis to help ensure that the program can: Prevent unauthorized access to personal information. Prevent unauthorized use of personal information and/or Personal Health Information.

DOES THE LAW APPLY TO YOUR BUSINESS? 1. If you electronically store a Massachusetts resident’s Last Name and First Name, or First Initial on a computer. 2. Plus One of the following (a,b,c or d) (for 201-CMR-17) a. Social Security Number b. Driver’s License number c. Financial Account number (credit card, debit card) d. Access code that would allow you access that person’s financial information Then the law applies to your business! HIPAA Requirements are much more extensive and are included at the end of your handout.

201-CMR-17 DUTY TO PROTECT a) Designating one or more employees to oversee the WISP creation and maintenance. b) Identifying and assessing reasonably foreseeable internal and external risks. It is important to do some type of Audit of where the PI resides. c) Developing security policies for employees to agree to and follow. All members of the organization are required to signoff on accepting the WISP.

201-CMR-17 DUTY TO PROTECT d) Imposing disciplinary measures for violations that can include termination of employment. e) Preventing terminated employees from getting back into the servers, workstations etc. f) Taking reasonable steps to verify that third-party service provider are in compliance with the law.

201-CMR-17 DUTY TO PROTECT g) Limiting the amount of personal information collected. Don’t ask for information you don’t need. This is important for your clients especially h) Identifying paper, electronic and other records…used to store personal information, to determine what devices must be included. i) Reasonable restrictions upon physical access to HR records etc.

201-CMR-17 DUTY TO PROTECT j) Regular monitoring to ensure that you are addressing issues that may have changed throughout the year k) Reviewing the scope of the security measures, again, for material changes. l) Documenting responsive actions taken in connection with any incident involving a breach of security or a non-compliance of the WISP

TRIGGER EVENT Notice is required when data owner knows that there is: 1. Unauthorized acquisition or use of PI 2. Unencrypted personal information, or encrypted personal information and the confidential process or key that can unlock the personal information 3. That creates a substantial risk of identity theft or fraud against a Massachusetts resident.

TIMING OF NOTICE  “As soon as practicable and without unreasonable delay.”  Notice may be delayed if a law enforcement agency determines that giving notice may impede a criminal investigation – AG and data owner must be notified

HAVE YOU HEARD OF THESE ACCOUNTING PACKAGES? YOUR CLIENTS HAVE!

QUESTIONS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.