CISSP Seeks CIPP Object: Mutual Compliance Marriage of Privacy and Security Professionals Under HIPAA David B. Nelson, CISSP Yolo County Woodland, California.

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

Lesson 1. Course Outline E-Commerce and its types, Internet and WWW Basics, Internet standards and protocols, IP addressing, Data communication on internet,
Ethics, Privacy and Information Security
David Assee BBA, MCSE Florida International University
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Security and Personnel
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
Information Security Policies and Standards
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Security Certification
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
SEC835 Database and Web application security Information Security Architecture.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Confidentiality Integrity Accountability Communications Data Hardware Software Next.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
CISSP Best Practices Guide to the Basics of Certified Information Systems Security Professional 1 The Certified Information System Security Professional.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Eliza de Guzman HTM 520 Health Information Exchange.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
Working with HIT Systems
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Introduction to Information Security
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.
SecSDLC Chapter 2.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
HIPAA Security Final Rule Overview
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
© 2014 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
Computers in the Ambulatory Care Setting
CISSP TRAINING IN.
IS4550 Security Policies and Implementation
I have many checklists: how do I get started with cyber security?
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
IS4680 Security Auditing for Compliance
Final HIPAA Security Rule
County HIPAA Review All Rights Reserved 2002.
How to Mitigate the Consequences What are the Countermeasures?
HIPAA Security Standards Final Rule
What is Interesting in the CCSP certification?
Information Services Security Management
Introduction to the PACS Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

CISSP Seeks CIPP Object: Mutual Compliance Marriage of Privacy and Security Professionals Under HIPAA David B. Nelson, CISSP Yolo County Woodland, California

DEMOGRAPHICS Yolo County = 180,000 population County has 1400 – 1700 workforce members One major Mental Health Medicaid program covered by HIPAA (TCS, Privacy, Security, NPI…) Contracted out hospital and clinic services for Indigent and Public Health services = BA Not a Health Service Agency, but separate departments Across the river from State Capitol

Four Points Presentation 1.P&S Married under HIPAA 2.Why Double Certification? 3.Similarities in CISSP and CIPP 4.P&S are MANAGEMENT Activities

P&S Married Under HIPAA The RULES What we protect and How we protect P&S Information Diagram

Married Under HIPAA P&S Married at the HIP(AA) –Standard: Safeguards. A covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information. –Administrative Safeguards are administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity's workforce in relation to the protection of that information.

Married Under HIPAA Privacy is WHAT we protect WHAT can be driven by law, program or demand. HIPAA, SOX, GLB, W&I… Security is HOW we protect it Physical and technical measures based on data classification Locked cabinets, shredders, passwords, IDS, logon review…

Married Under HIPAA Single Server? Multiple Servers? Internet Servers? Paper/Verbal Electronic

Why Double Certification? Benefits Two or More Just YOU

WHY DOUBLE CERTIFICATION? Each has its own benefits –One focus is Privacy Rules and Regulations –One focus is Security Structure and Management How do you PROVE your sincerity? Good Question. –For Yolo…. –Designated Felon Concept (Richard Marks, Esq.) Certifications Guarantee Nothing, but… –Defined Body of knowledge –Guidelines for behavior –Outlines International standards –On-going education

WHY DOUBLE CERTIFICATION? Two or More 1 CISSP + 1 CIPP = Greater chance of success Provides qualified (at least informed) backup Best practice to cross-train Succession Planning for Compliance –Compliance Team –A lack of qualified candidates for these positions –Provides a career path for upward mobility

WHY DOUBLE CERTIFICATION? Just YOU Overall entity expert Single focal point –In small entity = I GET EVERYTHING Counsel can focus on legal aspect using Expert Continuing Education Each point has a bad reason depending on corporate culture.

Similarities in CISSP and CIPP Domains Information Security Information Infrastructure CIPP looks like CISSP CISSP looks like CIPP

Similarities of CISSP/CIPP CISSP: Access Control Systems and Methodology Telecommunications and Network Security Security Management Practices Applications and Systems Development Cryptography Security Architecture Operations Security BCP and DRP Law and Ethics Physical Security CIPP (G): Privacy Law and Compliance Information Security Web Privacy and Security Data Sharing and Transfer Workplace Privacy Additional for Government: Government Privacy Laws Government Privacy Practices

CIPP Curriculum Outline Information Security A - Definitions - 2 subsets, 6 topics B - Information Infrastructure - 7 subsets, 22 topics C - IT Organization - 4 subsets, 28 topics D - Information Asset Oversight - 3 subsets, 13 topics E - Information Systems Security - 4 subsets, 28 topics F - Contingency Planning - 2 subsets, 13 topics G - Incident Handling - 2 subsets, 15 topics

Information Infrastructure Information Security Security Controls Data Management Hardware Internet IT Management Networks Platforms Reporting Structure Outsourced activities Security Roles Security Awareness Training Asset Management Quantifying Assets Classifying Information Access Authentication Authorization Intrusion prevention Threats and Vulnerabilities Disaster Recovery Plan (DRP) Business Continuance Plan (BCP)

CIPP Looks Like CISSP Hardware Client systems, Handheld, Servers, Storage, Desktop, Laptop Platforms Mainframes, Desktops, Wireless/Portable Devices Networks Local Area Networks/Wide Area Networks (LAN/WAN), Mobile and Wireless, Telecom, Ethernet and Optical, Broadband – Digital Subscriber Line (DSL), Voice Over IP Protocol (VoIP) Internet Web, E-Commerce, E-Business Data Management Backups, Database management, Recovery

CISSP Looks Like CIPP Titles from study guide Law Investigations and Ethics Cyber law, Computer Ethics Institute, Internet Architecture Board, Generally Accepted System Security Principles (GASSP), Motive opportunity and means Hackers and Crackers Well Known Computer Crimes Liability and its Ramifications Types of Law Discarding Equipment and Software Issues Computer Crime Investigations Import Export Laws Privacy (2 pages in Shon Harris All-In-One CISSP Certification) SOX, GLB

MANAGEMENT Policy Procedures vs. Security Yolo Management Outline

It is Management Management is the KEY word Generally Speaking –CIPP for Privacy is most of Policy and Procedures Version Control, Review Period, Training –CISSP for Security is the electronic half of information Understand/Know where vulnerabilities are Choose solutions that minimize RISK to an acceptable level

Yolo Management Outline Defining Security Principles Security Management Planning Risk Management and Analysis Policies, Standards, Guidelines, and Procedures Examining Roles and Responsibility Management Responsibility Understanding Protection Mechanisms Classifying Data Employment Policies and Practices Managing Change Control Security Awareness Training

SUMMARY By yourself or as a team the awareness of the combined impacts of privacy and security compliance it is best served by having both CISSP and CIPP certification.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.