Group 2: Marco Hidalgo Wesley Lao Michelle Marquez-Lim

Slides:

Advertisements

Similar presentations

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

Advertisements

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.

Office of Mental Health Wireless Communication Project April 24, 2002.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

Columbus Convention Center - October 1, 2008 Meeting Room E171 James Matheke Greg Perkins.

The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,

Security and Confidentiality Practices - Houston Dept. of Health and Human Services Jerald Harms, MPH, CART and Jeff Meyer, MD, MPH HIV/AIDS Surveillance.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

New Data Regulation Law 201 CMR TJX Video.

IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Securing Information in the Higher Education Office.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Network and Internet Security and Privacy.  Two of the most common ways individuals are harassed online are  cyberbullying – children or teenagers bullying.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

PROJECT PAPER ON BLUEFIRE MOBILE SECURITY. BY PONNURU VENKATA DINESH KUMAR STUDENT ID # A0815 PROFESSOR – VICKY HSU CS-426.

Challenges of Securing Clinical Data in a Cloud- centric World Patty Furukawa – Assistant Dean for IT University of California-Irvine School of Law Doug.

Managing and Securing Endpoints Bruce Hotte Chief Information Officer Jeff Swan Network Supervisor  The definition of “endpoint” used to be simple: a.

Health Information Technology Basics January 8, 2011 by Leola McNeill adapted from Information Technology Basics by June 2009, Kayla Calhoun & Dr. Frank.

Dell Connected Security Solutions Simplify & unify.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Chapter 6 of the Executive Guide manual Technology.

1 Secure Telework Connectivity Peggy Ward Chief Information Security Officer July 22,

©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Network Access Technology: Secure Remote Access S Prasanna Bhaskaran.

Complete Security. Threats changing, still increasing Data everywhere, regulations growing Users everywhere, using everything We’re focused on protecting.

TECHNOLOGY GUIDE THREE Protecting Your Information Assets.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

An iterative approach to Desktop Virtualization By Mike Cave, Acting Chief Information Officer CA Department of Toxic Substances Control.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Information Security Training for People who Supervise Computer Users.

Imagine a health system that focuses on health, not just health care. Imagine a sustainable health system with one goal: to improve the lives of the people.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Component 3-Terminology in Healthcare and Public Health Settings Unit 16-Definitions and Concepts in the EHR This material was developed by The University.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

Mohammed F & Aya. Peer-to-peer network are usually common in homes and small businesses and are not necessarily expensive. On a peer-to-peer network each.

KTAC Security Task Force Superintendents Update April 23, 2015.

Mobile Security By Jenish Jariwala. What is Mobile Security?  Mobile Security is the protection of smartphones, tablets, laptops and other portable computing.

Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.

ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,

Taking on Tomorrow's Challenges Today Taking on Tomorrow's Challenges Today Almost every organisation has been attacked …. But most don’t know about it!

Virtual Private Networks

TECHNOLOGY GUIDE THREE

Virtual Private Networks (VPN)

Network and Internet Security and Privacy

12 STEPS TO A GDPR AWARE NETWORK

Introduction to the PACS Security

Session 1 – Introduction to Information Security

School of Medicine Orientation Information Security Training

Presentation transcript:

Wyoming Medical Center, Los Angeles County, and Raymond James: Endpoint Security Gets Complicated Group 2: Marco Hidalgo Wesley Lao Michelle Marquez-Lim Nicole Marquez-Lim Liza Guades Rachelle Roque Golda Go

Overview Protecting end points is becoming more difficult as the type of endpoint devices (laptops, desktops, smartphones) grows, making security a complex moving target. Depending on the device and the user’s role, endpoints need to be locked down. An appropriate software must be used by organizations to protect sensitive information.

Wyoming Medical Center Open PCs for staff use on hallways, nursing stations, offices, and PCs on wheels that move in between patient rooms. They have 850 out of the 900 PCs with the appropriate software use. With 110 applications and 40 major medical software systems. - it is a form of virtual private network that can be used with standard Web browser. -Citrix- market-leading technologies for virtualization, networking, cloud and collaboration (also has app firewall, etc) Physicians can access patient information via (Security sockets layer virtual private network)SSL VPN. They admit, they need more help desk to monitor network activities in the hospital, although they use (Citrix) to monitor and protect their data.

Los Angeles County Dept. of Health Services Data Privacy One concern of Endpoint Security HIPAA- was enacted to protect patient from unauthorized use, disclosure or distribution of one’s health information without their consent. (it covers privacy and security rules on Protected Health Information - paper and electronic) The information security officer supports 18,000 computers and operates under the restriction of Health Insurance Portability and Accountability Act (HIPAA) regulations. They use disk encryption to protect patient information and confidentiality.

Survey Information Week Analytics/ Darkreading.com endpoint security survey of 384 business technology pros, 43% classify their organizations as “Trusting”. Allowing data to be copied to USB drives and other devices with no restrictions or protective measures. image source: money.cnn.com

Raymond James The chief security officer opted for Sopho’s Endpoint Protection and Data Security Suite, which offers firewall, antivirus, data loss prevention (DLP), antispyware, encryption, and network access control (NAC). Encryption key is wiped out when devices are stolen or lost; making it difficult to decrypt. Encryption of data has become an important way to protect data and other computer network resources, on the Internet, intranets, and extranets. The company wants tight control over web content available to users, to minimize malware coming in via web browsing. Mobile devices that could get sensitive information are disk encrypted. Guest users are allowed to use PCs with dedicated wireless network that leads to limited set of servers in a network.

Smartphones Presents ongoing challenge as companies figure out how to deal with it. (In terms of security) image source: travelforfreebook.wordpress.com 73% of businesses surveyed are at least somewhat concerned about smartphones being authorized for business use.

Case Questions What is the underlying issue behind endpoint security and why is it becoming more difficult for companies to address it? Management cannot keep track of the thousands and thousands of computers that have access into the system plus the devices owned by, for example, doctors and other healthcare professionals who needed access in the system.

Case Questions What are the different approaches taken by the organizations in the case to address this issue? What are the advantages and disadvantages? For LA County Dept. of Health Services: -Data encryption and password protected -Removable Storage (USB drives, are not allowed) At Raymond James: -Used DLP solutions, Sophos Endpoint Protection and Data Security Suite, which offers firewall, antivirus, antispyware, encryption, and NAC.

Case Questions A majority of respondents to a survey discussed in the case described their company as “trusting.” What does this mean? What is the upside of a company being “trusting”? What is the downside? What they meant by “trusting” was, everyone in the company have access to data, allowing them to be copied and stored in USB drives or other related devices without any limitations or preventive measures. Some organizations have full confidence in their employees that they will safe-keep all information shared in the organization. Upside? Trust is great and everyone can know corporate intel inside out. Downside? Too much power and information in the hands of all employees. It may compromise the company.