Networking and Health Information Exchange Unit 9b Privacy, Confidentiality, and Security Issues and Standards.

Slides:



Advertisements
Similar presentations
RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Advertisements

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.
Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies
Security+ Guide to Network Security Fundamentals, Fourth Edition
Access Control Intro, DAC and MAC System Security.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.
Security+ Guide to Network Security Fundamentals, Third Edition
Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
.  Access Control Models  Authentication Models  Logging Procedures  Conducting Security Audits  Redundancy Planning  Disaster Recovery Procedures.
I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.
Li Xiong CS573 Data Privacy and Security Access Control.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
FORESEC Academy FORESEC Academy Security Essentials (II)
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
CIS 450 – Network Security Chapter 8 – Password Security.
Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.
CSCE 201 Identification and Authentication Microsoft support Fall 2010.
Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.
Security+ Guide to Network Security Fundamentals, Third Edition
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Information Systems Security
Passwords Internet Safety for grades Introduction to Passwords Become part of our everyday life –Bank cards, , chat programs, on- line banking,
Security Compact.  Only authorized security administrators shall be allowed to create a user account for the PowerSchool application.  The LEA security.
System Access Controls Eric Gibson Jr. Growing Use of Computers Smartphone alarm clock dependency Source for sending communications Store personal information.
Li Xiong CS573 Data Privacy and Security Access Control.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Working with HIT Systems
Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.
Taxonomies of User-Authenticated Methods in Computer Networks Göran Pulkkis, Arcada Polytechnic, Finland Kaj J. Grahn, Arcada Polytechnic, Finland Jonny.
November 19, 2008 CSC 682 Do Strong Web Passwords Accomplish Anything? Florencio, Herley and Coskun Presented by: Ryan Lehan.
Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.
Password Security Review Your password is the last line of defense. Keep your data safe with good password practices. Mikio Olin Kevin Matteson.
1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc.
Authentication What you know? What you have? What you are?
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
Privilege Management Chapter 22.
Computer Security: Principles and Practice
Operating Systems Concepts 1/e Ruth Watson Chapter 9 Chapter 9 Accounts and Groups Ruth Watson.
Networking Network Classification, by there: 3 Security And Communications software.
11 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION Chapter 6.
Chapter 14: Controlling and Monitoring Access. Comparing Access Control Models Comparing permissions, rights, and privileges Understanding authorization.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
CSE 4482, Fall 2009, D Chan Session 1 – Introduction to Information Security.
SECURITY Prepared By: Dr. Vipul Vekariya.. 2 S ECURITY Secure system will control, through use of specific futures, access to information that only properly.
Question 1 Of the following choices, what type of control is least privilege? A. Corrective B. Detective C. Preventative D. Technical.
1. Password Guidelines 2 Weak Passwords Easy to guess Less than 8 characters long Not Complex  mix of upper and lower, numeric and special characters.
Identity and Access Management
Access Control Model SAM-5.
Chapter One: Mastering the Basics of Security
SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
Configuring Windows Firewall with Advanced Security
Chapter 5 : Designing Windows Server-Level Security Processes
Networking and Health Information Exchange
WELCOME.
CompTIA Security+ Study Guide (SY0-401)
Role-Based Access Control (RBAC)
Managing User Security
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Instructor Materials Chapter 4: The Art of Confidentiality
Session 1 – Introduction to Information Security
Presentation transcript:

Networking and Health Information Exchange Unit 9b Privacy, Confidentiality, and Security Issues and Standards

Access Control Who or what is allowed access to a particular resource and what level of access are they allowed Terminology –Identification –Authentication –Authorization Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

Access Control Best Practices Separation of duties –Require more than 1 person to perform an action Least privilege –Only give user the access they need Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

Access Control Models Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role Based Access Control (RBAC) Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

Access Control Types Logical –Access to data files, programs and networks Access Control Lists (ACLs) Account Restrictions Passwords Physical –Access to physical locations Locks Badges Mantraps Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

ACLs An ACL is a list that is associated with file, directory or object that lists who has access to it and what access they have. Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

Account Restrictions Account expiration Time of day Login location Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

Passwords Combination of letters, numbers and special characters Recommend upper and lower case characters The more characters the better Should be changed frequently Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

Password Should Never Should never be written down Should never be a word in a dictionary, words spelled backwards, common misspellings, and abbreviations (English or other languages) Should never substitute letters with numbers Should never contain personal information –Social engineering Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

One-time Passwords (OTP) Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

Physical Access Control Location Doors Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall Key in knob DeadboltCipher lockRFID

Physical Access Continued Video surveillance Access log Mantrap Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

Biometrics Fingerprints Faces Hands Irises/Retinas Behavioral –Keystroke –Voice Cognitive Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

Authentication Practices Layering Multi-factor Single Sign-On (SSO) Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

Virtual Private Networks (VPNs) Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

Security Policies A collection of policies that lay out specific rules and requirements that must be followed in order to provide a secure e nvironment. Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.