In Support of Security Standards Randy Robertson.

Slides:

Advertisements

Similar presentations

Bill Roettger Feature Updates for HCV-ID. Overview For Patients Collect: - Patient Information - Insurance Cards - Acceptance of Data Privacy Policy -

Advertisements

Confidentiality and HIPAA

HIPAA Vendor Conference Greg Moody Executive Assistant for Health and Human Services Office of Ohio Governor Bob Taft.

EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.

ATTENTION This presentation breaks down the purchasing process into 6 steps, which are then detailed in the subsequent slides. While responding from either.

Changing Global Environment

Information Systems Security Information Security & Risk Management.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

Database Administration

Copyright 2004 Prentice Hall

QinetiQ Proprietary AN ISO standard for high integrity software.

Chapter 19 OPERATIONS AND VALUE CHAIN MANAGEMENT © 2003 Pearson Education Canada Inc.19.1.

7 Questions You Must Ask When Buying an LMS Gavin Woods

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Industry agreements for consumer’s benefit: the Spanish case 1 María Aránzazu del Valle Schaan General Secretary Spanish Private Insurers’ Association.

OLDER WORKERS AND REGIONAL EMPLOYMENT POLICY Dr.Elizabeth Mestheneos 50+Hellas AGE Platform.

A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

The Ohio Health Insurance Exchange Exchange Presentation Audio/Visual.

Managing Procurement and Sourcing Getting What You Need.

NGAC Interagency Data Sharing and Collaboration Spotlight Session: Best Practices and Lessons Learned Robert F. Austin, PhD, GISP Washington, DC March.

SB19 Study Committee. Montana State Fund is committed to the health and economic prosperity of Montana through superior service, leadership and caring.

BEINFORMED Knowledge-centric business process platform for proposal development, project management, collaborative knowledge work, and knowledge-driven.

Mike Hager Enterprise Security Advisor Unisys Corporation It’s All About The Data.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.

State Insurance Trade Association Conference Third-Party Financing Lawsuit Lending.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,

THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.

Security Architecture

A Strategy for Securing Sustainable Future Care and Productivity Potentials in an Ageing Society A European Comparison Annette Franke Goethe.

This project is funded by the European Union. TACSO Regional Office Potoklinica Sarajevo t: f:

Enterprise Security for Microsoft Dynamics GP Jeff Soelberg

ChoicePoint Problem Definition Authors Dionne Hill Sungkuk Ji Scott Schomaker.

Gerald DeHondt II Dr. Marvin Troutt Department of Management and Information Systems Kent State University.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

American Government Bureaucracy. Questions for Today Why so much bureaucracy? Why are bureaucracies so bureaucratic?

P A R T P A R T Corporations History & Nature of Corporations Organizational and Financial Structure of Corporations Management of Corporations 10 McGraw-Hill/Irwin.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

10/29/2000 Internet2 Health Sciences Security Working Group Planning Jere Retzer,

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Week 7 Lecture Part 2 Introduction to Database Administration Samuel S. ConnSamuel S. Conn, Asst Professor.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Information System Analysis & Design on Pediatrics Office Presented by Team #5 Jie-Soo Hong Youngjoon Kim Rinardi Yu Wu.

Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur

Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.

CLOUD VIRTUALIZATION MLArchiver for vCloud Air Archiving | eDiscovery | Records Management | Analytics Stephen Catanzano August.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

CLOUD VIRTUALIZATION MLArchiver for vCloud Air Archiving | eDiscovery | Records Management | Analytics Stephen Catanzano August.

Enron Corp. Disaster Recovery/Business Continuity Options June, 2000.

CMA Data Classification: Public تجارب ناجحه في الحوكمة تقديم : حامد بن سلطان البوسعيدي المدير التنفيذي.

Gavin Booth FCILT Chairman, Bus Users UK EU rules on the right of passengers: consumers’ view.

New A.M. Best Cyber Questionnaire

Porter’s Competitive Forces

Health Insurance Portability and Accountability Act HIPAA 101

Electronic Health Records (EHR)

Comments on 18 mitigations proposed by OICA(TFCS-06-11)

Fiduciary Liability Insurance Market Update April 28, 2004

Can Cyber Insurance Stand in the Data Breach

Responding to Intrusions

I have many checklists: how do I get started with cyber security?

الباب الثاني الأنواع المختلفة للشركات

Nordic Perspective on SS7

Overview of the GMUS-2 work plan UN FAO, Rome, Italy February 21-23, 2012 Daniel Kunkel.

In House or Cloud Based ERP Implementation

Windows 10 Enterprise subscriptions in CSP – Messaging Summary

Chapter 1: Information Security Fundamentals

How to upgrade your RSFORM!PRO forms for GDPR compliance

Operational KPI Framework Update for CoMC

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Presentation transcript:

In Support of Security Standards Randy Robertson

Data Security Many companies use data for critical functions Many companies use data for critical functions Data often private or confidential Data often private or confidential Highest organizational priority is to keep data from corruption or unauthorized access Highest organizational priority is to keep data from corruption or unauthorized access Most use Database Management Systems to manage and secure data Most use Database Management Systems to manage and secure data

Problems Treatment of Data Treatment of Data Types of Data Types of Data Different Organizations Different Organizations Difficult to work with other companies Difficult to work with other companies HIPAA legislation – just the beginning? HIPAA legislation – just the beginning?

Problems Many organizations have several options when designing or updating their database system. Many organizations have several options when designing or updating their database system. Each has different options and configurations Each has different options and configurations Difficult to select the right system Difficult to select the right system

Research Iachello (2003) Iachello (2003) Argues for adding data protection standards Argues for adding data protection standards EU more strict regarding data then U.S. EU more strict regarding data then U.S. Points raised Points raised Regulations changing among different nations Regulations changing among different nations Confusion regarding 3 areas of data Confusion regarding 3 areas of data Legislation Legislation Technology Technology Process Design Process Design

Research Vieira (2005) Vieira (2005) Not all data is considered critical Not all data is considered critical DBMS classification DBMS classification Security Class Level Security Class Level Class 0 to Class 5 Class 0 to Class 5 Security Requirements Fulfillment Security Requirements Fulfillment Percentage rating from 0 to 100 Percentage rating from 0 to 100 Compares DBMS within the same class level Compares DBMS within the same class level

Solution Agree with both papers Agree with both papers Change in Vieira’s proposal Change in Vieira’s proposal Add measure for past history Add measure for past history Flaws and Vulnerabilities Flaws and Vulnerabilities

Solution Standards Body Standards Body Create a Security standard Create a Security standard Based on data levels Based on data levels Create a DBMS rating system Create a DBMS rating system Ability to merge with Security Standard Ability to merge with Security Standard Organization Organization Review Standards to classify data used Review Standards to classify data used Select DBMS to meet the needs Select DBMS to meet the needs

Solution Security Standards Benefits Security Standards Benefits Liability insurance could be easier and cheaper to purchase if standards are followed Liability insurance could be easier and cheaper to purchase if standards are followed Following standards may show due diligence of the organization if they have litigation due to a security breach Following standards may show due diligence of the organization if they have litigation due to a security breach

Solution DBMS Standards Benefits DBMS Standards Benefits Allow organizations the ability to identify and adapt security needs quickly. Allow organizations the ability to identify and adapt security needs quickly. Can help companies do business in other countries Can help companies do business in other countries Can also satisfy requirements when working with vendors or alliance partners. Can also satisfy requirements when working with vendors or alliance partners.

Solution Possible drawbacks Possible drawbacks Companies could be forced to update system and change DBMS Companies could be forced to update system and change DBMS Costs incurred from upgrade Costs incurred from upgrade Possible attacks if not secure Possible attacks if not secure DBMS would probably not support solution DBMS would probably not support solution Highlight flaws and vulnerabilities Highlight flaws and vulnerabilities

Questions?