Encryption as a Preventive Countermeasure Sean Maher, Information Security Coordinator.

Slides:

Advertisements

Similar presentations

Laptop Security in the current IT world W3 group.

Advertisements

Encryption Jack Roberts, PPD, RAL, STFC. Why? Government reaction to high profile data losses. STFC General Notices 30 th January, 1 st February 2008.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Online Assessment Update 1. NCTest Web application for online testing built using Google Web Toolkit Technology enhanced (drag/drop), constructed response.

Online Examination System CLASS MARKER University of Pune Helios Cloud Services.

What’s new in this release? September 6, Milestone Systems Confidential Milestone’s September release 2012 XProtect ® Web Client 1 Connect instantly.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

IPads Everywhere! Management Considerations for the Enterprise Bill Morrison Director of Technology, Rapides Parish School District

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Steps to Compliance: Bring Your Own Device PRESENTED BY.

Portable encryption technologies at Sandia Jeremy Baca Cyber Security Technologies Department Sandia National Labs Sandia is a multiprogram laboratory.

Information Security Awareness:

Nevada Digital Summit David Podwojski Director, Public Sector Citrix Systems, Inc.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.

Introducing TakeCharge SyncedTool The most secure, agile hosted file-sharing platform for business.

Secure Private Cloud Storage for Business. The Market Trend File Sharing Any Device Any Where Public clouds are good enough to personal users but security.

10 Essential Security Measures PA Turnpike Commission.

Chapter 3 Storage Prepared by: Mrs. Hanan AL- Asmari 1.

ENCRYPTION Coffee Hour for August HISTORY OF ENCRYPTION Scytale Ciphers – paper wrapped around rod, receiver needed same size rod to get the message.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

SHARESYNCPage 1 of 2 ShareSync is a business-grade file sync and share service Sync files across devices Share files and folders easily and securely Business-grade.

Mass Storage Media Locking By Curtis E. Stevens WD.

New Data Regulation Law 201 CMR TJX Video.

1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

1.1 System Performance Security Module 1 Version 5.

Introducing Windows Vista Lesson 1. Skills Matrix Technology SkillObjective DomainObjective # Understanding Windows Vista System Requirements Identify.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

BRING YOUR OWN DEVICE. BYOD AND THE IMPACT ON IT SECURITY BYOD and pressure employees put on IT organization to supply or allow consumer mobility devices.

Security considerations for mobile devices in GoRTT

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Eng.Abed Al Ghani H. Abu Jabal Introduction to computers.

Mobile Device Management Overview Information Security Office.

SPH Information Security Update September 10, 2010.

Computer Literacy for IC 3 Unit 1: Computing Fundamentals © 2010 Pearson Education, Inc. | Publishing as Prentice Hall.1 Chapter 5: Identifying Operating.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

Keyboard Computer Mouse Input devices is the information you put into the computer.

Introduction TO Network Administration

© 2013 Toshiba Corporation B2B PC Training Mailer - Toshiba Device Access Control.

I NTRODUCTION TO N ETWORK A DMINISTRATION. W HAT IS A N ETWORK ? A network is a group of computers connected to each other to share information. Networks.

Virtual Machines Module 2. Objectives Define virtual machine Define common terminology Identify advantages and disadvantages Determine what software is.

ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.

BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.

Common sense solutions to data privacy observed by each employee is the crucial first step toward data security Data Privacy/Data Security Contact IRT.

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

Introducing Windows Vista Lesson 1. Skills Matrix Technology SkillObjective DomainObjective # Understanding Windows Vista System Requirements Identify.

Service Point 5 ReportWriter How to run reports in ReportWriter.

Data-Tech Guardian Endpoint Security Suite. Guardian Endpoint Security Suite secures All Things Mobile TM from one management console.

Submitted By: Tarun Tyagi Website- - Enable USB Debugging.

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.

Protecting PHI & PII 12/30/2017 6:45 AM

ITwin iTwin Presented by: G.Vyshnavi 14A81A0572 CSE-B.

Proposed Information Security Policy Changes

Service Point 5 ReportWriter

Service Point 5 ReportWriter

Sales Presenter Secure Pro USB 3.0 Drive

Encryption The Good kind of obscurity

Red Flags Rule An Introduction County College of Morris

Back Up and Recovery Sue Kayton October 2015.

Introduction to the PACS Security

Presentation transcript:

Encryption as a Preventive Countermeasure Sean Maher, Information Security Coordinator

Average total cost of a data breach:  $202 per record  $197 per record  $182 per record  Breaches occurring in the healthcare industry cost $282 on average.  Breaches involving a third-party are $52 higher than internal breaches. The Cost of a Data Breach

The Causes of a Data Breach

 Laptops are the leading cause of data breaches, accounting for 35%.  In 2008, there were 18,650 employees and 16,149 students at UAB.  An estimated 20% of employees have a laptop available to them. Phase 1: Laptops

 September 2007 – The campus PGP server was built. Only one installer was available (32-bit Windows XP & Vista).  October 2008 – The Mac PGP client was released.  March 2009 – A presidential letter was released mandating the encryption of portable devices.  Winter 2009 – A boot camp compatible Mac, Ubuntu and Red Hat versions are set for release. Phase 1: Timeline

 Campus PGP: 2711  2482 Windows PCs  229 Macs  HSIS PGP: 600  SOPH PGP: 350 Phase 1 Status

What’s Next?

 Smart Phones  Blackberry  Palm  Windows Mobile  PDAs  Portable storage devices  External hard drives  USB thumb drives  Portable media players Data Bearing Devices

Smart Phones and PDAs  Nearly half of all cell phones discarded contained personal information, and 20% contained identifiable information.  Few users enable security features such as passwords and device locks.  When a device is lost or stolen, many users do not have the ability to remotely disable or wipe the device. The Risk of Data Bearing Devices

Portable Storage Devices  Portable storage has become so common that many people own multiple devices.  The storage capacity of many portable devices has now matched the capacity of internal hard drives.  The act of using a portable device to illicitly download confidential data has been termed “pod slurping”. The Risk of Data Bearing Devices

 Use of portable devices  Workforce members shall not use personally owned portable devices for work-related purposes unless such use is specifically approved by senior management. If use of a personal portable device is approved by senior management, then the device must comply with all applicable policies and standards and must be made available to UAB/UABHS for routine or special analyses. In addition, the device must be set-up in English.  Portable devices storing locally within the device (such as PDAs) shall have mechanisms that encrypt the stored on the device, encryption of the during transport and the ability to erase the device after a number of failed login attempts.  Portable devices such as PDAs, cell phones and portable storage that support the clearing of memory/storage after a number of failed login attempts shall erase their contents after a minimum of 5 failed login attempts. Phase 2: Data Bearing Devices