Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Published byAmberly Gardner Modified over 8 years ago

Similar presentations

Presentation on theme: "Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner."— Presentation transcript:

1

2 Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner

3  Mark Gaynor, PhD – Saint Louis University School of Public Health, St. Louis, MO Associate Professor, Department of Health Management and Policy  Feliciano Yu, M.D. – Washington University School of Medicine, St. Louis, MO CMIO of Barnes Children’s Hospital and Assistant Professor at Washington University School of Medicine  Bryan Duepner, MHA – Saint Louis University School of Public Health, St. Louis, MO Graduate Research Assistant

4  Security Management Reasons What are management models? ISO Model Maintenance Model  Conclusion Importance of security management

5  Avoid overconfidence after implementation of improved information security procedures  Organizational changes: New assets acquired New vulnerabilities emerge Business priorities and strategic goals shift Partnerships change Organizational divestiture and acquisition Employee hire and turnover

6  Security is an ongoing task that never finishes  Security must be a way of thinking, not an afterthought  Security management Cycle Testing current security procedures Identifying the weaknesses, Improving the system, Restart the cycle  Security systems must evolve More expensive to reengineer information security profile than evolve it

7  Basic question: How can the need for information and the need to protect privacy be balanced?  Strict authorization control Credentials to access information  Audit and accountability Audit all access to all patient information Hold people accountable for unauthorized access

8  Management model must be supported by top management to promote adoption and smooth operation of ongoing security program

9  Effective security systems are layered  Layered home security system Locked door Alarm system Big dog Safe Only as good as weakest link Firewall to prevent outside access http://www.homesecuritysystem.com/home-security-solutions Large Pet Door

10  Layered computer security All systems have strong passwords All applications have strong passwords All system are in secure locations Firewall to prevent outside access

11  Five areas of ISO model transformed into five areas of security management: Fault management Configuration and change management Accounting and auditing management Performance management Security program management

12  Identifying, tracking, diagnosing, and resolving faults in system  Vulnerability assessment with simulation and penetration testing simulated attacks exploiting documented vulnerabilities Real testing for undocumented vulnerabilities  Tracking and resolving user complaints  Train help desk personnel to recognize security problem and how to report them

13  Administration of the configuration of security program components  Administration of changes in strategy, operation, or components  Nontechnical changes: Impact procedures and people  Technical changes: Technology implemented to support security efforts in the hardware, software, and data components

14  Information system auditing is used to monitor use of particular component of a system  Reviewing use of a system, not to check performance, but to determine misuse or malfeasance; automated tools can assist  Look for abnormal access Sequential access to patient records in a large hospital is one possible abnormal access pattern

15  Important to monitor performance of security systems and underlying IT infrastructure to determine if they are working effectively  Common metrics are applicable in security, especially when components being managed are associated with network traffic  Need baselines to establish performance of security system

16  Designed to focus organizational effort on maintaining systems  Five areas recommended for maintenance model: External monitoring Internal monitoring Planning and risk assessment Vulnerability assessment and remediation Readiness and review

17  University Information Security Office provides the following security services to xyz School of Medicine Will be the central Information Security Office for the School of Medicine Create, maintain, review and communicate information security policies, guidelines and procedures Review, document, approve and track exceptions to those policies, guidelines and procedures Track and communicate legal and regulatory legislation that will impact the University Work with business units to develop Business Continuity plans for the School of Medicine Track compliance efforts

18 Develop and present training and awareness materials Implement security controls to monitor and protect the network from attacks or disclosures Communicate with departments through security liaisons changes in policy, controls or requirements Track reported incidents and their resolutions Conduct Risk Assessments of new or modified processes or configurations Work with departments to help them develop secure operating procedures Serve as an intermediary to the departments during external audits

19  Comprehensive view  Aggregates logs and events from all network devices, security systems, and applications  Events happen and may create an incident

20

21  Importance of Security Management Necessary for protection of assets Models used to provide a framework for security decisions within the organization Different models can be used at different times, or simultaneously, for different purposes  Security is more a management problem than a technical problem

Download ppt "Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Information Security Maintenance

Information Security Maintenance
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Learning Objectives Upon completion of this material, you should be able to:

Learning Objectives Upon completion of this material, you should be able to:
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Similar presentations

Ads by Google