Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSF Roadmap 2015 and Beyond Presented By Bryan S. Cline, Ph.D.

Published byValentine Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "CSF Roadmap 2015 and Beyond Presented By Bryan S. Cline, Ph.D."— Presentation transcript:

1 CSF Roadmap 2015 and Beyond Presented By Bryan S. Cline, Ph.D.
Presented For HITRUST

2 Introduction Information Security Implementation Manual
Compliance Reporting System U.S. Healthcare Industry Implementation Standards Control Objectives Primary Ref: ISO/IEC 27002:2005 & ISO/IEC 27001:2005 Self Assessment Process Certification Process Standards and Regulations Cross Reference Matrix Standards and Materials Leveraged HIPAA/HITECH HITRUST member experience NIST 800 Series CMS The Joint Commission Others FTC Red Flags Mass. 201 CMR 17.00

3 Outline

4 NIST-CMS Harmonization (Publication Updates)
2014 CSF v6 NIST SP r4 (Apr 2013 FPD) CMS IS ARS v1.5 (2012) NIST-CMS Harmonization (Publication Updates) Title 1 TX Admin. Code (TX Standards), Privacy requirements to support TX certification of the HIPAA Privacy Rule Dozens of other federal and state legislation and regulations related to the protection of health information

5 NIST Cybersecurity Framework v1 (2014)
Something new – 2014 CSF v6.1 PCI-DSS v3.0 (2013) HIPAA Omnibus Rule (2013) ISO/IEC 27001:2013 (2013) ISO/IEC 27002:2013 (2013) NIST Cybersecurity Framework v1 (2014)

6 Minimum Acceptable Risk Safeguards–Exchanges (MARS-E) (2012)
Something new – 2014 CSF v6.2 Minimum Acceptable Risk Safeguards–Exchanges (MARS-E) (2012) Catalog of Minimum Acceptable Risk Controls for Exchanges v1 (2012) Includes references to IRS Pub 1075 requirements for FTI, which also supports TX Covered Entity Privacy & Security Certification requirements NIST HSR Toolkit v1 (2011) Unknown if NIST plans to update the tool OCR Audit Protocol v2 (2014) When released May also impact CSF Assurance Program

7 Considering COBIT 5, but …
2015 CSF v7 and beyond … Considering COBIT 5, but …

8 See you in 2015!

9 Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP
HITRUST Advisor

Download ppt "CSF Roadmap 2015 and Beyond Presented By Bryan S. Cline, Ph.D."

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
Entities Covered by HIPAA Privacy Rule George Mason University College of Nursing and Health Science Regulatory Requirements for Health Systems Summer.

Entities Covered by HIPAA Privacy Rule George Mason University College of Nursing and Health Science Regulatory Requirements for Health Systems Summer.
Www.lbmc.com HITRUST, HIPAA, & HITECH TURNING COMPLIANCE INTO COMPETITIVE ADVANTAGE Mark Fulford, Partner Thomas Lewis, Partner LBMC Risk Services.

HITRUST, HIPAA, & HITECH TURNING COMPLIANCE INTO COMPETITIVE ADVANTAGE Mark Fulford, Partner Thomas Lewis, Partner LBMC Risk Services.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Culture of Compliance HIPAA Privacy & Security Compliance Office.

Culture of Compliance HIPAA Privacy & Security Compliance Office.
CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.

CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.
200 International Dr., Buffalo, NY 14221-5794 (716) 634-8800 Lifting the Fog to See the Cloud Information Security.

200 International Dr., Buffalo, NY (716) Lifting the Fog to See the Cloud Information Security.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,

Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
PII / IDENTITY THEFT Is Your University an Open Market for ID Thieves? TACUA 2011 Carol Rapps CIA, CISA, CCSA, GLIT 210-458-4679.

PII / IDENTITY THEFT Is Your University an Open Market for ID Thieves? TACUA 2011 Carol Rapps CIA, CISA, CCSA, GLIT
Security Controls – What Works

Security Controls – What Works
1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”

1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”
POP QUIZ!!! Can fraud be accidental? What do you call organizations who must abide HIPAA regulations? What does ‘minimum standard necessary’ mean?

POP QUIZ!!! Can fraud be accidental? What do you call organizations who must abide HIPAA regulations? What does ‘minimum standard necessary’ mean?
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Copyright Security-Assessment.com 2004 Security Governance and Regulatory Controls by Peter Benson.

Copyright Security-Assessment.com 2004 Security Governance and Regulatory Controls by Peter Benson.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Privacy and Security Tiger Team Meeting Recommendations regarding a framework of security protections for EHRs December 7, 2011.

Privacy and Security Tiger Team Meeting Recommendations regarding a framework of security protections for EHRs December 7, 2011.
A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.

A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.
Information Security Framework & Standards

Information Security Framework & Standards
Privacy and Security Tiger Team Subgroup Discussion: MU3 RFC July 29, 2013.

Privacy and Security Tiger Team Subgroup Discussion: MU3 RFC July 29, 2013.

Similar presentations

Ads by Google