1. SECURITY & THE UNIVERSITY INCLUDING A HOSPITAL October 3, 2008 Doyle Friskney Chief Technology Officer University of Kentucky

2. Research University 27,000 students 14,000 faculty and staff Land-grant university Healthcare w/ hospital & clinics Constitutes Office Residents Hospital Service industry

3. Doyle Friskney Chief Technology Officer University of Kentucky  Medical Center faculty: about 1,000  Medical Center staff: 6,000+  UK A.B. Chandler Hospital attending physicians: 630  UK A.B. Chandler Hospital residents: about 500  UK A. B. Chandler Hospital and Kentucky Children’s Hospital (2006) discharges:24,760  UK A. B. Chandler Hospital Emergency Department (2006) visits: 44,646  UK A. B. Chandler Hospital (2006) outpatient visits:275,608  All Kentucky Clinic (2006) visits: 1,082,334

4. Doyle Friskney Chief Technology Officer University of Kentucky University Security Model  Best practices & policy  Perimeter firewalls w/ Authentication & Authorization  FERPA Issues  The library influence  Mobility – access changes everything Hospital & Clinics Security Model  Best practices & policy  Perimeter firewalls w/ Authentication & Authorization  HIPAA Issues and patients wanting to stay in touch  Student & the protected medical environment  Mobility, remote locations, influence of the private practice

5. Doyle Friskney Chief Technology Officer University of Kentucky Status of the Healthcare Communities According to analysts at a leading IT research and advisory company, "By 2011, early technology adopters will forgo capital expenditures and instead purchase 40 percent of their IT infrastructure as a service. Increased high-speed bandwidth makes it practical to locate infrastructure at other sites and still receive the same response times. Enterprises believe that as service- oriented architecture (SOA) becomes common, 'cloud computing' will take off, thus untying applications from specific infrastructure."  Academic environment  Demands high for all collaboration tools  Faculty Issues  Student Issues  Facebook  Blackboard & Student Systems  Directories & federation  e-mail & text  Research Issues  Openness  UK Healthcare environment  Patient rights & wishes  PHI & e-mail  Struggle of academic role & physician responsibilities  Desktops, patient rooms & the Patient Record  Demands of HIPAA & patient freedoms (mobility)  Layer’s of security  Firewalls  Data Center (data repository)  Desktops (degree of controls)  Authentication & Authorization issues  Remote Access  NAT is good  Audit trails  Business partners (physicians, clinics & hospitals)

6. Doyle Friskney Chief Technology Officer University of Kentucky  Infrastructure  10 Gig to Kentucky Regional Optical Network  Gigabit connection to Internet 2  900+ Megabit connection to Internet 1  10 Gig campus backbone  Video  Polycom e-health video teleconferencing sites  TANDBERG Codian video bridges  Desktop solutions (Microsoft, IBM & Polycom)  Desktops  80% Windows & 20% Apple  Security  Cisco Firewall’s & VPN  Microsoft Active Directory ( & LDAP)  IronPort (PHI)  Regular Scanning & Log Logic

7. Doyle Friskney Chief Technology Officer University of Kentucky Hospital at a University 1. 1 st firewall stops bad stuff 2. 23,000 students & 10,000 faculty and staff next 3. 2 ed firewall protects medical center 4. 3000 students & 6000 faculty and staff 5. Wireless everywhere 6. WiFi, WiMax & Why 7. Referring physicians & adjunct faculty 8. All the outsource contracts 9. HIPAA still counts firewalls IDS/IPS VPN/MPLS DMZ of sorts Access Issues AntiVirus Vulnerability testing

8. Doyle Friskney Chief Technology Officer University of Kentucky

9. Govern How should security professionals manage an effective security governance framework, align with operational and enterprise risk management, manage the delegation of authority and manage security budgets Plan How should security professionals create an appropriate organization, and develop a long-term vision and plan for the security program. Build How should security professionals negotiate security policies, develop a security architecture and improve process maturity? Run How should security professionals ensure identity and access management, control security threats, manage vulnerability effects, direct forensics, manage incident response, conduct security engineering, conduct risk and control assessments, and manage awareness communications?

10. Doyle Friskney Chief Technology Officer University of Kentucky University Communities will be able to interact at anytime with anyone having the support of all online resources.

11. Doyle Friskney Chief Technology Officer University of Kentucky  Cloud based influences  Google & Microsoft services  Amazon, IBM Blue Cloud & others  Healthcare Vendor Solutions  iPhone & others  Voice Services  From hardware to software  Centralized (to) Departmental  Infrastructure  Directory Federation  Presence  Security appliances

12. Doyle Friskney Chief Technology Officer University of Kentucky Integration of all collaboration tools With emphasis on directory federation Robust Mobility platform iPhone (1 st ) & Microsoft Mobile (2 ed ) Transparent access to information With improved security Emphasis on changing service model

13. Doyle Friskney Chief Technology Officer University of Kentucky Why & Who Physicians, Clinics, Hospitals & outsource agreements Remote Requirements Patient care Network & Computing Role of Microsoft in Communications Strategic Partners local Interfaces & content resources Integration of on campus resources & remote hosting Common interface for mobility Transition Computing Servers Software Virtualization

14. Doyle Friskney Chief Technology Officer University of Kentucky

15. Embrace Change Influences Understand the influence of governance & networks in security issues Weave emerging technologies with proven university pedagogy Manage content & security (anywhere any time) Camps and Clouds Ensure openness within the bounds of patient & student rights Enjoy Success FUTURE