Presentation is loading. Please wait.

Presentation is loading. Please wait.

Networking and Health Information Exchange Unit 9b Privacy, Confidentiality, and Security Issues and Standards.

Published byVirgil Pope Modified over 9 years ago

Similar presentations

Presentation on theme: "Networking and Health Information Exchange Unit 9b Privacy, Confidentiality, and Security Issues and Standards."— Presentation transcript:

1 Networking and Health Information Exchange Unit 9b Privacy, Confidentiality, and Security Issues and Standards

2 Access Control Who or what is allowed access to a particular resource and what level of access are they allowed Terminology –Identification –Authentication –Authorization Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 2

3 Access Control Best Practices Separation of duties –Require more than 1 person to perform an action Least privilege –Only give user the access they need Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 3

4 Access Control Models Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role Based Access Control (RBAC) Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 4

5 Access Control Types Logical –Access to data files, programs and networks Access Control Lists (ACLs) Account Restrictions Passwords Physical –Access to physical locations Locks Badges Mantraps Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 5

6 ACLs An ACL is a list that is associated with file, directory or object that lists who has access to it and what access they have. Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 6

7 Account Restrictions Account expiration Time of day Login location Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 7

8 Passwords Combination of letters, numbers and special characters Recommend upper and lower case characters The more characters the better Should be changed frequently Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 8

9 Password Should Never Should never be written down Should never be a word in a dictionary, words spelled backwards, common misspellings, and abbreviations (English or other languages) Should never substitute letters with numbers Should never contain personal information –Social engineering Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 9

10 One-time Passwords (OTP) Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 10

11 Physical Access Control Location Doors Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 11 Key in knob DeadboltCipher lockRFID

12 Physical Access Continued Video surveillance Access log Mantrap Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 12

13 Biometrics Fingerprints Faces Hands Irises/Retinas Behavioral –Keystroke –Voice Cognitive Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 13

14 Authentication Practices Layering Multi-factor Single Sign-On (SSO) Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 14

15 Virtual Private Networks (VPNs) Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 15

16 Security Policies A collection of policies that lay out specific rules and requirements that must be followed in order to provide a secure e nvironment. Component 9/Unit 9b Health IT Workforce Curriculum Version 1.0 Fall 2010 16

Download ppt "Networking and Health Information Exchange Unit 9b Privacy, Confidentiality, and Security Issues and Standards."

Similar presentations

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies

Access Control Methodologies
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013.

Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
.  Access Control Models  Authentication Models  Logging Procedures  Conducting Security Audits  Redundancy Planning  Disaster Recovery Procedures.

.  Access Control Models  Authentication Models  Logging Procedures  Conducting Security Audits  Redundancy Planning  Disaster Recovery Procedures.
I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.

I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.
Li Xiong CS573 Data Privacy and Security Access Control.

Li Xiong CS573 Data Privacy and Security Access Control.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
FORESEC Academy FORESEC Academy Security Essentials (II)

FORESEC Academy FORESEC Academy Security Essentials (II)
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.
Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.

Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.

Similar presentations

Ads by Google