Presentation is loading. Please wait.

Presentation is loading. Please wait.

Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.

Published byToby Nash Modified over 9 years ago

Similar presentations

Presentation on theme: "Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed."— Presentation transcript:

1 Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed by Duke University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC000024.

2 Unit 9-2 Objectives Define access control methods Analyze access restrictions to data storage and retrieval (physical and software) Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 2

3 Access Control Who or what is allowed access to a particular resource and what level of access are they allowed Terminology –Identification –Authentication –Authorization Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 3

4 Access Control Best Practices Separation of duties –Require more than 1 person to perform an action Least privilege –Only give user the access needed Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 4

5 Access Control Models Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role Based Access Control (RBAC) Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 5

6 Access Control Types Logical –Access to data files, programs and networks Access Control Lists (ACLs) Account Restrictions Passwords Physical –Access to physical locations Locks Badges Mantraps Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 6

7 Access Control List (ACL) An ACL is a list that is associated with file, directory or object that lists who has access to it and what access they have. Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 7

8 Account Restrictions Account expiration Time of day Login location Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 8

9 Passwords Combination of letters, numbers and special characters Recommend upper and lower case characters The more characters the better Should be changed frequently Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 9

10 Passwords Should Never Be default passwords Should never be written down Should never be a word in a dictionary, words spelled backwards, common misspellings, and abbreviations (English or other languages) Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 10

11 Passwords Should Never (Continued) Substitute letters with numbers Be used for more than one account Contain personal information –Social engineering Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 11

12 One-time Passwords (OTP) Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 12

13 Physical Access Control Location Doors Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 13 Key-in-knob DeadboltCipher lockRFID

14 Physical Access Continued Video surveillance Access log Mantrap Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 14

15 Biometrics Fingerprints Faces Hands Irises/Retinas Behavioral –Keystroke –Voice Cognitive Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 15

16 Authentication Practices Layering Multi-factor Single Sign-On (SSO) Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 16

17 Virtual Private Networks (VPNs) Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 17

18 Security Policies A collection of policies that lay out specific rules and requirements that must be followed in order to provide a secure e nvironment. Component 9/Unit 9-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 18

Download ppt "Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed."

Similar presentations

Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies

Access Control Methodologies
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013.

Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
.  Access Control Models  Authentication Models  Logging Procedures  Conducting Security Audits  Redundancy Planning  Disaster Recovery Procedures.

.  Access Control Models  Authentication Models  Logging Procedures  Conducting Security Audits  Redundancy Planning  Disaster Recovery Procedures.
Page 1 CITS Active Directory Implementation UMass Dartmouth.

Page 1 CITS Active Directory Implementation UMass Dartmouth.
I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.

I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.
Li Xiong CS573 Data Privacy and Security Access Control.

Li Xiong CS573 Data Privacy and Security Access Control.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
FORESEC Academy FORESEC Academy Security Essentials (II)

FORESEC Academy FORESEC Academy Security Essentials (II)
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,

Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.

Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.
Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,

Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.

Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.

Similar presentations

Ads by Google