Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170.

Published byHeather Reed Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170."— Presentation transcript:

1 © 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170 703-871-3973 A Privacy / Security Presentation For HealthTechNet July 21, 2006 Maria C. Horton, CISSP-ISSMP, IAM

2 © 2006 EmeSec HealthTechNet About EmeSec (pronounced em-ēē-sek) 8(a), Service Disabled Veteran, Woman Owned Business –Founded April 2003 EmeSec specializes e-Security solutions IT policy and planning, Continuity of Operations, Incident Response, and Regulatory Compliance

3 © 2006 EmeSec HealthTechNet Security in Large Organizations Source: Meta Group, 2004 1-2 yr phase

4 © 2006 EmeSec HealthTechNet Data Protection Drivers –Government Regulatory –Commercial Revenue Privacy Management –Policy driven –Procedurally oriented Operational –Technically focused –Location based

5 © 2006 EmeSec HealthTechNet Common Security Issues Five Basic problem Areas –Inherent Security Defects –Misuse of Tools –Improper maintenance –Ineffective Security –Inadequate detection systems

6 © 2006 EmeSec HealthTechNet Threat Response Activities Annual Risk Assessment Perimeter protections –Changing: wireless / virtual worlds –Automated configuration management Access control –Role Based –Multi-factorial Authentication Specialized security training

7 © 2006 EmeSec HealthTechNet Managing Vulnerabilities Continuous Monitoring –Automated patching –Network and server functionality –Audit trail monitoring / alerts Trend analysis –Incident Response –Key Performance Indicators Up time Training Size does matter –Monitoring and response are required –Resources generally limited Money Personnel –Innovation Critical to success

8 © 2006 EmeSec HealthTechNet Contact Us: 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170 703.871.3973 www.emesec.net 8(a), Service Disabled Veteran, Woman-owned, Small Business

Download ppt "© 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170."

Similar presentations

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.

© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.

August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Similar presentations

Ads by Google