Data Breaches and Securing Healthcare Humans Kelli Tarala, Enclave Security
|
|
- Norma Walsh
- 8 years ago
- Views:
Transcription
1 Data Breaches and Securing Healthcare Humans Kelli Tarala, Enclave Security
2 Data Breaches and Securing Healthcare Humans Problem Statement Data breaches & disclosures are becoming more common PrivacyRights.org (updated weekly) Just a small sample (organization/records breached): Anthem CareFirst BlueCross BlueShield UMass Memorial Medical Group, Inc. Community Health Systems Children's National Medical Center Premera Blue Cross Alexian Brothers Medical Center
3 Data Breaches and Securing Healthcare Humans Healthcare Incidents Ponemon Fifth Annual Privacy and Security and of Healthcare Data Report
4 Data Breaches and Securing Healthcare Humans What are we worried about? Ponemon Fifth Annual Privacy and Security and of Healthcare Data Report
5 Data Breaches and Securing Healthcare Humans Incident: Improper Disposal Kentucky: Medical Records from Defunct Medical Office, June boxes filled with medical records containing patient information, SS Numbers, and credit card numbers stuffed in a dumpster at Rent-A-Space. Paperwork from a radiology office closed in the early 2000s.
6 Data Breaches and Securing Healthcare Humans Incident: Phishing Attack Indiana: Employees at Hospital system noticed irregularity, June 2015 Internal forensic team discovers breach Potentially 220,000 patients affected Employee boxes were accessed as far back as November 2013 PII stored in
7 Data Breaches and Securing Healthcare Humans Incident: Ransomware Employee receives from trusted source
8 Data Breaches and Securing Healthcare Humans Incident: Ransomware All medical images are encrypted until payment is made.
9 Data Breaches and Securing Healthcare Humans Whose job is it to protect data? Some say the responsibility is IT s alone Some say it is the responsibility of management / leadership Some say it is the responsibility of end users The answer is yes this is a partnership we all share together Defense in depth principles suggest that if one set of controls fails, that others will be there to fill the gap
10 Data Breaches and Securing Healthcare Humans Understanding the Why Therefore if we hope to protect our organization s valued information, we need to engage the help of the workforce Education is a crucial piece of this effort Healthcare workers need to understand: How data breaches effect the patients they care for The effects of breaches on their employer What they can do to help protect this information Assurance is more than simply a burden, it supports the mission
11 Understanding the Why Data Breaches and Securing Healthcare Humans
12 Hook, line, and sinker: A human factors investigation of phishing susceptibility Christopher B. Mayhorn, Ph.D. North Carolina State University Department of Psychology Chris_Mayhorn@ncsu.edu
13 Surveys Examples of Different Methodologies used to Study Phishing at NCSU Kelley, C. M., Hong, K. W., Mayhorn, C. B., & Murphy-Hill, E. (2012). Something smells phishy: Exploring definitions, consequences, and reactions to phishing. Proceedings of the Human Factors and Ergonomics Society 56th Annual Meeting. Santa Monica, CA: Human Factors and Ergonomics Society. Tembe, R., Zielinska, O., Liu, Y., Hong, K. W., Murphy-Hill, E., Mayhorn, C. B., & Ge, X. (2014). Phishing in international waters: exploring cross-cultural differences in phishing conceptualizations between Chinese, Indian, and American samples. Proceedings of HotSoS: Symposium and Bootcamp on the Science of Security. Raleigh, NC. Experiments Hong, K. W., Kelley, C. M., Mayhorn, C. B., & Murphy-Hill, E. (2013). Keeping up with the Joneses: Assessing phishing susceptibility in an task. Proceedings of the Human Factors and Ergonomics Society 57th Annual Meeting. Santa Monica, CA: Human Factors and Ergonomics Society. Zielinska, O., Tembe, R., Hong, K. W., Xe, G., Murphy-Hill, E. & Mayhorn, C. B. (2014). One Phish, Two Phish, How to Avoid the Internet Phish: Analysis of Training Strategies to Detect Phishing s. Proceedings of the Human Factors and Ergonomics Society 57th Annual Meeting. Santa Monica, CA: Human Factors and Ergonomics Society.
14 Kelley, C. M., Hong, K. W., Mayhorn, C. B., & Murphy-Hill, E. (2012). Something smells phishy: Exploring definitions, consequences, and reactions to phishing. Participants: 155 from M Turk Procedure: Results: Informed consent Demographics questionnaire Survey comprised of 28 questions on various aspects of phishing Computer usage & risk profile questionnaires Debriefing statement Almost all participants reported experiencing a phishing attempt with 22% of attempts successful. Phishers often pose as members of organizations rather than family members or friends and attacks typically occur via . Consequences of phishing attacks go beyond financial loss with many participants reporting social ramifications such as embarrassment and erosion of trust.
15 Phishers are getting creative...attacks are no longer obvious I applied for a part time job through Craigslist and had to do a credit check to successfully apply. I thought it was OK since lots of employers now do credit checks. I entered my social and lots of other information By next week I had several pings in my credit report of suspicious activity. Someone had taken out a credit card in my name and also tried to get a loan. I was scared, honestly, that someone could use my information in that way. I was also angry Phishing communications often sound too good to be true and include exciting or unbelievable offers. Phishing attacks often use a strong pitch, and attempt to elicit a feeling of urgency to get stuff done now, by using a limited time offer or high pressure tactics in an attempt to get victims to act quickly.
16 Who is most susceptible? Cognitive factors such as attentional vigilance to cues in the computing environment serve as a key component in avoiding phishing (Downs, Holbrook, & Cranor, 2006; Vishwanath et al., 2011). Users who fall prey to phishing tend to haphazardly rely on perceptual cues such as the layout of a webpage or on social cues such as whether or not the sender of an is known (Jagatic, Johnson, Jakobsson, & Menczer, 2007). Users try to ascertain the veracity of cues to determine whether they can trust the sender prior to making a security-related decision (Workman, 2008). Users may not be able to accurately identify trust seals such as Verisign and they have difficulty in discerning fake from real domain names (Wogalter & Mayhorn, 2008).
17 Tembe, R., Zielinska, O., Liu, Y., Hong, K. W., Murphy-Hill, E., Mayhorn, C. B., & Ge, X. (2014). Phishing in international waters: exploring crosscultural differences in phishing conceptualizations between Chinese, Indian, and American samples. Participants: 164 from U.S., India, China Recruiting was a mix of M Turk (U.S. & India) and Snowball sampling (China) Procedure: Similar to Previous Survey Study Results: Chronological age and education used as covariates to isolate the effects of these factors. Instances of phishing success varied by nationality with 9% of Chinese, 14% of U.S., and 31% of Indian respondents reporting previous phishing victimization Chinese and American respondents reported engaging online protective behaviors (e.g., noticing padlock icon, etc.) more than Indian respondents. Results discussed in the context of collectivist versus individualist society.
18 Hong, K. W., Kelley, C. M., Mayhorn, C. B., & Murphy-Hill, E. (2013). Keeping up with the Joneses: Assessing phishing susceptibility in an task. Participants: 53 Undergraduate Students Procedure: Results: Informed consent (online) Self-report surveys and questionnaires (online) Experimental assessment of phishing via task (laboratory) Battery of cognitive tests administered (laboratory) Debriefing statement Disconnect observed between participants attitudes and behavior as measured in the Bob Jones task. Specifically, approximately 92% of participants misclassified phishing s even though 89% indicated they were confident of their ability to identify phishing s. Individual differences such as gender, dispositional trust, and personality appear to be associated with the ability to correctly categorize s as either legitimate or phishing
19 Can you tell if this is legitimate?
20 Hierarchical Regression Analyses to Predict Phishing Detection Model β R 2 R 2 Δ F p Impulsivity/Personality Items: Model 1 Extraversion Anxiety Reservation Calmness Ability to keep emotions under control Trust/Distrust Items: Model 2 Extraversion Anxiety Reservation Calmness Ability to keep emotions under control Trust what people say Believe others have good intentions General distrust Behavioral Measures Items: Model 3 Extraversion Anxiety Reservation Calmness Ability to keep emotions under control Trust what people say Believe others have good intentions General distrust Lost money, was never reimbursed Completely read phishing message <.001
21 Zielinska, O., Tembe, R., Hong, K. W., Xe, G., Murphy-Hill, E. & Mayhorn, C. B. (2014). One Phish, Two Phish, How to Avoid the Internet Phish: Analysis of Training Strategies to Detect Phishing s. Participants: 96 from M Turk Experimental Design: 2 (Time: Before vs After Training) X 3 (Training Type: Control, Vignettes of Loss, Trust) Procedure:
22 Ratio of Correctly Identified s
23 Current and Future Directions Better Training Helping novices think like experts Approach borrowed from Naturalistic Decision Making (Klein, 1999) Mental models of cybersecurity explored in Pathfinder study (Zielinska et al., under review) Technological Innovation Building smarter systems Attention allocation to system rather than user Tailored warning systems (Wogalter & Mayhorn, 2005)
24 Conclusions Phishing is an important problem that demands attention from researchers and practitioners. Individual differences are important in understanding who is susceptible and most at-risk. Next step: Intervention!
25 Acknowledgements This research was supported by a grant from the National Security Agency. Special thanks to Emerson Murphy-Hill.
26 Take Away Messages Within the healthcare domain, data breaches can occur for a variety of reasons. Understanding the vulnerability of the human in the loop is critical. Data protection is everyone s responsibility! Education and training are viable approaches to reducing the likelihood of data breaches.
27 Data Breaches and Securing Healthcare Humans Chris Mayhorn Further Questions Kelli Tarala
KEEPING UP WITH THE JONESES: ASSESSING PHISHING SUSCEPTIBILITY IN AN EMAIL TASK. North Carolina State University, Raleigh, NC
KEEPING UP WITH THE JONESES: ASSESSING PHISHING SUSCEPTIBILITY IN AN EMAIL TASK Kyung Wha Hong 1, Christopher M. Kelley 2, Rucha Tembe 2, Emerson Murphy-Hill 1 & Christopher B. Mayhorn 2 1 Department of
More informationJoint Plumbing Industry Board Plumbers Local Union No.1 Trust Funds
Joint Plumbing Industry Board Plumbers Local Union No.1 Trust Funds Welfare Fund Trade Education Fund Additional Security Benefit Fund 401(k) Savings Plan John J. Murphy, Co-Chairman - Labor Walter Saraceni,
More informationImportance: From: Anthem, Inc. Communications Sent: Thursday, February 26, 2015 4:40 PM Subject: Important message from Anthem, Inc.
Importance: High From: Anthem, Inc. Communications Sent: Thursday, February 26, 2015 4:40 PM Subject: Important message from Anthem, Inc. An important message from Anthem, Inc. To Members: On January 29,
More information<DATE> <FIRST NAME> <LAST NAME> <ADDRESS LINE 1> <ADDRESS LINE 2> <CITY>, <STATE> <ZIP> Dear <FIRTST NAME> <LAST NAME>:
, Dear : You are receiving this letter because computer thieves or hackers have gained access
More informationDATA SECURITY HACKS, HIPAA AND HUMAN RISKS
DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare
More informationInfluence of Social Networks on Cyber Security
Influence of Social Networks on Cyber Security Kate Coronges, MPH, PhD Network Science Center (NSC) & Behavioral Sciences and Leadership (BS COL Ron Dodge, PhD, Information & Education Technology Alysse
More informationCYBERSECURITY IN HEALTHCARE: A TIME TO ACT
share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity
More informationSecurity Awareness Campaigns Deliver Major, Ongoing ROI
Security Awareness Campaigns Deliver Major, Ongoing ROI CONTENTS 01 01 02 04 05 06 Introduction The Challenge Immediate Value Evaluating effectiveness Ongoing value Conclusion INTRODUCTION By this point,
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationWHITE PAPER. Maximizing Site Visitor Trust Using Extended Validation SSL
Maximizing Site Visitor Trust Using Extended Validation SSL CONTENTS + The Erosion of SSL's Identity Promise 3 + Introducing Identity Visitors Can Trust 4 Internet Explorer 7: Green for Go 4 + How Extended
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationWhite Paper. Data Breach Mitigation in the Healthcare Industry
White Paper Data Breach Mitigation in the Healthcare Industry Thursday, October 08, 2015 Table of contents 1 Executive Summary 3 2 Personally Identifiable Information & Protected Health Information 4 2.1
More informationNuclear Security Requires Cyber Security
Nuclear Security Requires Cyber Security A. DAVID MCKINNON, PH.D., MARY SUE HOXIE Cyber Physical Security Team, National Security Directorate Project on Nuclear Issues (PONI) Fall 2015 Conference PNNL-SA-113027
More informationData Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked
Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed
More informationWith the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.
With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful. Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationON TRUST IN THE INTERNET: BELIEF CUES FROM DOMAIN SUFFIXES AND SEALS OF APPROVAL
1346 ON TRUST IN THE INTERNET: BELIEF CUES FROM DOMAIN SUFFIXES AND SEALS OF APPROVAL Atticus Y. Evil, Eric F. Shaver, and Michael S. Wogalter Cognitive Ergonomics Laboratory Department of Psychology North
More informationWhere Do You Draw the Creepy Line? Privacy, Big Data Analytics and the Internet of Things
Where Do You Draw the Creepy Line? Privacy, Big Data Analytics and the Internet of Things aisa.org.a u aisa.org.a u Rebecca Herold, CEO The Privacy Professor 1 rebeccaherold@rebeccaherold.com Agenda Technology
More informationDEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000
DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INFORMATION OFFICER October 1, 2015 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More informationMobile Security & Cybersecurity Issues for Physicians & Patients Across the Care Continuum
Mobile Security & Cybersecurity Issues for Physicians & Patients Across the Care Continuum 8th Annual NJ/DV Conference: IT - The Politics of Healthcare October 29, 2015 Atlantic City, NJ William Buddy
More informationPolicy for Social Media Usage in Catawba County
Policy for Social Media Usage in Catawba County Adopted March 1, 2010 Revised September 7,2010 1. PURPOSE The role of technology in the 21 st century workplace is constantly expanding and now includes
More informationWhat You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage
What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage Sponsored by ObserveIT Independently conducted by Ponemon Institute LLC June 2015 Ponemon Institute Research Report
More informationACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationMedical Information Breaches: Are Your Records Safe?
Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationThe Importance of Cyber Threat Intelligence to a Strong Security Posture
The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report
More informationHealthcare Information Security Today
Healthcare Information Security Today 2015 Survey Analysis: Evolving Threats and Health Info Security Efforts WHITE PAPER SURVEY BACKGROUND The Information Security Media Group conducts an annual Healthcare
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationManaging Junk Mail. About the Junk Mail Filter
Managing Junk Mail Outlook can filter out certain types of messages and send them to a separate folder to keep your Inbox from being cluttered with junk mail. Outlook can also disable links in suspicious
More informationMilgram Activities. Everyone was paid $4.50 and told that they would receive this even if they quit during the study.
Milgram Activities Activity 1 Procedures Aim: To consolidate students knowledge of the procedures of Milgram s study and to encourage co-operative working amongst students. Cut up the following table of
More informationNorth Carolina Office of the Governor North Carolina Office of Information Technology Services North Carolina Department of Cultural Resources
North Carolina Office of the Governor North Carolina Office of Information Technology Services North Carolina Department of Cultural Resources Best Practices for Social Media Usage in North Carolina December
More informationTeens and Cyberbullying
Teens and Cyberbullying EXECUTIVE SUMMARY OF A REPORT ON RESEARCH Conducted for NATIONAL CRIME PREVENTION COUNCIL (NCPC) Released February 28, 2007 By the National Crime Prevention Council Survey conducted
More informationSecuring Today s Healthcare Enterprise Systems Time to Rethink Your Cybersecurity Strategy
As seen in Securing Today s Healthcare Enterprise Systems Time to Rethink Your Cybersecurity Strategy Adam Hesse, Inc. Published June 26, 2015 Anyone following today s headlines is aware that cyberattacks
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationResearch Note The Art of Social Engineering
Research Note The Art of Social Engineering By: Devin Luco Copyright 2013, ASA Institute for Risk & Innovation Keywords: Cyber Attacks, Cyber Criminals, Cyber Risks, Cybersecurity, Cyber Threats, Information
More informationdeveloping your potential Cyber Security Training
developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company
More informationCSUF Tech Day 2015. Security Awareness Overview Dale Coddington, Information Security Office dcoddington@fullerton.edu
CSUF Tech Day 2015 Security Awareness Overview Dale Coddington, Information Security Office dcoddington@fullerton.edu Agenda Introduction Large scale data breaches: 2014 and beyond Email based attacks:
More informationAddiction Treatment Strategies
Patient Registration Legal Name First Middle Last Birth Date Address Street City State Zip Phone(s) Home Cell Work Is it ok to contact your cell? Yes No SSN Email (Used for appointment reminder) Known
More informationEmotionally unstable? It spells trouble for work, relationships and life
Emotionally unstable? It spells trouble for work, relationships and life Rob Bailey and Tatiana Gulko, OPP Ltd Summary This presentation explores a range of studies of resilience using the 16PF questionnaire,
More informationIA/CYBERSECURITY IS CRITICAL TO OPERATE IN CYBERSPACE
IA/CYBERSECURITY IS CRITICAL TO OPERATE IN CYBERSPACE Commanders, leaders, and managers are responsible for ensuring that Information Assurance/Cybersecurity is part of all Army operations, missions and
More informationCKAHU Symposium Cyber-Security
CKAHU Symposium Cyber-Security Scott Logan Technical Director of Security Position: Technical Director of Security Employment: NetGain Technologies (6+ years) NetGain is a Regional partner with 7 locations
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationDepartment of Psychology
Colorado State University 1 Department of Psychology Office in Behavioral Sciences Building, Room 201 (970) 491-3799 colostate.edu/depts/psychology (http://www.colostate.edu/depts/ Psychology) Professor
More information2015 VA Privacy Matters Symposium Session 2: Privacy Awareness
2015 VA Privacy Matters Symposium Session 2: Privacy Awareness June 9, 2015 Administrative Items Do not use your computer microphone to participate in this meeting. Lync will be used only as a display.
More informationFORMER CMSP AND PATH2HEALTH MEMBERS YOU MAY BE AFFECTED BY ANTHEM DATA BREACH
What happened? FORMER CMSP AND PATH2HEALTH MEMBERS YOU MAY BE AFFECTED BY ANTHEM DATA BREACH On January 29, 2015, Anthem Blue Cross (Anthem) learned a cyber-attack to its electronic information systems
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationRunning Head: SOCIAL MEDIA RECRUITMENT: GETTING GENERATION Y S ATTENTION. Social Media Recruitment: Getting Generation Y s Attention.
Social Media Recruitment: Getting Generation Y s Attention Andrew Nixon Mihai Ciuca Adam Venditti Hailey Desormeaux Kayla Dynan University of Guelph SOCIAL MEDIA RECRUITMENT: GETTING GENERATION Y S ABSTRACT
More informationThe Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training
The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.
More informationMiami University: Human Subjects Research General Research Application Guidance
Miami University: Human Subjects Research General Research Application Guidance Use the accompanying Word template for completing the research description. You must provide sufficient information regarding
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationJodi L. Ceballos, Psy.D. Clinical Psychologist
Hello, my name is Dr. Jodi Ceballos and I am a Licensed who recently relocated to Del Rio. I offer psychological and psycho-educational testing services, as well as individual, couples, and family therapy
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationCollege of DuPage Information Technology. Information Security Plan
College of DuPage Information Technology Information Security Plan April, 2015 TABLE OF CONTENTS Purpose... 3 Information Security Plan (ISP) Coordinator(s)... 4 Identify and assess risks to covered data
More informationWhat Are The Odds Of a HIPAA Audit?
What Are The Odds Of a HIPAA Audit? 1 Random Odds The law Outline Why is enforcement up? What types of audits and what causes them Examples of enforcement What can you do to avoid audits and fines 2 3
More informationCHAPTER 2: CASE STUDY SPEAR-PHISHING CAMPAIGN GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: CASE STUDY SPEAR-PHISHING CAMPAIGN 1 SPEAR-PHISHING CAMPAIGN CASE STUDY MORAL Attacks do not have to be technically advanced to succeed. OVERVIEW In August of 2014, Aerobanet (named changed to protect
More information2013 Cost of Data Center Outages
2013 Cost of Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Part 1. Executive Summary 2013 Cost of Data Center Outages Ponemon Institute, December
More informationCybersecurity. Cloud. and the. 4TH Annual NICE Workshop Navigating the National Cybersecurity Education InterState Highway September 2013
Cybersecurity and the Cloud 4TH Annual NICE Workshop Navigating the National Cybersecurity Education InterState Highway September 2013 Well, I'll hazard I can do more damage on my laptop sitting in my
More informationSHAMING AS A TECHNIQUE FOR INFORMATION SECURITY POLICY
SHAMING AS A TECHNIQUE FOR INFORMATION SECURITY POLICY AND TRAINING ADHERENCE Mark A. Harris University of South Carolina maharris@hrsm.sc.edu ABSTRACT Information security policy and information security
More informationFACT SHEET: Ransomware and HIPAA
FACT SHEET: Ransomware and HIPAA A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000
More informationREQUEST FOR INFORMATION
Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services 3 September 2015 6506 Loisdale Rd, Ste 325
More informationAbstract. Introduction
Predicting Talent Management Indices Using the 16 Primary Personality Factors John W. Jones, Ph.D.; Catherine C. Maraist, Ph.D.; Noelle K. Newhouse, M.S. Abstract This study investigates whether or not
More informationCybersecurity Awareness for Executives
SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity
More informationIdentity Theft and Medical Theft. *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA
1 Identity Theft and Medical Theft *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA *Corresponding Author, 490 Piya Wiconi Road, Kyle-South Dakota (605) 455-6110 csarmiento@olc.edu Introduction
More informationOCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
More informationDepartment of Psychology
The University of Texas at San Antonio 1 Department of Psychology The Department of Psychology offers the Master of Science Degree in Psychology and the Doctor of Philosophy Degree in Psychology. Master
More informationExposing the Cybersecurity Cracks: A Global Perspective
Exposing the Cybersecurity Cracks: A Global Perspective Part I: Deficient, Disconnected & in the Dark Sponsored by Websense, Inc. Independently conducted by Ponemon Institute LLC Publication Date: April
More informationSimplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls
Simplifying Security & Compliance Innovating IT Managed Services Data Security Threat Landscape and IT General Controls Audit Standards and IT General Controls General IT controls discussed in AUC Section
More informationLaw Firms and Cyber Security
Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Law Firms and Cyber Security A hacker s dream and a lawyer s nightmare About Delta Risk is a global provider of strategic
More informationTODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures
TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationUNIT: PSYCHOLOGICAL RESEARCH
Assignment: Research Experiment Instructor Guide UNIT: PSYCHOLOGICAL RESEARCH Standards that Apply to this Assignment National Standards for High School Psychology Curricula August 2005 Standard Area IA:
More informationEHS Privacy and Information Security
EHS Privacy and Information Security Resident Orientation 26 June 2015 Steve Winter CISSP, CNE, MCSE Senior Information Security Engineer Privacy and Information Security Office Erlanger Health System
More informationSchool Counseling Resource Guide
School Counseling Resource Guide For Parents, Staff, and Students Monica Jones School Counselor Burgin Elementary 1 INDEX Why elementary school counselors?.. 3 Counselors Referrals.... 4 About School Counselors..
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One End User Security, IS Control Evaluation & Self- Assessment Information Security Trends and Countermeasures
More informationBuilding The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord
Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against
More informationThe Department of Health and Human Services Privacy Awareness Training. Fiscal Year 2015
The Department of Health and Human Services Privacy Awareness Training Fiscal Year 2015 Course Objectives At the end of the course, you will be able to: Define privacy and explain its importance. Identify
More informationRede ning medical students' disease to reduce morbidity
Research papers Rede ning medical students' disease to reduce morbidity Rona Moss-Morris & Keith J Petrie Objectives To gain a clearer conceptual understanding of medical students' disease and its impact
More informationLorenza Tiberio, Amedeo Cesta & Gabriella Cortellessa. CNR - National Research Council - Italy. RAatE 2012 - University of Warwick Coventry UK
Lorenza Tiberio, Amedeo Cesta & Gabriella Cortellessa CNR - National Research Council - Italy RAatE 2012 - University of Warwick Coventry UK The ExCITE Project [07/2010-06/2013] Telepresence robot as a
More informationUpdate on Anthem Cyber Attack General Information for Clients and Brokers
Update on Anthem Cyber Attack General Information for Clients and Brokers February 20, 2015 What happened? Anthem, Inc. was the victim of a cyber attack. Anthem discovered that one of its database warehouses
More informationChoosing The Right Data Breach Response Services for Consumer Remediation
Choosing The Right Data Breach Response Services for Consumer Remediation Authored by Brian Lapidus, Managing Director, InfoSec Practice Leader Kroll When a data breach exposes personal information to
More informationThe Importance of Sharing Health Information in a Healthy World
January 30, 2015 Karen DeSalvo, MD, MPH, MSc National Coordinator Office of National Coordinator for Health IT Department of Health and Human Services 200 Independence Ave, SW Washington, DC 20201 Dear
More informationGuide to the National Safety and Quality Health Service Standards for health service organisation boards
Guide to the National Safety and Quality Health Service Standards for health service organisation boards April 2015 ISBN Print: 978-1-925224-10-8 Electronic: 978-1-925224-11-5 Suggested citation: Australian
More informationHow to Spot and Combat a Phishing Attack Webinar
How to Spot and Combat a Phishing Attack Webinar October 20 th, 2015 Kevin Patel Sr Director of Information Security, Compliance & IT Risk Mgmt kpatel@controlscan.com Agenda 1) National Cyber Security
More informationThird Annual Survey on Medical Identity Theft
Third Annual Survey on Medical Identity Theft Sponsored by Experian s ProtectMyID Independently conducted by Ponemon Institute LLC Publication Date: June 2012 Ponemon Institute Research Report Part 1:
More informationFostering Incident Response and Digital Forensics Research
Fostering Incident Response and Digital Forensics Research Bruce J. Nikkel bruce.nikkel@ubs.com September 8, 2014 Abstract This article highlights different incident response topics with a focus on digital
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationYour Personal Information: Protecting it from Exploitation
Your Personal Information: Protecting it from Exploitation Data breaches involving personal information result in a broad range of risks to individuals and organizations. This includes identity theft,
More informationThe High Price of Medical Identity Theft and Fraud
The High Price of Medical Identity Theft and Fraud Some Quick Facts 3 times more likely to be ID fraud victim if credit/debit card breached 1 New ID fraud victim every 2 seconds 2 Few adults are familiar
More informationTHE ULTIMATE BUSINESS CYBERSECURITY CHECKLIST. A checklist of things you can do to be more prepared and take care of your customers.
THE ULTIMATE BUSINESS CYBERSECURITY CHECKLIST A checklist of things you can do to be more prepared and take care of your customers. PLUSCONSULTING.COM 2 BUSINESS CYBERSECURITY CHECKLIST INTRODUCTION S
More informationHIPAA Breach UPDATED 9/21/15
HIPAA Breach UPDATED 9/21/15 Benefits Administration was informed on September 10 th of a cyberattack that may have affected records of those eligible for long term care through MedAmerica and, possibly,
More informationHow to stay safe online
How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware
More informationIs security awareness a waste of time?
Is security awareness a waste of time? New York State Cyber Security Conference June 5, 2013 Scott Gréaux Vice President Product Management and Services, PhishMe, Inc. They are exploiting human vulnerabilities
More informationNorth Carolina Office of the Governor North Carolina Office of Information Technology Services North Carolina Department of Cultural Resources
North Carolina Office of the Governor North Carolina Office of Information Technology Services North Carolina Department of Cultural Resources Best Practices for State Agency Social Media Usage in North
More informationInstitutional Review Board for the Use of Human Subjects in Research GUIDELINES FOR A PROPOSAL NARRATIVE
Institutional Review Board for the Use of Human Subjects in Research GUIDELINES FOR A PROPOSAL NARRATIVE In your narrative, address each of the topics outlined below. Every application for IRB review must
More informationInsulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015
Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery
More information::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Trends
Quarterly Cybersecurity BILT Meeting October 10, 2012 Meeting Minutes ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Trends Stephen
More information2H 2015 SHADOW DATA REPORT
2H 20 SHADOW DATA REPORT Shadow Data Defined: All potentially risky data exposures lurking in cloud apps, due to lack of knowledge of the type of data being uploaded and how it is being shared. Shadow
More information