11th AMC Conference The Privacy Security Partnership in Managing Risk June 22, 2015 Angel Hoffman, Dennis Schmidt, Jay Trinckes
|
|
- Pauline Martin
- 8 years ago
- Views:
Transcription
1 11th AMC Conference The Privacy Security Partnership in Managing Risk June 22, 2015 Angel Hoffman, Dennis Schmidt, Jay Trinckes 1
2 Session objectives Describe the respective roles and responsibilities of privacy and security, and how they can benefit by working together Explain opportunities for cross-training for enhanced effectiveness Outline a strategy for assessing and managing privacy and security risks through teamwork. 2
3 ADVANCED PARTNERS IN HEALTH CARE COMPLIANCE, LLC Angel Hoffman Phone: www. APHCcompliance.com 2014 ADVANCED PARTNERS IN HEALTH CARE COMPLIANCE, LLC 3
4 Let s Review: Where are we twelve years later? HIPAA Privacy April 2003 HIPAA EDI October 2003 HIPAA Security 2005 HITECH 2009 HIPAA Omnibus
5 Role of the Privacy Officer HITECH - created a lot of changes and stricter protections along with the Breach Notification Rule which created: Increased responsibility Increased knowledge and skills required Increased hours to handle issues during the work day HIPAA Omnibus Enforcement Rule However, it is not just about the regulations, but much more 5
6 Changes in Tasks and Activities Process development and implementation Training development and implementation Conduct online and live training for: - Board (more emphasis today) - Management (follow-up) - Staff - Others Policy development have the new policies been added to the training? 6
7 Changes in Tasks and Activities (cont.) Managing complaints/breaches have increased; use of technology to track and trend; producing reliable reports Conduct investigations have increased and there are more things to track now (breach notification more recently) Maintaining documentation and keeping all paper and electronic information available Working with other departments communication is increasingly critical and impacts: Human Resources, Quality and Information Security Reporting 7
8 State Attorney General Role External Influences HIEs newer state and federal government activity Impact of Social Media Age of the workforce 8
9 Partnering with the Security Officer managing risks in the medical information realm takes effective teamwork. The Privacy Officer must partner with the Security Officer in order to have a successful program. Sharing of information is not always easy, but when we work collaboratively vs. in silos the organization succeeds and this leads to better outcomes. And as we all know now You cannot not have privacy without security! 9
10 Roles of a Chief Information Security Officer Dennis Schmidt Assistant Dean for Information Technology HIPAA Security Officer 10
11 University of North Carolina Nation s first public university, chartered ,000 students 3,600 faculty Number of servers: Unknown, but it s a lot!!! 5% or campus is protected by firewall Block 87 million unwanted connections weekly IPS blocks 5.1 million malicious threat events 11
12 UNC School of Medicine 1,500+ Faculty 720 Medical Students 700 Graduate Students 3000 Staff ~1,000 servers 98 Server administrators (Self identified) 47 different O/S s (Self reported) 12
13 CISO Job Description Primarily responsible for all ongoing activities related to the availability, integrity and confidentiality of patient, provider, employee, and business information in compliance with the healthcare organization's security policies and procedures, regulations and law. Could report to: CIO Chief Compliance Officer Chief Risk Manager Qualifications: BS/BA, usually in related field Certifications: CISSP, GSEC, PMP.. 13
14 Desired Soft Skills Manager Supervises the security team Author Writes security policies Drafts or edits incident reports Teacher Formal HIPAA Training Security Presentations Security Bytes/Tips of the Week Mentor Leads by Example 14
15 More Soft Skills Collaborator Seeks input from the community while developing policies Protector Develops environment to keep the bad guys out Consultant Advises customers on best practices Enforcer Blocks bad practices Firm but fair Visionary Looks ahead for solutions to new threats 15
16 Undesired Traits Dictator Sets policies without collaborating or consulting with affected users My way or the highway Isolationist Fails to communicate with community Do what I say, not what I do 16
17 Privacy and Security Collaboration HIPAA Training BAAs Investigation support The 4 item test Knowledge sharing 17
18 18
19 New Role: Chief Information Privacy & Security Officer (CIPSO) Privacy/Security are so intertwined Executive Level Position Approved by the Board of Directors with a direct line of communication to BoD Demonstrates the commitment of organization to Privacy/Security As related to HIPAA, would be responsible for all Privacy Rules and Security Rules (which is a subset of the Privacy Rules) 19
20 Build a Culture of Privacy/Security People are weakest link Top Down Approach; emphasize importance of privacy/security Assign CIPSO; Delegate Authority to Carry Out Role 20
21 People Concerns Current Threats Social Engineering art of convincing someone to do something that may not be in their best interest Being too helpful giving more information away than is necessary 21
22 Real World Examples: Physical Breach obtaining unauthorized physical access Targeted Phishing Attacks wire transfer requests that appear to come from CEO Limit information available on-line Malicious Software unaware users clicking on links; opening unsolicited attachments 22
23 Administrative Safeguards Four Tenants of Information Security - CIAP Confidentiality Integrity Availability Privacy 23
24 Policies/Procedures Must be implemented Staff must be aware of existence Must be easy to follow Must be relevant 24
25 Physical Safeguards First Line of Defense Castle Scenario layers of defenses Security Rule: If someone is able to gain physical access to a system, the system no longer belongs to the organization. 25
26 Real World Examples: Cipher Locks on doors numbers worn; view over shoulder Key Logging/USB Devices Boot to CD/USB Drive; BIOS flaws Monitor Locations System Locks password screen savers 26
27 Technical Controls Weak Passwords user controlled No amount of security can prevent against weak passwords Authentication Process limited by application developers Need to consider multi-factor authentication; Stronger authentication methods Encryption not all encryption is the same SSL Encryption flawed (HeartBleed, FREAK, weak pseudo-random generators) 27
28 System Logging Activities There are only two types of companies: those that have been hacked and those that will be. Former FBI Director Robert Mueller And once you are hacked, would you even know? User Activity Logging; Suspicious Activities; Security Incident Event Management (SIEM) Solutions; Intrusion Detection/Intrusion Prevention Solutions 28
29 Group Discussion 29
11th AMC Conference on Securely Connecting Communities for Improved Health
11th AMC Conference on Securely Connecting Communities for Improved Health Information Security Testing How Do AMCs Ensure Your Networks are Secure June 22, 2015 Ray Hillen, Dennis Schmidt, Adam Bennett
More informationAre You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives
Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? Your organization received a certified letter sent from the Office for Civil Rights (OCR)
More informationHIPAA Requirements for Data Security
HIPAA Requirements for Data Security Dennis Schmidt, HIPAA Security Officer UNC School of Medicine March, 2012 What does HIPAA Compliant Mean? It depends! The HIPAA Security Rule does not give many specific
More information2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.
The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationSecuring the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer
Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health
More informationHIPAA Security Education. Updated May 2016
HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)
More informationHIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
More informationData Management & Protection: Common Definitions
Data Management & Protection: Common Definitions Document Version: 5.5 Effective Date: April 4, 2007 Original Issue Date: April 4, 2007 Most Recent Revision Date: November 29, 2011 Responsible: Alan Levy,
More informationHow Much Do I Need To Do to Comply? Vice president SystemExperts Corporation
How Much Do I Need To Do to Comply? Richard E. Mackey, Jr. Vice president SystemExperts Corporation Agenda Background Requirements and you Risk language Risk Factors Assessing risk Program elements and
More informationAGENDA HIP Ho AA w i rivacy d The B reach Happen? I P nc AA Secu dent R rit esp y o nse Corrective Action Plan What We Learned ACRONYMS USED
Michael Almvig Skagit County Information Services Director 1 AGENDA 1 2 HIPAA How Did Privacy The Breach Happen? HIPAA Incident Security Response 3 Corrective Action Plan 4 What We Learned Questions? ACRONYMS
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationWelcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security
Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The
More informationUniversities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence
Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence About ERM About The Speaker Information Security Expert at ERM B.S. Software Engineering and Information Technology
More informationEECS 588: Computer and Network Security. Introduction
EECS 588: Computer and Network Security Introduction January 13, 2014 Today s Cass Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationHIPAA In The Workplace. What Every Employee Should Know and Remember
HIPAA In The Workplace What Every Employee Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security
More informationAgenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree
Cyber Security: Potential Threats Impacting Organizations January 10, 2015 Scott Petree Agenda 2 Data Security Trends Root Causes of Cyber Attacks How Can We Fix This? Secure Infrastructure User Awareness
More informationKnow the Risks. Protect Yourself. Protect Your Business.
Protect while you connect. Know the Risks. Protect Yourself. Protect Your Business. GETCYBERSAFE TIPS FOR S MALL AND MEDIUM BUSINESSES If you re like most small or medium businesses in Canada, the Internet
More informationLaptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice
Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA
More informationInformation Security
IT Orientation at Penn Information Security May 8, 2013 Joshua Beeman University Information Security Officer jbeeman@isc.upenn.edu (215) 746-7077 www.upenn.edu/computing/security security@isc.upenn.edu
More informationipatch System Manager - HIPAA Compliance
SYSTIMAX Solutions ipatch System Manager - HIPAA Compliance White Paper July 2008 www.commscope.com Overview Health plans, healthcare clearinghouses, healthcare providers including Medicare/ Medicaid agencies
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationPresented by: Mike Morris and Jim Rumph
Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationSmarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist
Smarter Security for Smarter Local Government Craig Sargent, Solutions Specialist SUMMARY 1 Trustwave and SpiderLabs 2 Penetration Testing 3 Web Application Firewall (WAF) 4 Security Information & Event
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More informationHow To Protect Yourself From A Hacker Attack
Cybersecurity Demystified: Information Technology Security Trends Joe Oleksak, Plante Moran Agenda Data Security Trends Example Attacks Industry Examples An Answer 1 Who Are The Victims? Targets - victims
More informationPrivacy and Security requirements, OCR HIPAA Audits and the New Audit Protocol
Privacy and Security requirements, OCR HIPAA Audits and the New Audit Protocol 1 Learning Objectives Understand Privacy and Security Requirements Understand the new OCR audit protocol Learn how to prepare
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationHIPAA PRIVACY AND SECURITY FOR EMPLOYERS
HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative
More informationServer Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating
Server Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating to all users of UNH IT resources, and improve the availability
More informationData Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com
Data Security 101 A Lawyer s Guide to Ethical Issues in the Digital Age Christopher M. Brubaker cbrubaker@clarkhill.com November 4-5, 2015 Pennsylvania Bar Institute 21 st Annual Business Lawyers Institute
More informationReady for an OCR Audit? Will you pass or fail an OCR security audit? Tom Walsh, CISSP
Ready for an OCR Audit? Will you pass or fail an OCR security audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? You receive a phone call from your CEO. They just received
More informationCallRail Healthcare Marketing. HIPAA and HITECH Compliance for Covered Entities using Call Analytics Software
CallRail Healthcare Marketing HIPAA and HITECH Compliance for Covered Entities using Call Analytics Software Healthcare 2015 HIPAA and HITECH Compliance for Covered Entities using Call Analytics Software
More informationInformation Security
IT Orientation at Penn Information Security October 21, 2015 Joshua Beeman University Information Security Officer jbeeman@isc.upenn.edu (215) 746-7077 www.upenn.edu/computing/security security@isc.upenn.edu
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationComputer and Network Security
EECS 588 Computer and Network Security Introduction January 12, 2016 Alex Halderman Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components
More informationIdentity and Access Management in the Commonwealth
Identity and Access Management in the Commonwealth Erik Avakian, CISSP, CISA, CISM, CGCIO Chief Information Security Officer Commonwealth of Pennsylvania eavakian@pa.gov William (Bill) Harrod, CISSP Cyber-Security
More informationHIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders
HIPAA Developed by The University of Texas at Dallas Callier Center for Communication Disorders Purpose of this training Everyone with access to Protected Health Information (PHI) must comply with HIPAA
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationAUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520
AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN 1250 Siskiyou Boulevard Ashland OR 97520 Revision History Revision Change Date 1.0 Initial Incident Response Plan 8/28/2013 Official copies
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationDATA SECURITY HACKS, HIPAA AND HUMAN RISKS
DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare
More informationInformation Security Training 2012
Information Security Training 2012 Authored by: Gwinnett Medical Center Information Security Department Modified for affiliated schools students & instructors by: Linda Horst, RN, BSN, BC Objectives After
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationAB 1149 Compliance: Data Security Best Practices
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationWhitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers
Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to
More informationAUDIT TAX SYSTEMS ADVISORY
AUDIT TAX SYSTEMS ADVISORY Presented by: Jim Rumph Introduction JIM RUMPH, CISA Systems Manager Jim is a graduate of the University of Georgia with a Bachelor of Business Administration in Accounting and
More informationTexas Medical Records Privacy Act
A COALFIRE PERSPECTIVE Texas Medical Records Privacy Act Texas House Bill 300 (HB 300) Rick Dakin, CEO & Co-Founder Rick Link, Director Andrew Hicks, Director Overview The State of Texas has pushed ahead
More informationHow to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization
How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization Alertsec offers Cloud Managed - Policy Controlled - Security Modules for Ensuring Compliance at the Endpoints Contents
More informationData Security Considerations for Research
Data Security Considerations for Research Institutional Review Board Annual Education May 8, 2012 1 PRIVACY vs. SECURITY What s the Difference?: PRIVACY Refers to WHAT is protected Health information about
More informationHealthcare Information Security Today
Healthcare Information Security Today 2015 Survey Analysis: Evolving Threats and Health Info Security Efforts WHITE PAPER SURVEY BACKGROUND The Information Security Media Group conducts an annual Healthcare
More informationGeneral Statement and Verification of Standards
Privacy Statement General Statement and Verification of Standards HealthHighway.com has adopted this privacy statement in order to demonstrate our firm commitment to Provider and Patient privacy. This
More informationIntro. Tod Ferran, CISSP, QSA. SecurityMetrics. 2 years PCI and HIPAA security consulting, performing entity compliance audits
HIPAA Security Rule & Live Hack Tod Ferran, CISSP, QSA Intro Tod Ferran, CISSP, QSA 25 years working with IT and physical security 2 years PCI and HIPAA security consulting, performing entity compliance
More informationCan Your Diocese Afford to Fail a HIPAA Audit?
Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous
More informationONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationThrough the Security Looking Glass. Presented by Steve Meek, CISSP
Through the Security Looking Glass Presented by Steve Meek, CISSP Agenda Presentation Goal Quick Survey of audience Security Basics Overview Risk Management Overview Organizational Security Tools Secure
More informationLogging and Auditing in a Healthcare Environment
Logging and Auditing in a Healthcare Environment Mac McMillan CEO CynergisTek, Inc. OCR/NIST HIPAA Security Rule Conference Safeguarding Health Information: Building Confidence Through HIPAA Security May
More informationBest Practices For Department Server and Enterprise System Checklist
Best Practices For Department Server and Enterprise System Checklist INSTRUCTIONS Information Best Practices are guidelines used to ensure an adequate level of protection for Information Technology (IT)
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationHow To Write A Health Care Security Rule For A University
INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a
More informationAdding Cloud Solutions to Customer Contracts Robert J. Scott
Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services
More informationHIPAA Information Security Overview
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
More informationContents. Introduction. Creating a list. Growing your list. Managing unsubscribes. Handling spam complaints. Managing bounces
Managing your data Contents 01 02 03 04 05 06 07 08 09 10 11 Introduction Creating a list Growing your list Managing unsubscribes Handling spam complaints Managing bounces Dealing with Out of Office notifications
More informationChecklist for Breach Readiness. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @
Checklist for Breach Readiness Enabling a Resilient Organization Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Facts about breach violation impact
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationPolicies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices
More informationFFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager
FFIEC Supplemental Guidance to Authentication in an Robert Farmer Senior Technology Compliance Manager 1 888 250 4400 Effective Date The FFIEC Supplement to Authentication in an was issued on June 28,
More informationprivacy and security training that makes people remember and care www.teachprivacy.com
www.teachprivacy.com CRISIS www.teachprivacy.com The number of data breaches keeps rising. Jan July 2013 371 Breaches Jan July 2014 447 Breaches Identity Theft Resource Center Data breaches cost healthcare
More informationITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
More informationHow To Protect Research Data From Being Compromised
University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...
More informationFORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY
FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY Page 1 of 6 Summary The Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements for enhancing payment account
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationFACT SHEET: Ransomware and HIPAA
FACT SHEET: Ransomware and HIPAA A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000
More informationData Security: Fight Insider Threats & Protect Your Sensitive Data
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
More informationEvaluation Report. Office of Inspector General
Evaluation Report OIG-08-035 INFORMATION TECHNOLOGY: Network Security at the Office of the Comptroller of the Currency Needs Improvement June 03, 2008 Office of Inspector General Department of the Treasury
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationExecutive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6
Securing the State Of Michigan Information Technology Resources Table of Contents Executive Overview...4 Importance to Citizens, Businesses and Government...5 Emergency Management and Preparedness...6
More informationJuly 6, 2015. Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263
July 6, 2015 Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263 Re: Security Over Electronic Protected Health Information Report 2014-S-67
More informationTelemedicine HIPAA/HITECH Privacy and Security
Telemedicine HIPAA/HITECH Privacy and Security 1 Access Control Role Based Access The organization shall provide secure rolebased account management. Privileges granted utilizing the principle of least
More informationIT Security Standard: Computing Devices
IT Security Standard: Computing Devices Revision History: Date By Action Pages 09/30/10 ITS Release of New Document Initial Draft Review Frequency: Annually Responsible Office: ITS Responsible Officer:
More informationVMware vcloud Air HIPAA Matrix
goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory
More informationHIPAA Privacy and Information Security Management Briefing
HIPAA Privacy and Information Security Management Briefing Karen Pagliaro-Meyer Privacy Officer kpagliaro@columbia.edu (212) 305-7315 Soumitra Sengupta Information Security Officer sen@columbia.edu (212)
More informationHIPAA Training Part III. Health Insurance Portability and Accountability Act
HIPAA Training Part III Health Insurance Portability and Accountability Act POLICIES & PROCEDURES Goals Learn simple ways to protect information. Learn how to continually give training. Learn how to continually
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationThe SMB Cyber Security Survival Guide
The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationHIPAA COMPLIANCE REVIEW
HIPAA COMPLIANCE REVIEW DRAGON MEDICAL V 10 CSC 3811 Turtle Creek Blvd Suite 2000 Dallas, TX 75219 Phone: 214.520.0555 TABLE OF CONTENTS 1.0 Introduction 1 2.0 Findings 1 2.1 Observations and Recommendations
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationPRESENTATION TO THE UNIVERSITY SYSTEM OF MARYLAND S BOARD OF REGENTS
CYBERSECURITY PRESENTATION TO THE UNIVERSITY SYSTEM OF MARYLAND S BOARD OF REGENTS by Dr. Lawrence A. Gordon (Lgordon@rhsmith.umd.edu) EY Professor of Managerial Accounting and Information Assurance Affiliate
More informationFour Top Emagined Security Services
Four Top Emagined Security Services. www.emagined.com Emagined Security offers a variety of Security Services designed to support growing security needs. This brochure highlights four key Emagined Security
More information