© 2006 emesec healthtechnet the management and operational perspective of privacy and security...
TRANSCRIPT
© 2006 EmeSec
HealthTechNet
The Management and Operational Perspective of
Privacy and Security
12801 Worldgate Drive, Suite 500Herndon, Virginia 20170
703-871-3973
A Privacy / Security Presentation
For HealthTechNet
July 21, 2006
Maria C. Horton, CISSP-ISSMP, IAM
© 2006 EmeSec
HealthTechNet
About EmeSec (pronounced em-ēē-sek)
• 8(a), Service Disabled Veteran, Woman Owned Business – Founded April 2003
• EmeSec specializes e-Security solutions IT policy and planning, Continuity of Operations, Incident Response, and Regulatory Compliance
© 2006 EmeSec
HealthTechNet
Security in Large Organizations
Source: Meta Group, 2004
1-2 yr phase
© 2006 EmeSec
HealthTechNet
Data Protection
• Drivers– Government
• Regulatory
– Commercial• Revenue • Privacy
• Management– Policy driven– Procedurally
oriented
• Operational– Technically focused– Location based
© 2006 EmeSec
HealthTechNet
Common Security Issues
• Five Basic problem Areas– Inherent Security Defects– Misuse of Tools – Improper maintenance– Ineffective Security– Inadequate detection systems
© 2006 EmeSec
HealthTechNet
Threat Response Activities• Annual Risk Assessment• Perimeter protections
– Changing: wireless / virtual worlds– Automated configuration management
• Access control– Role Based– Multi-factorial Authentication
• Specialized security training
© 2006 EmeSec
HealthTechNet
Managing Vulnerabilities
• Continuous Monitoring– Automated patching– Network and server
functionality– Audit trail monitoring /
alerts
• Trend analysis– Incident Response– Key Performance
Indicators• Up time
• Training
• Size does matter– Monitoring and response
are required– Resources generally
limited• Money
• Personnel
– Innovation Critical to success
© 2006 EmeSec
HealthTechNet
Contact Us: 12801 Worldgate Drive, Suite
500Herndon, Virginia 20170
703.871.3973www.emesec.net
8(a), Service Disabled Veteran, Woman-owned, Small Business