chime lead new york 2014 "case studies from the field: putting cyber security strategies into...
DESCRIPTION
CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action" Learn from those in the trenches who have deployed effective cyber strategies in their organizations, foiled attacks and managed breach situations. Learn approaches for success and pitfalls to avoid by exploring the experience of others with deployment and management of cyber security strategies and plans. Learning Objectives: Identify successes, challenges and lessons learned with implementation of cyber strategies Identify success strategies for gaining the C Suite support and ways cyber security can be integrated into the organization's culture and work processes. Identify best practices with anticipating new and emerging threats and ways to maintain a proactive position instead of reactive Identify approaches for breach preparation and breach management Featured Speakers: Neal Ganguly, MBA, FCHIME, FHIMSS, CHCIO VP & CIO JFK Health System Miroslav Belote Director of IT – Infrastructure and Information Security Officer JFK Health System Nassar Nizami CISO Yale-New Haven Health SystemTRANSCRIPT
![Page 1: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/1.jpg)
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Neal Ganguly, MBA, FCHIME, FHIMSS, CHCIO
VP & CIOJFK Health System
#LEAD14
UsernamePassword
Case Studies from the Field ________
Putting Cyber Security Strategies into Action
Miroslav BeloteDirector of IT – Infrastructure
and Information Security Officer
JFK Health System
Moderator: Pam Matthews, RN, MBA, CPHIMS, FHIMSS, Vice President, Education & Business Development, CHIME
Sponsors:
Nassar NizamiCISO
Yale-New Haven Health System
![Page 2: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/2.jpg)
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Case Studies from the Field________
Putting Cyber Security Strategies into Action
● Speaker: Nassar Nizami, CISO, Yale-New Haven Health System ●
#LEAD14
![Page 3: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/3.jpg)
Yale New Haven Health SystemWho We Are
• Four Member Delivery Network• Multiple Clinical Affiliations• Affiliated with Yale University• Destination Hospital for Patients
Throughout the United States• Currently Going Through an Affiliation
and Acquisition Period
![Page 4: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/4.jpg)
Enterprise-Wide Clinical Systems
![Page 5: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/5.jpg)
Application Inventory
• Inventory of applications in a spreadsheet with key information
• Information we are interested in
Information we require
![Page 6: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/6.jpg)
External Data Flow
![Page 7: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/7.jpg)
Data Loss Prevention
Desktop/Laptops
Web
File shares
Cloud
Mobile Devices
![Page 8: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/8.jpg)
Exact Data Match
• Patten based matches• Common • xxx-xx-xxx
• Potential SSN• False Positives
• Exact Data Match• Match on known and indexed data
• First Name, Last Name, MRN from EMR• First Name, Last Name,, Employee ID
from HR system• False positives decrease
significantly
![Page 9: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/9.jpg)
Desktop/Laptop
• Client installed on desktops and laptops
• Scans for • Files copied to removable
media• Internet traffic• Local drive scan
• Pattern based matching (HIPAA Policies)
• Data scanned when copied to removable media
![Page 10: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/10.jpg)
Desktop Challenges
Computer Slow Down
Hardware Refresh
Complete Desktop Scan
Selective Scan
Good Support for Windows OS
Support Lacking for non-Windows OS
![Page 11: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/11.jpg)
Web
• Dedicated servers for HTTP• ~80% of our overall traffic
• Dedicated servers to scan select protocols like FTP, IRC etc.• Traditionally not been a problem area• Ended up blocking many protocols
• Challenges:• Encrypted traffic is tough to scan
• Solution requires robust proxy server infrastructure and proper certificate deployment
![Page 12: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/12.jpg)
EDMHIPAA
LexiconsInterne
t
Internal
Network
• Challenges:• Images, especially screen shots• PDF files scanned as images• Encrypted attachments• False positives
• Marketing & HR
• Policy requires that the emails with PHI or sensitive information must be encrypted manually
• Keyword in subject line• Require prior approval
• All outbound emails are scanned for PHI• Encrypted if PHI is found
![Page 13: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/13.jpg)
File Shares
• Started with ad-hoc scanning – First 2-3 years
• Periodic since last year– Scanning has improved
• Several terabytes in a couple of days
![Page 14: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/14.jpg)
File Share Management
• File share permission and auditing tool– Who has access to what shares?
• Thousands of shares– Many more folders and sub-folders
• Integrated with DLP– Flags folders with sensitive information– Extremely helpful in prioritizing
![Page 15: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/15.jpg)
Governance & Timeline
• Acquired solution• Implemented Email & Web
– Email was a quick win
• Desktop – four years for 80% coverage
• Committee to direct implementation
![Page 16: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/16.jpg)
Cloud & Mobile Devices
• Hosted emails, Office365, Box.net etc.
• No good solution• Some vendors offer
basic DLP capabilities• Scanning maybe
possible if data orginiates from corporate network
• No good solution• Computing capability• Different OS• Limited access to API
• VPN back to corporate• Slow• Can be bypassed
![Page 17: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/17.jpg)
Lessons Learned
User Communication Skilled Team Multiple Servers
Part of Solution Slowness
![Page 18: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/18.jpg)
Lessons Learned
• User communication• Dedicated & skilled team
– Takes time to understand false positives
• Scalability– Plan for multiple servers with lots of
processing power
• DLP alone is not effective tool against someone who is trying to bypass controls– Part of a solution
• Desktop client may cause slowness
![Page 19: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/19.jpg)
Next Steps/Wish List
• Notification to management• Active blocking of network protocols• Incorporate SSL
– Technically challenging
• Apple computers• Mobile device integration• Cloud based storage• Involve business*
![Page 20: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/20.jpg)
reference
![Page 21: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/21.jpg)
Facts & Figures
• Medical staff5675
• Employees18,345
• Total Licensed Beds 2130• Inpatient Discharges 93,923• Outpatient Visits
1,397,632• Total Assets
$3.6 billion• Net Revenue
$2.6 billion
![Page 22: CHIME LEAD New York 2014 "Case Studies from the Field: Putting Cyber Security Strategies into Action"](https://reader036.vdocument.in/reader036/viewer/2022062419/558a0a74d8b42aa2268b465a/html5/thumbnails/22.jpg)
Q & A
Contact InformationNassar Nizami
A CHIME Leadership Education and Development Forum in collaboration with iHT2