![Page 1: © 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170](https://reader036.vdocuments.mx/reader036/viewer/2022062323/5697bfef1a28abf838cb9cc6/html5/thumbnails/1.jpg)
© 2006 EmeSec
HealthTechNet
The Management and Operational Perspective of
Privacy and Security
12801 Worldgate Drive, Suite 500Herndon, Virginia 20170
703-871-3973
A Privacy / Security Presentation
For HealthTechNet
July 21, 2006
Maria C. Horton, CISSP-ISSMP, IAM
![Page 2: © 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170](https://reader036.vdocuments.mx/reader036/viewer/2022062323/5697bfef1a28abf838cb9cc6/html5/thumbnails/2.jpg)
© 2006 EmeSec
HealthTechNet
About EmeSec (pronounced em-ēē-sek)
• 8(a), Service Disabled Veteran, Woman Owned Business – Founded April 2003
• EmeSec specializes e-Security solutions IT policy and planning, Continuity of Operations, Incident Response, and Regulatory Compliance
![Page 3: © 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170](https://reader036.vdocuments.mx/reader036/viewer/2022062323/5697bfef1a28abf838cb9cc6/html5/thumbnails/3.jpg)
© 2006 EmeSec
HealthTechNet
Security in Large Organizations
Source: Meta Group, 2004
1-2 yr phase
![Page 4: © 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170](https://reader036.vdocuments.mx/reader036/viewer/2022062323/5697bfef1a28abf838cb9cc6/html5/thumbnails/4.jpg)
© 2006 EmeSec
HealthTechNet
Data Protection
• Drivers– Government
• Regulatory
– Commercial• Revenue • Privacy
• Management– Policy driven– Procedurally
oriented
• Operational– Technically focused– Location based
![Page 5: © 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170](https://reader036.vdocuments.mx/reader036/viewer/2022062323/5697bfef1a28abf838cb9cc6/html5/thumbnails/5.jpg)
© 2006 EmeSec
HealthTechNet
Common Security Issues
• Five Basic problem Areas– Inherent Security Defects– Misuse of Tools – Improper maintenance– Ineffective Security– Inadequate detection systems
![Page 6: © 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170](https://reader036.vdocuments.mx/reader036/viewer/2022062323/5697bfef1a28abf838cb9cc6/html5/thumbnails/6.jpg)
© 2006 EmeSec
HealthTechNet
Threat Response Activities• Annual Risk Assessment• Perimeter protections
– Changing: wireless / virtual worlds– Automated configuration management
• Access control– Role Based– Multi-factorial Authentication
• Specialized security training
![Page 7: © 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170](https://reader036.vdocuments.mx/reader036/viewer/2022062323/5697bfef1a28abf838cb9cc6/html5/thumbnails/7.jpg)
© 2006 EmeSec
HealthTechNet
Managing Vulnerabilities
• Continuous Monitoring– Automated patching– Network and server
functionality– Audit trail monitoring /
alerts
• Trend analysis– Incident Response– Key Performance
Indicators• Up time
• Training
• Size does matter– Monitoring and response
are required– Resources generally
limited• Money
• Personnel
– Innovation Critical to success
![Page 8: © 2006 EmeSec HealthTechNet The Management and Operational Perspective of Privacy and Security 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170](https://reader036.vdocuments.mx/reader036/viewer/2022062323/5697bfef1a28abf838cb9cc6/html5/thumbnails/8.jpg)
© 2006 EmeSec
HealthTechNet
Contact Us: 12801 Worldgate Drive, Suite
500Herndon, Virginia 20170
703.871.3973www.emesec.net
8(a), Service Disabled Veteran, Woman-owned, Small Business