Upload File

hipaa security: case studies for small to medium health organizations (compliance methods) jeff...

  • Home
  • Documents
  • HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO
4
HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO Treadstone 71 www.treadstone71.com [email protected]

Upload: michelle-weber

Post on 26-Mar-2015

217 views

Category:

Documents


1 download

Report

Tags:

TRANSCRIPT

Page 1: HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO

HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods)

Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVESM

Principal & CSO

Treadstone 71

www.treadstone71.com

[email protected]

Page 2: HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO

Agenda

From Threat Agent to Safeguard The NSA IAM Method

Criticality of Information Matrix Systems Criticality Matrix

OCTAVESM Method Human Actors Using Network Access Threat Profile: System Problems Basic Risk Profile

Initial Findings Scorecards HIPAA & ISO17799 Roadmap Q&A

Page 3: HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO

ThreatAgent

Threat

Vulnerability

Risk

Asset(ePHI)

Exposure

Safeguard

Gives rise to

Exploits

Leads to

Can damage

And causes an

Can be countermeasured by

Directly affects

Page 4: HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO

  Confidentiality Integrity Availability

Patient Records

Medical Staff Records

Employee Records

Vendor Contracts

Employee Health Records

Legal Files (lawsuit information)

Contracts w/Agency People

Meeting Minutes (Board)

Survey Reports (Joint Commission (Medicare/Medicaid)

Docs – Security Eng Tests & Inspections

Patient Accounts

Financial Audits

Planning Documents (Strategic/Master Facility Plan)

Payroll Records

Psych/Drug/Alcohol/HIV

Criticality of Information Matrix

H

M

MM

M

MM

M

M

M

H

H

H

H

H

H

H

HH

H

H

H

H

H

H

M

H

H

H

H

M

MM

M

MM

M

M

M

H

H

H

H

M M

National Security AgencyInformation Assurance Methodology


Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM Cable & Wireless FG1B Chair

Boni Bruno, CISSP, CISM, CGEIT Technical Director

The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International

HOMELAND SECURITY: CYBER-SECURITY AT THE LOCAL LEVEL Kirk Bailey, CISSP, CISM CISO, UW

Software Development Security in Complex IT Environments Csaba Krasznay CISA, CISM, CISSP, CEH Hewlett-Packard Hungary

Copyright 2004 Integrity Incorporated Carolyn Burke, MA, CISSP, CISM CEO, Integrity Incorporated Mitigate Risk March 23, 2004, 2pm

© ALAPSI/ITESM 2006 Lámina 1 Physical Security CISSP Review Gonzalo Espinosa, CISSP, CISM

Ehsan Foroughi M.Sc., CISSP, CISM. Availability Confidentiality Integrity

Robert Fullagar CISSP CISM CRISC Clas CEH “Security is everyone’s responsibility”

Submarine Warfare: Perimeter defense without walls Dan Houser, CISSP, CISM

JAMIE S. HERMAN, C|CISO, CISM, CISSP MANAGER OF INFORMATION SECURITY ROPES & GRAY LLP

Twenty Years Later Perspectives from an AFIT Graduate Corey D. King, CISSP, CISM Southwest Research Institute

"WhatsApp:+1(859)740-9292" Get CISCO,CHST,CISSP,CISM,AWS Proxy to attend exam

The CISSP and CAP Prep Guide: Platinum Edition · CISSP, CISM, Security +, CCNA, MCSE, MCNE The CISSP® and CAP CM Prep Guide: Platinum Edition ... Objectives of Security Controls

William Alan Matthey II MCSE/MCITP, CISSP/CISM, MCT

CISSP Thomas Moore. Thomas Moore, Ph.D., EMBA BCSA BCSP LCNAD CISM CISSP LMNOP (Licensed Microsoft Network Operations Professional) B.S. No, really, in

Giving the Heave-Ho to Worms, Spyware, and Bots! Tammy L Clark, CISSP, CISM, CISA CISO, Georgia State University William Monahan, CISSP, CISA, CISM Information

How Training and Consulting Companies Can Position CISSP, CISM and CRISC

Information Technology Management (ITM101) Week 01: Introduction Matthew W. Stephan: CISM, CISSP, CGEIT, CRISC, PMP

Penetration Testing - PKF · PDF filePenetration Testing Stevie Heong – CISSP, CISA, CISM, CGEIT, CCNP PKF Avant Edge

7-Step Guide to Pass the CISSP Exam Phoenix IEEE Computer Society February 11, 2003 Debbie Christofferson, CISSP, CISM Sapphire-Security Services [email protected]@earthliink.net

Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT

Introduction to Project Management Dr.Ir. Fauzi Hasan MM, MBA, PMP, CISA, CISM, CISSP, SSCP, CGEIT, APICS, CSCP

The Board Level View on IT Governance DR. Ir. Fauzi Hasan BSc., MM, MBA, PMP, CISA, CISSP, CISM

Manny Morales CISSP, CISA, CISM, CSM Independent ... · Manny Morales. CISSP, CISA, CISM, CSM. Independent Consultant. June 8, 2016. 1 NYS Cyber Security Conference June 8-9, 2016

So You still Have a Mainframe ? Edward Napoleon, CISSP, CISM

Kate Borten, CISSP, CISM Rule - hcmarketplace.comhcmarketplace.com/media/browse/11512_browse.pdfKate Borten, CISSP, CISM The HIPAA Omnibus Rule Toolkit A Covered Entity and Business

The Cybersecurity Landscape...5/16/2016 1 ZZ The Cybersecurity Landscape Walt Powell CISSP, CISM Sr. Solution Architect Optiv Security Introduction Walt Powell CISSP CISM Sr. Solution

1 Developing and Implementing a CIRT Team Nanette S. Poulios, CISSP, CISM Senior Training Consultant Easy i

> > Michael Trofi, CISSP, CISM, CGEIT, GPEN Trofi Security [email protected] Incident Response Handling

Kathleen Ann Mullin, CIA, CISA, CISSP, CISM, CRSIC, … · Kathleen Ann Mullin, CIA, CISA, CISSP, CISM, CRSIC, CGEIT September 13, 2011

Forensic Image Analysis for Password Recovery David C. Smith, CISSP, CISM Georgetown University HCP Forensic Services

BY DAVID ISIAVWE (B.Sc/M.Sc/CISSP/CISA/CISM/CGEIT/FCA) 1

Information Technology Management (ITM101) Week 02: IT Standards & Governance Matthew W. Stephan: CISM, CISSP, CGEIT, CRISC, PMP

CISSP, CISM, CISA IT Security, Governance, Risk, and ... · George Gilka CISSP, CISM, CISA IT Security, Governance, Risk, and Compliance CGI