“ Se Securit ity Risk An Anal alyses Done Right ” A Complimentary Webinar From healthsystemCIO.com Sponsored by Fortified Health Solutions, A Santa Rosa Company Your Line Will Be Silent Until Our Event Begins at 12:00 ET Thank You! Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Housekeeping • Moderator – Anthony Guerra, editor-in-chief, healthsystemCIO.com • Ask A Question • We will be holding a Q&A session after the formal presentations. • You may submit your questions at any time by clicking on the QA panel located in the lower right corner of your screen, type in your questions in the text field and hit send. Please keep the send to default as “All Panelists.” • Download the Deck • Go to Download today's deck at: http://healthsystemcio.com/presentation/risk- analyses-webinar.pdf • Shortened URL at bottom of all slides • View the Archive • You will receive an email when our archive recording is ready. • Separate registration is required. Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Agenda — Approximately 45 Minutes • 25-30 minutes: Chuck Podesta, CIO, UC Irvine Health • 5 minutes: A Word From Our Sponsor: Troy McClendon, President, Fortified Health Solutions, A Santa Rosa Company • 10-15 minutes: Q&A w/Chuck Podesta Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
“Security Ri Risk Analyses Done Right” Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Threats UNSAFE HACKERS WEBSITES SOCIAL PHISHING ENGINEERING WEAK DATA PASSWORDS LOSS INAPPROPRIATE BREACH OF ACCESS VIRUSES INFORMATION Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
It’s not just HIPAA • Health Information Technology for Economic and Clinical Health (HITECH) • Health Information Trust Alliance (HITRUST) • Payment Card Industry (PCI) • National Institute of Standards and Technology (NIST) • International Organization for Standardization (ISO) • Federal Trade Commission (FTC) • State Laws Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
HITRUST • Common Security Framework (CSF) • Risk Assessment • Corrective Action Plan • Policy Management • Incident Management • Exception Management Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Risk Assessment Harmonization Goes Way Beyond Meaningful Use • Data Management • Network Segmentation • System Controls Current State • Technical Controls Planned • Encryption • Physical Controls Minimal • User Awareness Optimal • Audit and Monitoring • Risk Transfer Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Data Management • Sensitive Data Map • Structured and Unstructured ePHI • Credit Card Data • Data Lifecycle • Retention Program • Access • Audit • Minimal Necessary Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Network Segmentation • LAN & WAN Segmentation • Important for PCI Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
System Controls • Computers • Desktops, Laptops, Servers • Mobile Devices • PDA/Tablets, USB/Flash, Phones/PDA • Removable Media • Backup Tapes and CDs • Peripherals • Printers, Copiers/Fax, Scanners Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Technical Controls • Network Access • System Authentication • IDS/IPS • Vulnerability Assessment • Data Management • Data Loss Prevention (DLP) • Configuration Management • Server, Desktop, Network • Log Manager • Log Manager • SIEM Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Encryption • Data At Rest • Database and File Storage • Backup tapes and the Cloud • Workstations and Laptops • Data In Motion • Email and FTP • USB/Flash and CDs • Tablets • Interfaces • Texting Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
User Awareness • Policy Education • Device Placement, Access, Auditing • Logoff • Encryption • Process Education • Encryption • Threat Awareness • Create Awareness Program • Home Use Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Audit and Monitoring • Solutions • Network Management and network access controls • Data Loss Prevention • Log Management • Application Event Management • Database Managers • Email Auditor • SIEM Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Risk Transfer • Financial • Cyber Insurance • ASP Services • Cloud Services • Vendor Managed Systems • Third Parties • CoLocation • Outsourcing • SaaS • Cloud Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Keys to a Successful Plan • C-Suite Buy-in • You Can’t Do It Alone • Organizational Awareness • Funding for Technical Investments • A Breach is not IF but WHEN • Monitor Your BA Readiness • Implement Corrective Action Plans • Hire a CISO Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
“Security Risk sk Analy lyse ses Done ne Right” Troy McClendon, President, Fortified Health Solutions, A Santa Rosa Company Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
What’s the biggest misstep for Covered Entities and Business Associates? • Failu Fa ilure to cond nduc uct a thor orou ough h Risk Ana naly lysis is • Fa Failu ilure to addr ddress the resul ults of a Com omprehe hens nsive ve Risk Analysis is HIPAA Security, Privacy & Breach Slide Deck: http://goo.gl/BZkqHF Compliance - What Health Executives Webex Support 1-866-229-3239 19 Need to Know Event #299 749 291 Proprietary & Confidential
Wha hat t to to do do with th Risk Ana Analys ysis Result esults Extract the Extract the Physical Extract the Administrative Risk(s) Technical Risk(s) Risk(s) • Prioritize the risk(s) if not already sorted in the report • Determine the effort it will take to remediate the risk(s) • Identify the staff members to participate in remediation efforts • Identify any outside resources to participate in remediation efforts Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 20 Event #299 749 291
What you’ll most likely need to prepare for… • The organization may not have adequate resources to complete the required remediation • The organization may not have the in-house skillset(s) to complete the required remediation • Remediation may require the organization to implement new policies & processes • Could equate to additional staff training, capital investment, governance, differences of opinion, stricter employee sanctions • Remediation may require the organization to implement new technologies • Could equate to increased budget(s), capital investment, skills training, outsourcing • Remediation will require the organization to implement on-going security processes Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 21 Event #299 749 291
Q&A Click on the Q&A panel located in the lower right corner of your screen, type in your questions in the text field and hit send. Please keep the send to default as “All Panelists.” Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Thank You! • Thanks to our featured speaker: Chuck Podesta • Thanks to our sponsor: Fortified Health Solutions, a Santa Rosa Company • You will receive an email when our archive recording is ready. (Separate registration is required) • CHIME CHCIO Credits – Attending our Webinars = 1 CEU • Questions/Comments – Anthony Guerra aguerra@healthsystemCIO.com Go to www.healthsystemCIO.com/webinars to view our upcoming schedule and see the last 12 months of archived events. Slide Deck: http://goo.gl/BZkqHF Webex Support 1-866-229-3239 Event #299 749 291
Recommend
More recommend