Call Girl Service Bidadi - For 7001305949 Cheap & Best with original Photos
Â
Panel Cyber Security and Privacy without Carrie Waggoner
1. Security & Privacy Panel
Moderator: Jeff Livesay
MiHIN Associate Director
2. Security â by the numbers - redux
⢠Same as last year: I say a number and the
person who guesses what the number refers
to receives a door prizeâŚ.
43 39 33 18
This yearâs numbers are:
3. The percentage of
ALL 2011 security breaches in
ALL industries globally that began
in healthcare
43
Source: Symantec 2012
4. The percentage of healthcare
security breaches that begin in
practices of size 1-10 providers
39
Source: HITRUST U.S. Healthcare Data Breach Trends Dec 2012
5. $1.50
per CC#
(PCI)
$3
per SS#
(PII)
$50
per medical record
(PHI)
Source: Digital Health Conference Panel, NYC 2012
33
The Black Market value ratio of
Personal Health Information (PHI)
to Personal Credit Information (PCI)
6. ⢠The number of prioritized recommendations made
in the Cyber-Security White Paper to:
⢠Michiganâs Health Information Technology
Commission in February 2013
⢠Governor Snyderâs Cyber Initiative Task Force in
March 2013
18 MiHIN
White Paper
Half of these recommendations already
have efforts underway in Michigan
7. Why are Security and Privacy so
important in healthcare?
Ensuring the Security of Electronic Health Records:
http://www.youtube.com/watch?feature=player
_embedded&v=BxSFS9faxI4#
8. Introducing todayâs panelists
⢠Dan Lohrmann, Michigan Chief Security Officer, Deputy
Director, Michigan Dept. of Technology, Management &
Budget Cybersecurity & Infrastructure Protection
⢠Brian Seggie, Chief Security Officer, MiHIN
⢠Carrie Waggoner: Privacy Specialist, Office of Legal
Affairs, Michigan Dept. of Community Health
⢠Allan Foster, President, Kantara Initiative; Community
VP, ForgeRock
⢠Jeremy Rowley, Associate General Counsel, Digicert
9. Use of material by permission only.
Michigan Department of Technology, Management & Budget
Healthcare Information
Protecting Your Data
Dan Lohrmann, Michigan Chief Security Officer
June 6, 2013
10. Use of material by permission only.
Global Cyber Threats . . .
10
11. Use of material by permission only.
DHS Open Source Report
(www.dhs.gov/national-infrastructure-protection-plan)
11
14. Use of material by permission only.
Healthcare Information â Insider Threat
Louisiana . . . 7 Arrested for creating fake IDs using
patient information
Florida . . . ER Clerk accessed records
to sell for profit
Texas . . . State employee used
immunization information to apply
for credit cards
Source: Health Info Security January 2013
15. Use of material by permission only.
4 Critical Errors
#1 â Presuming that HIPAA
Compliance is Security
#2 â Basing Security on Systems
Rather than the Critical Data
#3 â Ineffective Awareness
Program
#4 â Failure to Control Access to
Information
Source: IT World, June 2009
16. Use of material by permission only.
Top 3 Threats to Healthcare Security
#1 â Malware: Computers need to be hardened with
appropriate security configurations. Anti-virus and anti-
spyware are not enough!
#2 â Automatic Log-off: Workers leave workstations without
logging off, often in public areas. Automated log-off procedure
a must!
#3 â Removable Media: USB devices enable removal of
sensitive information with the click of a mouse. Know whatâs
on your network!
Source: Information Management Magazine Feb 2006
17. Trust Frameworks:
Our communities shape the future of Digital Identity
Allan Foster (ForgeRock), Board of Trustee President
MiNIH 2013
18. 18
Kantara Initiative: Overview
Values
Kantara Initiative - Trust Frameworks: A Global Context
Organizations, Industry and
Governments join Kantara because
we value:
⢠Trust
Operating Accreditation, Approval
and Certification programs
⢠Privacy
Developing privacy respecting
solutions.
⢠Security
Developing high security solutions
and practices
⢠Community
Bridging technology and policy
requirements
Trustees:
Trustees At Large:
⢠Government of Canada
⢠Terena
19. 19
Kantara Initiative: Overview
Federation, Compliance, and Interoperability
Kantara Initiative - Trust Frameworks: A Global Context
Members join Kantara because we
build trust and harmonization by
developing compliance criteria based
on requirements of end-users, relying
parties and identity providers.
Organizations become APPROVED
because we operate compliance
programs for multiple solutions that
fit a variety of requirements and
jurisdictions.
Kantara Builds Bridges
*Non-Profit 501c6
20. 20
Kantara Initiative: Review
Landscape
Kantara Initiative - Trust Frameworks: A Global Context
Healthcare organizations join Kantara to leverage our community and Approval
services (NIST, ICAM , etc) to advance their organizational goals.
⢠Healthcare providerâs identity is tied to each clinical and administrative system
they use.
⢠Single sign-on solutions exist for some large organizations. These solutions do
not necessarily scale beyond the walls of the organization.
⢠âExtendedâ environment, point-to-point integration and agreements must exist
between organizations in order to provide system access to individuals.
⢠Traditional fee-for-service healthcare delivery had little or no need for a nation
wide interoperable, federated identity ecosystem.
⢠Incentive models are changing with the advent of Accountable Care
Organizations and Community-based healthcare delivery.
21. 21
Kantara Initiative: Overview
What does a Trust Framework look like?
Kantara Initiative - Trust Frameworks: A Global Context
Trust
Input
Requirements
in to Kantara
Kantara and
end-user
stakeholders
develop criteria
for assessment
Kantara
Accredited
Assessors
perform
assessments
Relying Parties
&
End-Users
Criteria for IdP /
CSP Assessment
to verify Trust
22. 22
Trust Framework Model
Kantara Initiative - Trust Frameworks: A Global Context
Registration
Verification
Assessment
Certification
Process
Trust Status
Listing Service
Interested
Parties
Trust Status Listing Service,
Registry, White List
23. Kantara Trust Framework:
Component Services
23Kantara Initiative - Trust Frameworks: A Global Context
Credential
Service
Provider
Identity
Proofing /
Verification
Organizational
Trust
Credential
Issuance /
Management
Responding to industry
experts Kantara
members create path to
component service
recognition.
Component Services:
⢠Identity Proofing /
Verification
⢠Credential Issuance
and Management
24. Kantara Trust Framework:
Accredited Assessors and Approved CSPs
Kantara Accredited to LoA 1-4
24Kantara Initiative - Trust Frameworks: A Global Context
Kantara Approved to LoA 3 non-crpyto
Verizon Universal Identity Service (VUIS)*
* ICAM Trust Framework Approval
IDPV Component Recognition
Norton Credential Service Provider
*ICAM Trust Framework Approval (Conditional)
25. Shaping the Future of Digital Identity
Thanks!!
⢠@kantaranews
⢠kantarainitiative.org
⢠kantarainitiative.org/membership/
⢠kantarainitiative.org/listinfo/community
⢠bit.ly/Kantara_Assurance
⢠Support@kantarainitiative.org
25Kantara Initiative - Trust Frameworks: A Global Context
26. The Other Side of Security
Brian Seggie
MiHIN Chief Security Officer
27. With all of the investments in SecurityâŚ
⢠Technical solutions have been deployed
Firewalls, Intrusion Prevention Systems, Data Loss Prevention
⢠Standards have been developed
FIPS 140, NIST 800, ISO 27001/2
⢠Compliance structures have been built
ISC, SANS, COBIT
⢠Regulations have been passed
HIPAA/HITECH, PCI-DSS, SOX, GLBA
why are we still insecure?
28. The Other Side of Security
⢠Attitude
⢠Confusion
⢠Important data not identified
⢠Complexity
⢠Understaffing
29. Attitude â Denial of the Threat
âThere are only two types of companies: those
that have been hacked, and those that will be.â
- FBI Director Robert Mueller, 2012
âThere are only two categories of companies âŚ
those that know theyâve been compromised and
those that donât know it yet.â
- US Attorney General, 2013
and more recentlyâŚ
31. Identify what is important
Where should you focus your limited resources?
32. Complexity
Too many dissimilar systems and security policies
of organizations use network security
devices from multiple vendors
reported a security breach, system
outage, or both, due to complex policies
Source: Algosec 2012 survey
95%
50%
33. Understaffed IT Departments
⢠Shortcuts taken to just âkeep the lights onâ
⢠Hit-and-miss management of infrastructure
âMore than two-thirds of the world's CSOs
report that their current information security
operations are understaffed, and that it's
compromising their company's security.â
Source: Frost & Sullivan for ISC(2) 2012
35. Direct, Privacy, and Interstate
Communication
Presented by Jeremy Rowley
DigiCert, Inc.
36. ďľ Report to Congress on Foreign Economic Collection and Industrial
Espionage from the OfďŹce of the National Counterintelligence Executive
OfďŹce: âThe massive R&D costs for new [Healthcare] products in these
sectors, up to $1 billion for a single drug, the possibility of earning
monopoly proďŹts from a popular new pharmaceutical, and the growing
need for medical care by aging populations in China, Russia, and elsewhere
are likely to drive interest in collecting valuable US healthcare,
pharmaceutical, and related information.â
ďľ The HIMSS Privacy and Security Committee goal: "By 2014, all entities who
use, send, or store health information meet requirements for
confidentiality, integrity, availability and accountability based on sound risk
management practices, using recognized standards and protocols."
ďľ NHIN Project Statement: âA project to create the set of standards and
services that, with a policy framework, enable simple, directed, routed,
scalable transport over the Internet to be used for secure and meaningful
exchange between known participants in support of meaningful useâ
36
DirectTrust Project
37. 37
DirectTrust Communication
ďľ Single solution that secures communication to patients, public health,
and other providers
ďľ Built on existing PKI and uses existing systems
⢠Identity, Digital Signatures, Encryption
⢠Widely used and nationwide adoption by the HISPs
ď§ Athena, Cerner, McKesson, covisint, eClincalWorks, MiHIN
ď§ ONC endorsed and compliant with guidance released in May 2013
ďľ Meets Direct requirements
⢠Simple â Push-based transport system
⢠Secure â Encrypted and verifiable messages
⢠Scalable â No need for a central network authority
⢠Standards-based â uses s/MIME established protocols
ďľ Uses HISPs to handle infrastructure and provide communication
⢠Arranges identity verification
⢠Manages digital certificates
⢠Maintains integrity of trust and security framework
⢠Responsible for complying with regulations
38. 38
DirectTrust Interstate Participants
CA
â˘Cross-certification with FBCA
â˘Accredited trust anchor
â˘Certificate Issuance
RA
â˘Identity Verification to NIST LOA3/Medium
â˘Accredited practices
HISP
â˘Gatekeeper for participation
â˘Certificate management and facilitation of communication between the parties
â˘Verified individual and organizational ientity
HCO
â˘Transacts health care information
â˘Verified representative responsible for certificates and communication
Patients
â˘Provides health care information
â˘Communication with the HCO
39. ⢠Organization verified using government documents
⢠In-person or remote proofing using a government ID
⢠Address verification
⢠FBCA medium assurance verification
NIST LOA3
⢠Organization verified using government documents
⢠In-person proofing using government IDs
⢠Declaration of Identity
⢠30 days of issuance
Medium
39
Verification Requirements
42. ďľ Founding member, co-chair of Certificate Policies & Practices
Working Group, DirectTrust
ďľ First CA to issue Direct-compliant FBCA certificates
ďľ Direct Med CA included in Transitional Trust Anchor Bundle
ďľ Already supporting HISPs, HIEs and HCOs
ďľ Feel free to contact me at jeremy.rowley@digicert.com
42
DigiCert
43. Questions?
Contact Us:
Jeff Livesay
Associate Director
livesay@mihin.org
Brian Seggie
Security Director and Chief Security Officer
seggie@mihin.org
For more information:
security@mihin.org
Hinweis der Redaktion
Current LandscapeFaxes â slow inconvenient and expensiveElectronic communication â not secureMeaningful Use stages demand something betterDirectTrust.org â endorsed by the ONC on May 24, 2013http://www.healthit.gov/buzz-blog/electronic-health-and-medical-records/directtrust-builds-transparency-confidence-direct-exchange/
Simple â Messages are containers of health information, connects through universal addressing using simple push of informationSecure â Encryption and express trust relationship, users can verify the message is complete and free from tamperingScalable - Security agents are responsible for providing servicesStandards â SMTP-based secure emails that comply with RFC5322