SlideShare ist ein Scribd-Unternehmen logo

HIPAA 101 Compliance Threat Landscape & Best Practices

•Als PPTX, PDF herunterladen•
•
Hostway|HOSTING
Hostway|HOSTING

The healthcare IT landscape is changing daily, and trying to keep up with requirements like HIPAA and HITECH can leave you and your clients extremely vulnerable. Register today to hear more about the current HIPAA threat landscape and learn best practices for protection. Experts from Hostway and Alert Logic will keep you up-to-date on the latest trends in healthcare IT. You'll learn about the following: - The current state of the healthcare IT industry and the role of HIPAA - Threats associated with the healthcare landscape - How a security breach can impact your organization - Security best practices for HIPAA compliant cloud hosting and more!

Technologie
1 von 33
HIPAA 101: COMPLIANCE Threat Landscape and Best Practices
2 Webinar Administration  Enter questions in the chat box  A recording of the webinar will be available to all attendees  Speaker contact info will be available at the end of the presentation  Giveaway drawing will be held after the Q&A
3 Speakers Peter Marsh Director of Security Hostway Paul Fletcher Chief Security Evangelist Alert Logic
Reasons to trust our relationship 4 Partnership Overview Millions Of devices secured Petabytes of log data under management Hundreds of Millions of security events correlated per month Thousands of incidents identified and reviewed per month **Locations between partnerships**
Over 3,600 Organizations 5 Alert Logic - Overview Alert Logic has more than a decade of experience pioneering and refining cloud solutions that are secure, flexible and designed to work with hosting and cloud service providers. As one of the nation’s leading managed security providers, Alert Logic has the tools and experience that helps differentiate Hostways Managed Security Offerings apart from other companies. Alert Logic helps Hostway focus on delivering a complete solution
THREAT LANDSCAPE 6
7 Threats by Customer Environment 48% 23% 21% 2% 6% Cloud Attacks APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY 25% 47% 10% 11% 7% Brick & Mortar Attacks APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY Source: Alert Logic CSR 2016
8 Global Analysis
9 Industry Analysis Source: Vectra Networks A new report into cyber security trends shows healthcare to be the most frequently targeted industry, with 164 threats detected per 1,000 host devices.
10 Industry Analysis Root Cause Top 10 Healthcare Breaches: Unintentional Insider – 3 Poor physical security – 3 Compromised systems – 2 Third party vendor – 2
11 Rite Aid – History of Breaches 2014 2015 2017
12 Latest ”News”
SECURITY BEST PRACTICES 13
Security Best Practices • Secure your code • Security Management and Monitoring Strategy • Create access management policies • Data classification • Adopt a patch management approach • Build a security toolkit • Stay informed of the latest vulnerabilities that may affect you • Understand your cloud service providers security model • Understand the shared security responsibility • Defense in Depth – 24x7 14
Secure Your Code • Test inputs that are open to the Internet • Add delays to your code to confuse bots • Use encryption when you can • Test libraries • Scan plugins • Scan your code after every update • Limit privileges • DevSecOps 15
Security Management and Monitoring Strategy • Monitoring for malicious activity • Scanning Services • Forensic investigations • Compliance needs • System performance • All sources of log data is collected • Data types (OS, CMS, DB, Web) • WAF • Correlation logic • IAM behavior • IDS Network traffic • FIM Logs • Focused security research • Security content creation • Review process • Live monitoring 16
Create Access Management Policies •Identify data infrastructure that requires access •Define roles and responsibilities •Simplify access controls (KISS) •Continually audit access •Start with a least privilege access model 17
Data Classification • Identify data repositories and mobile backups • Identify classification levels and requirements • Analyze data to determine classification • Build Access Management policy around classification • Monitor file modifications and users 18
Adopt a Patch Management Approach • Constantly scan all production systems • Compare reported vulnerabilities to production infrastructure • Classify the risk based on vulnerability and likelihood • Test patches before you release into production • Setup a regular patching schedule • Keep informed, follow bugtraqer • Follow a SDLC 19
Build a Security Toolkit Recommended Security Solutions • Antivirus • IP tables/Firewall • Backups • FIM • Intrusion Detection System • Malware Detection • Web Application Firewalls • Forensic Image of hardware remotely • Future Deep Packet Forensics • Web Filters • Mail Filters • Encryption Solutions • Proxies • Log collection • SIEM Monitoring and Escalation • Penetration Testing 20
Stay Informed of the Latest Vulnerabilities Websites to follow: • http://www.securityfocus.com • http://www.exploit-db.com • http://seclists.org/fulldisclosure/ • http://www.securitybloggersnetwork.com/ • http://cve.mitre.org/ • http://nvd.nist.gov/ • https://www.alertlogic.com/weekly-threat-report/ 21
Understand Your Service Providers Security Model • Understand the security offerings from your provider • Probe into the Security vendors to find their prime service • Hypervisor exploits are patched by the service provider • Questions to use when evaluating cloud service providers 22
Understand the Cloud Shared Security Model 23
Defense in Depth Security Operations – 24x7 24
HOW TO GET STARTED 25
Risk Assessment • Know the threats • Assess • Do nothing • Transfer • Mitigate • Reassess 26
27 Hidden Risks • New York Presbyterian Hospital and Columbia University • A physician connected an unsecure server to the network, which was used to compromise the network and patient records • $4.8 million settlement • Advocate Health Care • Four unencrypted laptops were stolen compromising 4 million patient records • OCR found that they did not properly assess risks • $5.55 million settlement • Triple-S Management • Five data breaches that impacted fewer than 500 people • OCR found they did not have proper safeguards and an accurate risk assessment was never performed • Fined $3.5 million
28 Know the top 10 Violations Lost and Stolen Devices1 Hacking 2 Employee Dishonesty3 Improper Disposal 4 3rd Party Disclosure5 Information Leak6 Unencrypted Data 7 Lack of Training8 Unsecure Records 9 Loud Mouths10 Source: http://www.grouponehealthsource.com/blog/top-10-most-common-hipaa- violations
29 Compliance SafeguardsTechnicalPhysicalAdministrative Access Control Audit Controls Integrity Authentication Transmission Security Facility Access Control Workstation Use Workstation Security Device & Media Controls Security Process Security Responsibilities Workforce Security Data Controls Security Training Security Procedures Contingency Plans Security Evaluations Signed BAA’s
30 HIPAA Solution Overview Hostway Dedicated Solution Intrusion Detection Anti-Virus/ Malware Daily Log Review Log Review & Management Data Encryption ASV Vulnerability Scans Managed Firewall Managed Support Our Secure Customer •Dell R230 •Quad Core (E3-1250) •32 GB DDR4 •4 x 1TB HDD Platform •ASA 5506-X •Security Sec Plus •None HA Setup Network •Windows 2012 R2 •Windows 2016 Standard •Linux Debian 7 Compute Backed BAA Audited & Approved
Strive to exceed expectations in every interaction Trusted Relationships Bring 19 years of deep experience, across technologies Trusted Expertise Empowers you to run your apps where they run best Trusted Infrastructure • Thousands of customers WW, including the world’s leading brands • Over 40% of Fortune 500 Service Providers’ promote Hostway solutions through our Global Partner channel • All customers work with a Solutions Engineer • In-depth Linux, Microsoft, Cloud and VMware technical expertise and certifications • Microsoft Gold Hosting Partner with 100% of staff Azure, and Office 365 trained • Specialization in building and running secure/compliant cloud hosting solutions • Maniacal focus on speed to resolution - average call response <30 sec, resolution <30 min • Fully Managed Public/Private/Hybrid Virtualized or Traditional Managed Servers • 100% Uptime Guarantee with strong SLAs • Fully Audited and certified HIPAA compliant service provider • SSAE16 SOC1 Type II and ISO certified data centers • 9 Data centers in 4 countries on 3 continents for redundancy 31 Hostway. The Trusted Cloud.
32 THANK YOU! Q&A Please enter any questions in the chat box.
33 Contact Us Peter Marsh peter.marsh@hostway.com Paul Fletcher pfletcher@alertlogic.com

Empfohlen

Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Alert Logic
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...Risk Analysis Consultants, s.r.o.
 
How to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementHow to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementAlienVault
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Alert Logic
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitecturePriyanka Aash
 

Empfohlen

Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Alert Logic
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...Risk Analysis Consultants, s.r.o.
 
How to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementHow to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementAlienVault
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Alert Logic
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitecturePriyanka Aash
 
Distributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellDistributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellNapier University
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
 
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiCSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiNCCOMMS
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Cyber Security Case Studies
Cyber Security Case Studies Cyber Security Case Studies
Cyber Security Case Studies Moksha Kalyan Ram Abhiramula
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
Discover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & ManagementDiscover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & ManagementWebindia Internet Services (Chennai) Pvt. Ltd.
 
Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...
Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...
Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...Nagios
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSAlienVault
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to SecurityPriyanka Aash
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
 
Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016 Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016 Alert Logic
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
 
Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensiveFidelis Cybersecurity
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationSurfWatch Labs
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
How To Avoid The Top Ten Software Security Flaws
How To Avoid The Top Ten Software Security FlawsHow To Avoid The Top Ten Software Security Flaws
How To Avoid The Top Ten Software Security FlawsPriyanka Aash
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) Dragos, Inc.
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 

Weitere ähnliche Inhalte

Was ist angesagt?

Distributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellDistributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellNapier University
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
 
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiCSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiNCCOMMS
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...
Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...
Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...Nagios
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSAlienVault
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to SecurityPriyanka Aash
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
 
Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016 Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016 Alert Logic
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
 
Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensiveFidelis Cybersecurity
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationSurfWatch Labs
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
How To Avoid The Top Ten Software Security Flaws
How To Avoid The Top Ten Software Security FlawsHow To Avoid The Top Ten Software Security Flaws
How To Avoid The Top Ten Software Security FlawsPriyanka Aash
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) Dragos, Inc.
 

Was ist angesagt? (20)

Distributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellDistributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob Campbell
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11
 
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiCSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
 
Cyber Security Case Studies
Cyber Security Case Studies Cyber Security Case Studies
Cyber Security Case Studies
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
 
Discover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & ManagementDiscover an IT Infrastructure Services & Management
Discover an IT Infrastructure Services & Management
 
Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...
Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...
Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organiza...
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDS
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
 
Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016 Top 5 Cloud Security Predictions for 2016
Top 5 Cloud Security Predictions for 2016
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
 
Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the Defensive
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution Demonstration
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
How To Avoid The Top Ten Software Security Flaws
How To Avoid The Top Ten Software Security FlawsHow To Avoid The Top Ten Software Security Flaws
How To Avoid The Top Ten Software Security Flaws
 
How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI)
 

Ähnlich wie HIPAA 101 Compliance Threat Landscape & Best Practices

CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Security On The Cloud
Security On The CloudSecurity On The Cloud
Security On The CloudTu Pham
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...Priyanka Aash
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Jim Kaplan CIA CFE
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityPrecisely
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Subscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilitySubscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilityZuora, Inc.
 

Ähnlich wie HIPAA 101 Compliance Threat Landscape & Best Practices (20)

CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Security On The Cloud
Security On The CloudSecurity On The Cloud
Security On The Cloud
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
Subscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilitySubscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, Scalability
 

Mehr von Hostway|HOSTING

Economics of the Cloud: Don't Aim for the Sky on Everything
Economics of the Cloud: Don't Aim for the Sky on EverythingEconomics of the Cloud: Don't Aim for the Sky on Everything
Economics of the Cloud: Don't Aim for the Sky on EverythingHostway|HOSTING
 
How Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data CenterHow Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data CenterHostway|HOSTING
 
How Cloud Providers are Playing with Traditional Data Centers
How Cloud Providers are Playing with Traditional Data CentersHow Cloud Providers are Playing with Traditional Data Centers
How Cloud Providers are Playing with Traditional Data CentersHostway|HOSTING
 
Roundtable: Melding Network and Cloud Strategies
Roundtable: Melding Network and Cloud StrategiesRoundtable: Melding Network and Cloud Strategies
Roundtable: Melding Network and Cloud StrategiesHostway|HOSTING
 
It's Not All About the Cloud
It's Not All About the CloudIt's Not All About the Cloud
It's Not All About the CloudHostway|HOSTING
 
Hybrid Hosting; The Third Generation Cloud
Hybrid Hosting; The Third Generation Cloud Hybrid Hosting; The Third Generation Cloud
Hybrid Hosting; The Third Generation Cloud Hostway|HOSTING
 
Secrets of Profitable Cloud Resellers
Secrets of Profitable Cloud ResellersSecrets of Profitable Cloud Resellers
Secrets of Profitable Cloud ResellersHostway|HOSTING
 

Mehr von Hostway|HOSTING (7)

Economics of the Cloud: Don't Aim for the Sky on Everything
Economics of the Cloud: Don't Aim for the Sky on EverythingEconomics of the Cloud: Don't Aim for the Sky on Everything
Economics of the Cloud: Don't Aim for the Sky on Everything
 
How Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data CenterHow Cloud Providers are Playing with Traditional Data Center
How Cloud Providers are Playing with Traditional Data Center
 
How Cloud Providers are Playing with Traditional Data Centers
How Cloud Providers are Playing with Traditional Data CentersHow Cloud Providers are Playing with Traditional Data Centers
How Cloud Providers are Playing with Traditional Data Centers
 
Roundtable: Melding Network and Cloud Strategies
Roundtable: Melding Network and Cloud StrategiesRoundtable: Melding Network and Cloud Strategies
Roundtable: Melding Network and Cloud Strategies
 
It's Not All About the Cloud
It's Not All About the CloudIt's Not All About the Cloud
It's Not All About the Cloud
 
Hybrid Hosting; The Third Generation Cloud
Hybrid Hosting; The Third Generation Cloud Hybrid Hosting; The Third Generation Cloud
Hybrid Hosting; The Third Generation Cloud
 
Secrets of Profitable Cloud Resellers
Secrets of Profitable Cloud ResellersSecrets of Profitable Cloud Resellers
Secrets of Profitable Cloud Resellers
 

KĂźrzlich hochgeladen

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

KĂźrzlich hochgeladen (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

HIPAA 101 Compliance Threat Landscape & Best Practices

  • 1. HIPAA 101: COMPLIANCE Threat Landscape and Best Practices
  • 2. 2 Webinar Administration  Enter questions in the chat box  A recording of the webinar will be available to all attendees  Speaker contact info will be available at the end of the presentation  Giveaway drawing will be held after the Q&A
  • 3. 3 Speakers Peter Marsh Director of Security Hostway Paul Fletcher Chief Security Evangelist Alert Logic
  • 4. Reasons to trust our relationship 4 Partnership Overview Millions Of devices secured Petabytes of log data under management Hundreds of Millions of security events correlated per month Thousands of incidents identified and reviewed per month **Locations between partnerships**
  • 5. Over 3,600 Organizations 5 Alert Logic - Overview Alert Logic has more than a decade of experience pioneering and refining cloud solutions that are secure, flexible and designed to work with hosting and cloud service providers. As one of the nation’s leading managed security providers, Alert Logic has the tools and experience that helps differentiate Hostways Managed Security Offerings apart from other companies. Alert Logic helps Hostway focus on delivering a complete solution
  • 7. 7 Threats by Customer Environment 48% 23% 21% 2% 6% Cloud Attacks APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY 25% 47% 10% 11% 7% Brick & Mortar Attacks APPLICATION ATTACK BRUTE FORCE RECON SUSPICIOUS ACTIVITY TROJAN ACTIVITY Source: Alert Logic CSR 2016
  • 9. 9 Industry Analysis Source: Vectra Networks A new report into cyber security trends shows healthcare to be the most frequently targeted industry, with 164 threats detected per 1,000 host devices.
  • 10. 10 Industry Analysis Root Cause Top 10 Healthcare Breaches: Unintentional Insider – 3 Poor physical security – 3 Compromised systems – 2 Third party vendor – 2
  • 11. 11 Rite Aid – History of Breaches 2014 2015 2017
  • 14. Security Best Practices • Secure your code • Security Management and Monitoring Strategy • Create access management policies • Data classification • Adopt a patch management approach • Build a security toolkit • Stay informed of the latest vulnerabilities that may affect you • Understand your cloud service providers security model • Understand the shared security responsibility • Defense in Depth – 24x7 14
  • 15. Secure Your Code • Test inputs that are open to the Internet • Add delays to your code to confuse bots • Use encryption when you can • Test libraries • Scan plugins • Scan your code after every update • Limit privileges • DevSecOps 15
  • 16. Security Management and Monitoring Strategy • Monitoring for malicious activity • Scanning Services • Forensic investigations • Compliance needs • System performance • All sources of log data is collected • Data types (OS, CMS, DB, Web) • WAF • Correlation logic • IAM behavior • IDS Network traffic • FIM Logs • Focused security research • Security content creation • Review process • Live monitoring 16
  • 17. Create Access Management Policies •Identify data infrastructure that requires access •Define roles and responsibilities •Simplify access controls (KISS) •Continually audit access •Start with a least privilege access model 17
  • 18. Data Classification • Identify data repositories and mobile backups • Identify classification levels and requirements • Analyze data to determine classification • Build Access Management policy around classification • Monitor file modifications and users 18
  • 19. Adopt a Patch Management Approach • Constantly scan all production systems • Compare reported vulnerabilities to production infrastructure • Classify the risk based on vulnerability and likelihood • Test patches before you release into production • Setup a regular patching schedule • Keep informed, follow bugtraqer • Follow a SDLC 19
  • 20. Build a Security Toolkit Recommended Security Solutions • Antivirus • IP tables/Firewall • Backups • FIM • Intrusion Detection System • Malware Detection • Web Application Firewalls • Forensic Image of hardware remotely • Future Deep Packet Forensics • Web Filters • Mail Filters • Encryption Solutions • Proxies • Log collection • SIEM Monitoring and Escalation • Penetration Testing 20
  • 21. Stay Informed of the Latest Vulnerabilities Websites to follow: • http://www.securityfocus.com • http://www.exploit-db.com • http://seclists.org/fulldisclosure/ • http://www.securitybloggersnetwork.com/ • http://cve.mitre.org/ • http://nvd.nist.gov/ • https://www.alertlogic.com/weekly-threat-report/ 21
  • 22. Understand Your Service Providers Security Model • Understand the security offerings from your provider • Probe into the Security vendors to find their prime service • Hypervisor exploits are patched by the service provider • Questions to use when evaluating cloud service providers 22
  • 23. Understand the Cloud Shared Security Model 23
  • 24. Defense in Depth Security Operations – 24x7 24
  • 25. HOW TO GET STARTED 25
  • 26. Risk Assessment • Know the threats • Assess • Do nothing • Transfer • Mitigate • Reassess 26
  • 27. 27 Hidden Risks • New York Presbyterian Hospital and Columbia University • A physician connected an unsecure server to the network, which was used to compromise the network and patient records • $4.8 million settlement • Advocate Health Care • Four unencrypted laptops were stolen compromising 4 million patient records • OCR found that they did not properly assess risks • $5.55 million settlement • Triple-S Management • Five data breaches that impacted fewer than 500 people • OCR found they did not have proper safeguards and an accurate risk assessment was never performed • Fined $3.5 million
  • 28. 28 Know the top 10 Violations Lost and Stolen Devices1 Hacking 2 Employee Dishonesty3 Improper Disposal 4 3rd Party Disclosure5 Information Leak6 Unencrypted Data 7 Lack of Training8 Unsecure Records 9 Loud Mouths10 Source: http://www.grouponehealthsource.com/blog/top-10-most-common-hipaa- violations
  • 29. 29 Compliance SafeguardsTechnicalPhysicalAdministrative Access Control Audit Controls Integrity Authentication Transmission Security Facility Access Control Workstation Use Workstation Security Device & Media Controls Security Process Security Responsibilities Workforce Security Data Controls Security Training Security Procedures Contingency Plans Security Evaluations Signed BAA’s
  • 30. 30 HIPAA Solution Overview Hostway Dedicated Solution Intrusion Detection Anti-Virus/ Malware Daily Log Review Log Review & Management Data Encryption ASV Vulnerability Scans Managed Firewall Managed Support Our Secure Customer •Dell R230 •Quad Core (E3-1250) •32 GB DDR4 •4 x 1TB HDD Platform •ASA 5506-X •Security Sec Plus •None HA Setup Network •Windows 2012 R2 •Windows 2016 Standard •Linux Debian 7 Compute Backed BAA Audited & Approved
  • 31. Strive to exceed expectations in every interaction Trusted Relationships Bring 19 years of deep experience, across technologies Trusted Expertise Empowers you to run your apps where they run best Trusted Infrastructure • Thousands of customers WW, including the world’s leading brands • Over 40% of Fortune 500 Service Providers’ promote Hostway solutions through our Global Partner channel • All customers work with a Solutions Engineer • In-depth Linux, Microsoft, Cloud and VMware technical expertise and certifications • Microsoft Gold Hosting Partner with 100% of staff Azure, and Office 365 trained • Specialization in building and running secure/compliant cloud hosting solutions • Maniacal focus on speed to resolution - average call response <30 sec, resolution <30 min • Fully Managed Public/Private/Hybrid Virtualized or Traditional Managed Servers • 100% Uptime Guarantee with strong SLAs • Fully Audited and certified HIPAA compliant service provider • SSAE16 SOC1 Type II and ISO certified data centers • 9 Data centers in 4 countries on 3 continents for redundancy 31 Hostway. The Trusted Cloud.
  • 32. 32 THANK YOU! Q&A Please enter any questions in the chat box.
  • 33. 33 Contact Us Peter Marsh peter.marsh@hostway.com Paul Fletcher pfletcher@alertlogic.com

Hinweis der Redaktion

  1. Mayra WHAT IS THIS WEBINAR ABOUT?  The HIPAA landscape is changing daily and trying to keep up can leave you and your clients vulnerable to threats. Stay up-to-date with the latest Healthcare IT topics and learn how to protect your business and your clients with Hostway's HIPAA cloud hosting solutions.  In this webinar, you will learn:  - The current industry state of Healthcare IT and HIPAA - Threat landscape associated with Healthcare  - How a breach can impact your organization  - Security best practices for HIPAA compliant cloud hosting and more!
  2. Mayra - If you have a question during the webinar, please enter it in the chat box. We will do our best to address questions at the end. If we don’t have time, we will follow up with a Q&A document for all attendees. We will also make the recording of our webinar available to all attendees. You are welcome to contact any of the speakers with questions. Their contact info will be available at the end of the presentation.
  3. Mayra Speaking
  4. Hostway
  5. Alert Logic Speaking
  6. AL
  7. AL
  8. AL
  9. AL
  10. AL
  11. AL
  12. AL
  13. AL
  14. AL
  15. AL
  16. AL
  17. AL
  18. AL
  19. Al
  20. AL
  21. AL
  22. AL
  23. AL
  24. AL
  25. Peter
  26. PETER
  27. peter
  28. peter
  29. peter
  30. peter
  31. Hostway - Example. Wanacry – could have been prevented. Phishing email. Employees trained not to click. Desktop SW to prevent it affecting desktops. Patch would have fixed.
  32. Mayra
  33. Mayra