achieving cyber readiness through information sharing
play

Achieving Cyber-Readiness through Information Sharing Analysis - PDF document

Dec 19, 2022 •379 likes •539 views

Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Friday, March 23,

  1. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Friday, March 23, 2018 Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association Florida Hospital Association 1

  2. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) Objectives • Understand what an Information Sharing and Analysis Organization (ISAO) is as defined by Presidential Executive Order 13691. • Learn why all health organizations should participate in an ISAO. • Learn how to practice better "cyber- hygiene" by participating in an ISAO. Objectives • Understand what an Information Sharing and Analysis Organization (ISAO) is as defined by Presidential Executive Order 13691. • Learn why all health organizations should participate in an ISAO. • Learn how to practice better "cyber- hygiene" by participating in an ISAO. Florida Hospital Association 2

  3. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) Objectives • Understand what an Information Sharing and Analysis Organization (ISAO) is as defined by Presidential Executive Order 13691. • Learn why all health organizations should participate in an ISAO. • Learn how to practice better "cyber- hygiene" by participating in an ISAO. What’s the Issue? CYBERSECURITY Florida Hospital Association 3

  4. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) The Risk • Cybersecurity vulnerabilities and intrusions pose risks for every hospital.  Expanded use of networked technology  Internet-enabled medical devices  Electronic databases for clinical, financial and administrative operations Increased exposure to possible cybersecurity threats! Managing the Risk • Evaluate and manage risks  Federal privacy rules and related polices.  Part of the hospital’s governance, risk management and business continuity framework. • Approach must be flexible and resilient to address threats that are likely to be constantly evolving and multi-pronged. Florida Hospital Association 4

  5. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) Lots of Resources… • FBI • DHS • AHA • HIMMS • Vendors • Consultants • ISAO… Today’s Speakers Kendra Siler, PhD Executive Director, Population Health ISAO and Secure Together Program Contact Sanjay Patel CEO Smart Hive Florida Hospital Association 5

  6. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) The Population Health ISAO is a cyber intelligence community for healthcare providers working together to meet regulatory requirements, reduce cyber risk, and identify cyber threats in the healthcare environment. Introduction to the Population Health ISAO 2018 Background: What is the 405(d) Effort? WHAT IS THE 405(d) EFFORT? WHO IS PARTICIPATING? The 405(d) Task Group is An industry-led process to develop consensus-based convened by HHS and comprised of information guidelines, best practices, & security officers, medical methodologies to strengthen professionals, privacy experts, the HPH-sector’s cybersecurity and association leaders posture HOW WILL 405(d) ADDRESS HPH WHY IS HHS CONVENING THIS CYBERSECURITY NEEDS? EFFORT? To strengthen the cybersecurity With a targeted set of posture of the HPH Sector, applicable & voluntary Congress mandated the effort guidance that seeks to cost- in the Cybersecurity effectively reduce the Information Sharing Act of cybersecurity risks of the 2015 (CISA), Section 405(d) healthcare industry 12 Florida Hospital Association 6

  7. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) What’s Next: Pre-Testing and Medical Community Baselining Pre-Testing of 405(d) Guidance: - Assessments with Medical Professionals, HPH CIOs/CISOs, and other HPH Staff. - Assessing practicality, usability, and actionability. Medical Community Baselining Phase II (Building for Version 2.0): - Qualitative Research with Medical Professionals, HPH CIOs/CISOs, and other HPH Staff. - Assessing levels of awareness and prioritization of cybersecurity. 13 Growing prevalence & magnitude of cyber attacks • Q1 2017: Phishing and ransomware attacks more prevalent worldwide with ransomware increasing 250%. • Q2 2017: More publicly disclosed security incidents in the life sciences and healthcare industry than in any other sector. Organizational Risks  Reputation and integrity  Confidentiality and compliance  Availability of needed information and communication systems Federal Requirements • HIPAA Security Rule • Meaningful Use Why should small- to mid-sized healthcare organizations care about cyber-readiness? Florida Hospital Association 7

  8. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) According to the Health Care Industry Cybersecurity Task Force, challenges include: • lack of infrastructure to identify and track threats • technical capacity to analyze the threat data in order to quickly translate it into actionable information. What are the challenges to small to mid-sized health organizations becoming cyber-prepared?  Healthcare organizations • FQHCs and other CHCs • Behavioral health centers • Rural and community health systems • RHCs • Long-term care  Their vendors  Their partners Who does the Population Health ISAO help? Florida Hospital Association 8

  9. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) Secure Together Program  Vulnerability Management: Provides a technological platform that maintains standard techniques for identification of cyber exploits and introduces cyber risk management.  Brings two very critical elements together: : Compliance and Vigilance  Peer comparison and Business Intelligence: Organizations can use REAL threat intelligence data from Secure Together to understand where they stack up against their peers. Cyber threats and vulnerabilities of critical components of the healthcare ecosystem put the reputations and businesses of health organizations and patient lives at risk. Secure Together minimizes that risk. HOW does the Population Health ISAO help? Executive Order (EO) 13691 protects ISAO participants (individuals and transportation organizations) against being penalized as they share information regarding cyber-related breaches, interference, compromise or incapacitation. Through EO 13691, the Population Health ISAO is to: • Protect individuals’ privacy & civil liberties • Preserve business confidentiality • Safeguard the information being shared If my organization shares information with an ISAO will it be penalized? Florida Hospital Association 9

  10. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) How does my organization join the standard Secure Together program? Step 1 Target stops attack from Hacker Step 2 Within seconds Smart Hive learns what Malware/ Hackers Target did to stop the attack. Vendor Step 3 Automated Real time Actionable Within minutes agnostic Smart Hive tell all Retail Members in the HIVE what defense to put up. The Hacker cannot attack anyone in the HIVE. Threat intelligence shared in real time with all Smart Hive customers, preventing additional attacks of the same kind. How does Smart Hive work? Florida Hospital Association 10

  11. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) How does my organization’s firewalls connect to the Secure Together platform? What does my organization’s information look like to others in the HIVE? Florida Hospital Association 11

  12. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) What information does the Secure Together platform collect and analyze? What does the Secure Together program dashboard look like? Florida Hospital Association 12

  13. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) Is Secure Together secure ? Population Health ISAO and Secure Together program contact: Kendra Siler, PhD Kendra.Siler@ISAONetwork.org 904.318.5803 NASA/Kennedy Space Center AMF Center for Space Education Kennedy Space Center, FL 32899 Healthcare… Secure Together, Join Us! Florida Hospital Association 13

  14. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) Questions? Upcoming Webinars • Risk Assessment: Recognizing Today’s Threats and Your Vulnerabilities • Protection Strategies for Your Network • Protection Strategies for the Workforce and Your Devices • Cloud Strategies and Continuity Coming Soon! Florida Hospital Association 14

  15. Achieving Cyber-Readiness through Information Friday, March 23, 2018 Sharing Analysis Organizations (ISAOs) Thank you! John Wilgis 407-841-6230 john@fha.org Florida Hospital Association 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

UTSA Information Sharing and Coordination Initiatives collaboration and coordination to

UTSA Information Sharing and Coordination Initiatives collaboration and coordination to

Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident Response Models for Information and Resource Sharing Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San

219 views • 17 slides
UTSA Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud Cyber

UTSA Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud Cyber

UTSA Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud Cyber Incident Response An Model for Information and Resource Sharing Amy(Yun) Zhang, Farhan Patwa, Ravi Sandhu, Bo Tang Institute for Cyber Security

522 views • 17 slides
UTSA Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident

UTSA Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident

UTSA Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident Response Models for Information and Resource Sharing Amy(Yun) Zhang, Ravi Sandhu Institute for Cyber Security University of Texas at San

704 views • 42 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident Response A Model for Information and Resource Sharing Amy(Yun) Zhang, Farhan Patwa, Ravi Sandhu Institute for Cyber Security University of Texas

578 views • 19 slides
Cyber Readiness Program Presented by: Henry Vido, Program Director, CRI Mohamed Mahdy,

Cyber Readiness Program Presented by: Henry Vido, Program Director, CRI Mohamed Mahdy,

Cyber Readiness Program Presented by: Henry Vido, Program Director, CRI Mohamed Mahdy, Information Technology & Administration Director, IBAG The Cyber Readiness Institute empowers small and medium- sized organizations with practical

262 views • 15 slides
UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident Response Models for Information and Resource Sharing Yun Zhang, Farhan Patwa , Ravi Sandhu Institute for Cyber Security University of Texas at

711 views • 20 slides
Cyber Security and Smart Infrastructure: Research Dr. Stacy Prowell Chief Cyber Security

Cyber Security and Smart Infrastructure: Research Dr. Stacy Prowell Chief Cyber Security

Cyber Security and Smart Infrastructure: Research Dr. Stacy Prowell Chief Cyber Security Research Scientist Oak Ridge National Laboratory Main Points Information Sharing Enable discovering and sharing information about real threats to

216 views • 6 slides
Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED Cyber Security In NATO NATO in a nutshell: Collective defence Interoperable

666 views • 42 slides
Cyber Bullying Sharing with Parents on Cyber Bullying Outline of Presentation To share on:

Cyber Bullying Sharing with Parents on Cyber Bullying Outline of Presentation To share on:

Slides (for Schools Use) to Brief Parents on Cyber Bullying Sharing with Parents on Cyber Bullying Outline of Presentation To share on: What is Cyber Bullying? MOEs Cyber Wellness Education School-wide Programmes

388 views • 14 slides
Cyber Risk Management and Loss Mitigation Services The Convergence of Information Sharing,

Cyber Risk Management and Loss Mitigation Services The Convergence of Information Sharing,

Cyber Risk Management and Loss Mitigation Services The Convergence of Information Sharing, Technology, and Insurance Sponsored by: Cyber Risk Management and Loss Mitigation Services The Convergence of Information Sharing, Technology, and

340 views • 20 slides
Cyber Security & Intelligence Sharing in Our Schools By Steve Palmer & Anthony

Cyber Security & Intelligence Sharing in Our Schools By Steve Palmer & Anthony

Cyber Security & Intelligence Sharing in Our Schools By Steve Palmer & Anthony Aukland Todays Topics Digital Citizenship EduTech O365 Security Pages Physical School Access Intelligence Sharing & North Dakota

828 views • 31 slides
TOWARDS PREDICTING CYBER ATTACKS USING INFORMATION EXCHANGE AND DATA MINING Tuesday 26 th June,

TOWARDS PREDICTING CYBER ATTACKS USING INFORMATION EXCHANGE AND DATA MINING Tuesday 26 th June,

TOWARDS PREDICTING CYBER ATTACKS USING INFORMATION EXCHANGE AND DATA MINING Tuesday 26 th June, 2018 Martin Husk Jaroslav Kapar Introduction Information Exchange From collaborative intrusion detection to sharing expertise Numerous alert

372 views • 12 slides
Upcoming AIA/ISA Webinars Information Sharing Modern Technology and Legal Structures

Upcoming AIA/ISA Webinars Information Sharing Modern Technology and Legal Structures

Aero Webinar Series September 24, 2009 The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 1 A publication of the American National Standards

711 views • 21 slides
Visualisation et Analyse de Risque Dynamique pour la Cyber-Dfense symposium SSTIC 09/06/2010

Visualisation et Analyse de Risque Dynamique pour la Cyber-Dfense symposium SSTIC 09/06/2010

Visualisation et Analyse de Risque Dynamique pour la Cyber-Dfense symposium SSTIC 09/06/2010 Philippe Lagadec NATO C3 Agency CAT2 Cyber Defence and Assured Information Sharing Au menu Cyber-Dfense Visualisation CIAP -

306 views • 26 slides
Seminar Series Resiliency in the Electricity Subsector Information Sharing and Exercises against

Seminar Series Resiliency in the Electricity Subsector Information Sharing and Exercises against

Seminar Series Resiliency in the Electricity Subsector Information Sharing and Exercises against Black Sky Events Bill Lawrence, Director of Programs and Engagement Cyber Resilient Energy Delivery Consortium February 3, 2017 1 Agenda

820 views • 48 slides
Africa Strategy 3 years on, Our Journey So far & Looking Ahead AFRNIC 23 , Pointe Noire -

Africa Strategy 3 years on, Our Journey So far & Looking Ahead AFRNIC 23 , Pointe Noire -

Africa Strategy 3 years on, Our Journey So far & Looking Ahead AFRNIC 23 , Pointe Noire - Congo | Dec 3, 2015 Agenda About ICANN in Brief 1 The Africa Strategy, 3 Years on 2 Preparing the

625 views • 14 slides
II. Organizations II. Organizations Organizational Goals and Objectives Organizational Goals and

II. Organizations II. Organizations Organizational Goals and Objectives Organizational Goals and

Basi di Dati e Sistemi Informativi II II. Organizations II. Organizations Organizational Goals and Objectives Organizational Goals and Objectives Organizations as Systems Organizations as Systems Product Flow Product Flow vs vs Information

597 views • 12 slides
Trends in the IoT Sector J A M E S T U R I N O jturino@redcapgroup.com +1 212 508 7108

Trends in the IoT Sector J A M E S T U R I N O jturino@redcapgroup.com +1 212 508 7108

M&A and Corporate Finance April 28 th 2016 Trends in the IoT Sector J A M E S T U R I N O jturino@redcapgroup.com +1 212 508 7108 Introduction to Redwood Capital Introduction to Redwood Global investment banking services for companies

797 views • 30 slides
IP Telephony (Voice over IP) Instructor Ai-Chun Pang, acpang@csie.ntu.edu.tw Office

IP Telephony (Voice over IP) Instructor Ai-Chun Pang, acpang@csie.ntu.edu.tw Office

IP Telephony (Voice over IP) Instructor Ai-Chun Pang, acpang@csie.ntu.edu.tw Office Number: 417, New building Textbook Carrier Grade Voice over IP, D. Collins, McGraw-Hill, Second Edition, 2003. Requirements

477 views • 24 slides
Internet Self-Response Portal: The Online Option This Overview Includes: Key things to

Internet Self-Response Portal: The Online Option This Overview Includes: Key things to

Internet Self-Response Portal: The Online Option This Overview Includes: Key things to know about the Internet Self-Response Portal (ISR), commonly referred to as the online option A draft letter that housing units will start

992 views • 40 slides
Lecture 12 - Network Security CSE497b - Spring 2007 Introduction Computer and Network Security

Lecture 12 - Network Security CSE497b - Spring 2007 Introduction Computer and Network Security

Lecture 12 - Network Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Idea

780 views • 20 slides
R Revisiting a Soft-State Approach to i iti S ft St t A h t Managing Reliable Transport

R Revisiting a Soft-State Approach to i iti S ft St t A h t Managing Reliable Transport

R Revisiting a Soft-State Approach to i iti S ft St t A h t Managing Reliable Transport Connections Gonca Gursun, Ibrahim Matta , Karim Mattar Computer Science Boston U. 1 Ad-Hoc Wireless Network Whats wrong with Laptop today s

254 views • 22 slides
High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing

High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing

High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing Internet mail: easy! Given a mail message: Your mail software sends a DNS request, receives a server address, makes an SMTP connection, sends

617 views • 40 slides

More recommend