in the health care industry
play

in the Health Care Industry To More Effectively Manage Cyber - PowerPoint PPT Presentation

Apr 13, 2023 •188 likes •337 views

Adopting Continuous Diagnostics and Mitigation (CDM) in the Health Care Industry To More Effectively Manage Cyber Security Risk August 4, 2017 Secure Ops vs Security Ops 1 Healthcare has HIPAA HITECH HITRUST So Why Should We

  1. Adopting Continuous Diagnostics and Mitigation (CDM) in the Health Care Industry To More Effectively Manage Cyber Security Risk August 4, 2017 Secure Ops vs Security Ops 1

  2. Healthcare has  HIPAA  HITECH  HITRUST… So Why Should We Care? August 4, 2017 Secure Ops vs Security Ops 2

  3. Moving beyond HIPAA HIPAA Compliance Doesn’t Manage Operational Cyber Security Risk HIPAA compliance alone will not account for all the considerations in modern healthcare cybersecurity risk management. A compliance-centric and healthcare-specific approach can be limiting for a variety of reasons such as: Every technology in a modern healthcare enterprise network is becoming healthcare-neutral. Healthcare leaders need to consider the broader computing environment. Healthcare organizations need to look far beyond healthcare-specific cybersecurity tools and start to adopt security technologies and practices from other industries. By adopting a broader perspective healthcare organizations can go beyond the typical compliance and assessment activities associated with HIPAA-centric initiatives. August 4, 2017 Secure Ops vs Security Ops 3

  4. Compliant Insecurity Compliance-centric cybersecurity initiatives fall short because they do not include the continuous diagnostic and risk management-based mitigation elements that are crucial to maintaining an effective security program. August 4, 2017 Secure Ops vs Security Ops 4

  5. Security Operations The implementation and management of tools and processes To collect information about and monitor the computing environment, Information stores, and applications for vulnerabilities and malicious activity. Secure Operations The use of securely engineered/configured, operated, and maintained computing environments that continually protect Information, remain properly patched/supported/configured, and retain secure connectivity by architecting, building, operating, continuously monitoring, and then mitigating risk-based Vulnerabilities. August 4, 2017 Secure Ops vs Security Ops 5

  6. Basic Premise of Secure Operations: You cannot secure what you do not (risk) manage. You cannot (risk) manage what you cannot see. You cannot see what you don’t continually look for. (monitor) Therefore… August 4, 2017 Secure Ops vs Security Ops 6

  7. How Do We? Continually monitor and inventory all assets (including hardware, software and data) on the network, as well as how they are connected? Based on the above, continually scan for secure configurations, architecture, and connections, As well as, Types of access to these assets and by whom/from where? And manage vulnerabilities, based on risk, for all of the above? August 4, 2017 Secure Ops vs Security Ops 7

  8. Continuous Diagnostics and Mitigation (CDM) The CDM program is a dynamic approach to implementing automated, risk based cybersecurity that will better assure the security of sensitive data and the provision of essential functions while protecting sensitive information. August 4, 2017 Secure Ops vs Security Ops 8

  9. What CDM Does Enables network administrators to know 1 Install/Update Sensors the state of their respective networks at any given time 2 Automated 6 Report Progress Search for Flaws Informs on the relative risks of threats All Systems Makes it possible for system personnel to Scanned Within 72 identify and mitigate flaws at near- Hours network speed. 3 Collect Results 5 Fix Worst First from Departments Provides a consistent set of continuous and Agencies diagnostic solutions to enhance the organization’s ability to identify and 4 Triage and Analyze Results mitigate the impact of emerging cyber threats August 4, 2017 Secure Ops vs Security Ops 9

  10. How CDM does it August 4, 2017 Secure Ops vs Security Ops 10

  11. CDM Phases of Implementation PHASE 1: Endpoint Integrity HWAM – Hardware Asset Management SWAM – Software Asset Management CSM – Configuration Settings Management VUL – Vulnerability Management PHASE 2: Least Privilege and Infrastructure Integrity TRUST – Access Control Management (Trust in People Granted Access) BEHAVE – Security-Related Behavior Management CRED – Credentials and Authentication Management PRIV – Privileges PHASE 3: The DHS also has created a Continuous Boundary Protection and Event Diagnostic & Mitigation Product Catalog Management for Managing the Security Lifecycle ( http://www.gsa.gov/portal/ Plan for Events getMediaData?mediaId=199735 ) that Respond to Events lists tools that can be used for the Generic Audit/Monitoring implementation of Phases 1 and 2. Document Requirements, Policy, etc. Quality Management Risk Management Boundary Protection – Network, Physical, Virtual August 4, 2017 Secure Ops vs Security Ops 11

  12. In the future, adopting a CDM approach will facilitate: Machine learning, artificial intelligence (AI), big data analytics and other advanced methods — including statistical models and adaptive rules to sort through gigantic volumes of data — are being refined to help identify the trace evidence of malware and other intrusions. Automated responses — leveraging more advanced techniques for security orchestration, incident investigation, containment and remediation — will help reduce post-breach dwell times and damage costs. Deceptive technologies, including honeypots and undercover surveillance, will increasingly be used to detect or deflect malicious attacks. Context-based analytics will be deployed to detect anomalies in user and network behavior and to counter adversaries who seek to circumvent traditional known and signature-based security methods. August 4, 2017 Secure Ops vs Security Ops 12

  13. In the future, adopting a CDM approach will facilitate: (cont) Purpose-built simulation environments with isolated networks are now being used to run the world’s most dangerous malware and to recreate actual attacks without allowing those malicious codes to spread. Segregation and containers are being refined to separate the security execution environment from the larger operating system, thus preventing OS attacks from compromising the security protections. New computing architectures are replacing traditional RAM- and disk-based storage with faster, nonvolatile memories. This allows security teams to process larger data volumes, find patterns faster and create new defensive techniques. Employment of robust identity-protection mechanisms . This will entail risk- based authentication and access, leveraging tools such as policy-driven adaptive authentication across multiple data points. August 4, 2017 Secure Ops vs Security Ops 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MONTEFIORE EINSTEIN: Vertical Consolidation in the Health Care Industry Steven M. Safyer, MD

MONTEFIORE EINSTEIN: Vertical Consolidation in the Health Care Industry Steven M. Safyer, MD

MONTEFIORE EINSTEIN: Vertical Consolidation in the Health Care Industry Steven M. Safyer, MD NATIONAL ACADEMY OF MEDICINE Leadership Consortium for A Value & Science-Driven Health System September 13, 2018 INTEGRATED ACADEMIC HEALTH

489 views • 13 slides
Health Care Reform and the ea t Ca e e o a d t e Medical Technology Industry Richard Price,

Health Care Reform and the ea t Ca e e o a d t e Medical Technology Industry Richard Price,

Health Care Reform and the ea t Ca e e o a d t e Medical Technology Industry Richard Price, V.P. Payment and Health Care Delivery Policy The Advanced Medical Technology Association (AdvaMed) (AdvaMed) AdvaMed Worlds largest

279 views • 27 slides
Challenges Facing the Health Care Industry February 20, 2020 Scott OBrien Chief Operating

Challenges Facing the Health Care Industry February 20, 2020 Scott OBrien Chief Operating

Challenges Facing the Health Care Industry February 20, 2020 Scott OBrien Chief Operating Officer Washington Montana Region Providence St. Joseph Health 1 2 The tapeworm of American economic competitiveness < Revenue/Unit

322 views • 7 slides
Relationships!!!!! Nursing Care Industry State Agency 1 Health Facilities Planning Act

Relationships!!!!! Nursing Care Industry State Agency 1 Health Facilities Planning Act

Relationships!!!!! Nursing Care Industry State Agency 1 Health Facilities Planning Act Facilities Subject to the Act Projects Requiring CON Planning - 77 IAC 1100 Need Requirements - 77 IAC 1110 Long term care facilities

655 views • 32 slides
What is is Health Care Waste? All waste generated by health care activities &

What is is Health Care Waste? All waste generated by health care activities &

What is is Health Care Waste? All waste generated by health care activities & providers/facilities Insufficient management poses a huge risk to health care workers , patients, communities and the environment . Source: World Health Organization.

573 views • 25 slides
HEALTH CARE INTEGRATION A COLLABORATIVE APPROACH Industry as a Service Provider Originally

HEALTH CARE INTEGRATION A COLLABORATIVE APPROACH Industry as a Service Provider Originally

HEALTH CARE INTEGRATION A COLLABORATIVE APPROACH Industry as a Service Provider Originally formed as a pharmaceutical cold-chain logistics service provider. TCP Homecare offers a full suite of patient centric services and are the leading

359 views • 22 slides
US Health Care is in deep trouble The US Health Care System Regulatory, legal, and cultural

US Health Care is in deep trouble The US Health Care System Regulatory, legal, and cultural

VS. What Well Talk About Quality, Costs, & Special Interests: 1. Problems with US Health Care Can We Change Our Behavior in time to Save US Health Care? 2. How new information technologies can address some of the problems Thomas M.

491 views • 14 slides
statement: There are no competing interests relevant to this presentation 2008

statement: There are no competing interests relevant to this presentation 2008

Geriatric Grand Rounds: What drives health care costs ? Dr. Richard Lewanczuk Senior Medical Director (not what you think) Primary Health Care Alberta Health Services What drives health care costs ? What drives health care costs ? (not what

399 views • 17 slides
EMPOWERING Health Transform the Care Continuum with IoT IOT Health Slam December 2 nd , 2016

EMPOWERING Health Transform the Care Continuum with IoT IOT Health Slam December 2 nd , 2016

EMPOWERING Health Transform the Care Continuum with IoT IOT Health Slam December 2 nd , 2016 Stefan Wijnen Industry Solution Manager Worldwide health Gartner, G00291977, Jan 2016 Gartner, Business Drivers for Healthcare Provider

685 views • 31 slides
Challenging Corporate Health Care: Health Care Trends and the Impact on Health Care Workers

Challenging Corporate Health Care: Health Care Trends and the Impact on Health Care Workers

PRESENTATION TO HPAE Challenging Corporate Health Care: Health Care Trends and the Impact on Health Care Workers Plenary Session, October 6, 2016 Fred Hyde, M.D. Fred Hyde & Associates, Inc. Corporations Follow the Money Legislation, the

1.07k views • 69 slides
Health Care Industry Medicare Advantage Risk Emerging Legal Adjustment Payment Issues: Issues

Health Care Industry Medicare Advantage Risk Emerging Legal Adjustment Payment Issues: Issues

Health Care Industry Medicare Advantage Risk Emerging Legal Adjustment Payment Issues: Issues Webinar Series Latest Developments, Risk Areas, & Mitigation Strategies Christine Clements Scott Douglas David OBrien July 23, 2015 The

455 views • 26 slides
U N D ERS TAN D IN G TH E H EALTH CARE COS T CON U N D RU M The Facts Health care in the US

U N D ERS TAN D IN G TH E H EALTH CARE COS T CON U N D RU M The Facts Health care in the US

U N D ERS TAN D IN G TH E H EALTH CARE COS T CON U N D RU M The Facts Health care in the US is 18% of GDP One of every three new jobs is in health care , 2007-2017 US spends two times what other wealthy countries spend , but has worse

306 views • 13 slides
Health care management, health care and health: better with behavioural O.R? Geoff Royston

Health care management, health care and health: better with behavioural O.R? Geoff Royston

OR Society Special Interest Group on Behavioural Operational Research Health care management, health care and health: better with behavioural O.R? Geoff Royston Immediate Past President December 17 th 2014 The OR Societ y 1 The importance

768 views • 74 slides
TOTAL HEALTH CARE EXPENDITURES Definition : Annual per capita sum of all health care expenditures

TOTAL HEALTH CARE EXPENDITURES Definition : Annual per capita sum of all health care expenditures

Health Care Cost Growth Benchmark Sets a target for controlling the growth of total health care expenditures across all payers (public and private), and is set to the states long-term economic growth rate: Health care cost growth

448 views • 40 slides
Agenda Is Health Care a Right? Can We Access Health Care? Impact Health has on Learning

Agenda Is Health Care a Right? Can We Access Health Care? Impact Health has on Learning

03/06/2017 Promoting Childrens Well -Being: Examining 21st Century Approaches to a Culture of Health in and with Schools March 8, 2017 Agenda Is Health Care a Right? Can We Access Health Care? Impact Health has on Learning

379 views • 6 slides
Minnesota Health Care Workforce Legislative Health Care Workforce Commission October 4 th 2016

Minnesota Health Care Workforce Legislative Health Care Workforce Commission October 4 th 2016

Minnesota Health Care Workforce Legislative Health Care Workforce Commission October 4 th 2016 Office of Rural Health and Primary Care Agenda Overview of workforce data Supply and demand Trends and highlights Health care: A

569 views • 20 slides
Inverse problems for the study of climate-ecological processes in the conditions of anthropogenic

Inverse problems for the study of climate-ecological processes in the conditions of anthropogenic

Inverse problems for the study of climate-ecological processes in the conditions of anthropogenic impacts .. .. Report content: What are inverse problems? definitions differences from direct

555 views • 30 slides
Numerical Simulation of Fluids NuSiF Free Boundary Value Problems Daniel Brinkers,

Numerical Simulation of Fluids NuSiF Free Boundary Value Problems Daniel Brinkers,

Description and motivation Theory of operation Our implementation Visualization techniques Numerical Simulation of Fluids NuSiF Free Boundary Value Problems Daniel Brinkers, Florian Forster, Tobias Preclik Friedrich Alexander

395 views • 21 slides
Harmonic Functions and the Spectrum of the Laplacian on the Sierpinski Carpet Matthew Begu e,

Harmonic Functions and the Spectrum of the Laplacian on the Sierpinski Carpet Matthew Begu e,

Harmonic Functions and the Spectrum of the Laplacian on the Sierpinski Carpet Matthew Begu e, Tristan Kalloniatis, & Robert Strichartz October 3, 2010 Construction of SC The Sierpinski Carpet, SC , is constructed by eight contraction

389 views • 23 slides
Fast Boundary Element Methods Fast Boundary Element Methods ur Angewandte Analysis und Numerische

Fast Boundary Element Methods Fast Boundary Element Methods ur Angewandte Analysis und Numerische

Fast Boundary Element Methods Fast Boundary Element Methods ur Angewandte Analysis und Numerische Simulation SFB 404 Mehrfeldprobleme in der Kontinuumsmechanik surface triangulation of complex structures exterior boundary value problems

400 views • 3 slides
Bhabha Atomic Research Centre, Mumbai, India Rajdeep Bhabha Atomic Research Centre, Mumbai,

Bhabha Atomic Research Centre, Mumbai, India Rajdeep Bhabha Atomic Research Centre, Mumbai,

Safety Security Interface (SSI) at Bhabha Atomic Research Centre, Mumbai, India Rajdeep Bhabha Atomic Research Centre, Mumbai, India rdeep@barc.gov.in Outlines of Presentation Introduction Challenges in Managing SSI Guidelines

456 views • 20 slides
ASSESSING THE ARC FLASH RISK Causes of Electric Arcs Dust and impurities Corrosion

ASSESSING THE ARC FLASH RISK Causes of Electric Arcs Dust and impurities Corrosion

ASSESSING THE ARC FLASH RISK Causes of Electric Arcs Dust and impurities Corrosion Condensation of vapor and water dripping Accidental touching Dropping tools Failure of Insulating Material Improper Design or

600 views • 34 slides
Blackstone Reports Third Quarter Results New York, October 27, 2016 : Blackstone (NYSE:BX) today

Blackstone Reports Third Quarter Results New York, October 27, 2016 : Blackstone (NYSE:BX) today

Blackstone Reports Third Quarter Results New York, October 27, 2016 : Blackstone (NYSE:BX) today reported its third quarter 2016 results. Stephen A. Schwarzman, Chairman and Chief Executive Officer, said, Blackstone continued to perform well in

524 views • 36 slides
A3DM overview Carlos Andjar February 2020 1 PERSONAL INTRODUCTION Web Announcements

A3DM overview Carlos Andjar February 2020 1 PERSONAL INTRODUCTION Web Announcements

A3DM overview Carlos Andjar February 2020 1 PERSONAL INTRODUCTION Web Announcements Rac Docs, slides www.lsi.upc.edu/~virtual/SGI/ Contact Carlos Andjar (coord) Omega, 239 (2nd floor) andujar@cs.upc.edu Alvar

325 views • 9 slides

More recommend