ssha
play

@ SSHA Bobby Singh Director Information Security Smart Systems - PowerPoint PPT Presentation

Aug 31, 2023 •406 likes •679 views

Enterprise Incident Management @ SSHA Bobby Singh Director Information Security Smart Systems for Health Agency 2 Agenda SSHA Mandate Approach & Deliverables Lessons Learned Measurement 3 SSHA: Transforming

  1. Enterprise Incident Management @ SSHA Bobby Singh Director – Information Security Smart Systems for Health Agency

  2. 2 Agenda � SSHA Mandate � Approach & Deliverables � Lessons Learned � Measurement

  3. 3 SSHA: Transforming Healthcare through IT � Providing healthcare providers with timely, secure electronic access to patient information � Creating a secure patient information sharing network between 150,000 providers at 24,000 sites � The results: � Improved patient care � More effective providers � Integration � Better use of financial resources

  4. 4 Who is SSHA connecting? � Doctors � Hospitals � Pharmacists � Laboratories � Public Health Units � Community care � Continuing care � Ministry of Health and Long-Term Care programs

  5. 5 Program Objectives and Scope � A single program to manage Privacy and Security incidents � The scope of the ESPIM (Enterprise Security & Privacy Incident Management Program) program is limited to incident management, as it pertains to security or privacy incidents that meet a particular threshold or severity. IT/Network service incident management, incident monitoring and problem management are outside of the mandate of the program

  6. 6 Strategy – IOC & FOC

  7. 7 Initial Assessment – example

  8. 8 Initial Assessment – example

  9. 9 Initial Assessment – example

  10. 10 Initial Assessment – example

  11. 11 Strategy – joint application development (JAD) sessions

  12. 12 Joint Application Development (JAD) sessions � 2 day session included members from � Communications (internal/external) � Security Operations � Human Resources � Change Management � Network Operations � Legal Department � Service Management � Business/Client Relationship Department � Customer/Help Desk Support � Privacy and Security Division � 20 issues identified & 21 decisions documented This formed the foundation for building ESPIM

  13. 13 Key Terms defined: � Incident: A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. � Service Incident: Any contact pertaining to service interruptions, inquiries, issues, complaints, and service. � Security Incident: A single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security. � Privacy Incident: Unauthorized or illegal use, collection, disclosure, or disposal of personal or personal health information. Until confirmed to be real, it is classified as an incident. � Privacy Breach: A Privacy incident where it has been confirmed that unauthorized or illegal use, collection, disclosure, or disposal of personal or personal health information has occurred. � ESPIM Incident: A Security or Privacy Incident that meets the ESPIM criteria thresholds.

  14. 14 ESPIM Triggering Thresholds � Not every security or privacy incident is automatically considered an ESPIM incident. � For a security or privacy incident to trigger an ESPIM incident, the following thresholds must be met - ESPIM Incident Type Severity to Trigger Malware High Network Attack Medium Privacy Breach Medium Unauthorized Use All Missing Equipment Internal – High Client - All

  15. 15 The end-point program - ESPIM thresholds Type Item Escalation threshold to ESPIM Account User/Administrator/Other A system or data is accessed by an Compromise unauthorized person Denial of Service User System Problem affecting 2 or more users Malicious Code Virus/Trojan Horse/Other Problem affecting 2 or more users Lost or stolen Blackberry /Security Badge Evidence that it is being used by an asset unauthorized user Lost or stolen Computer/Printed Possibly containing PI/PHI, not asset Documentation/Storage encrypted, or used by an unauthorized Media/Electronic Data/Other user Privacy Incidents Unauthorized Collection / Use / Any and all privacy incidents are priority Disclosure / Disposal 2 by default

  16. 16 Incident Examples Incident Types Example ESPIM Threshold Unauthorized Access Someone discovers user password Only if password used to access or shares it system by unauthorized individual Unauthorized Use Unauthorized use of network Only if spam mail affects availability of resources for spam mail services and malicious content Unauthorized Collection Collection of server configuration Only if configuration used to change (Collection of PHI data) system settings or affect service Lost Asset Employee blackberry lost/stolen Only if used by unauthorized person or contain PHI data Unauthorized Disclosure PHI data disclosed publicly Any scenario Unauthorized Disposal PHI data not retained on-line and Any PHI data not available for use could not be restored from backup meet privacy incident Denial of Service User unable to access applications Only if it impacts two (2) or more users on their workstation Malware User opens e-mail attachment with Only if it impacts two (2) or more users virus

  17. 17 ESPIM Team Structure

  18. 18 ESPIM Composition The ESPIM Program is composed of three primary groups: � ESPIM Oversight Committee : Management control and oversight of the ESPIM program, along with provision of interdepartmental alignment of activities will be performed by an ESPIM Oversight Committee. � ESPIM Program Team : A permanent team, responsible for the day to day operations of the ESPIM Program. � ESPIM Incident Response Team : A dynamically assigned team, raised to handle individual ESPIM incidents.

  19. 19 ESPIM Roles and Responsibilities: ESPIM Program � ESPIM Program Manager : is responsible for ensuring that ESPIM services are provided including the day-to-day activities of the ESPIM Program, up to but not including specific incident handling. � ESPIM Incident Response Team (IRT) Lead : Drawn from the ESPIM Program team, the Security department, or the Privacy department, is responsible for: � logistical co-ordination of the IRT, both within the team and between the team and others, � incident communications, and � post-incident analysis activities.

  20. 20 ESPIM Roles and Responsibilities: ESPIM IRT Technical Team � ESPIM IRT Technical Team Lead : Drawn from the Operations department, or an external SME. Is responsible for: � leads the technical response for incident; � works closely with the IRT Lead and the IRT Technical Team Lead; � performs incident identification and analysis; � determine containment and eradication solution strategies; and � determining a solution deployment strategy.

  21. 21 Key ESPIM Documentation � ESPIM Strategy: outlines the approach taken to implement the Best Practices Model and the Business Requirements, and describes the operational and technical issues and challenges that will be faced by the ESPIM Program. � ESPIM Concept of Operations: summarizes the operational model of the ESPIM Program, including the roles necessary to support the program, and the structure and reporting of the program. � ESPIM Operating Directives: outline the acceptable ESPIM-related practices. � ESPIM Communications Plan: describes the ESPIM-related communications (notifications, reporting, alerting, and informational notices) that will need to performed, along with guidance on who and how those communications are to be conducted. � ESPIM Incident Handling Procedures: describes the specific steps to the be taken by the ESPIM IRT during incident handling.

  22. 22 Measurement (examples) Quantitative Metrics: � Mean time to initiate response to incidents by category � Mean time to complete response to incidents by category � Number of incidents that required external reporting or notification � Trend reporting on incident resolution time, by incident type and severity levels � Trend reporting on time to close post-incident analysis action items, by activity custody holder � Statistical reporting of number of incidents handled, by incident type and severity levels � Statistical reporting on % of incidents requiring external notifications � Statistical reporting of number of alerts and advisories issued, by type Qualitative Metrics: � Summary of incidents handled � Collective summary of lessons learned � Client level of satisfaction with incident handling � Reporting on business impacts of incidents, including losses (and costs where possible)

  23. 23 Key components � Management Support � Requirements/Needs Analysis � Table Top Exercise � Test the Communication Plan � Test/Use Cases specifically for the program � Checklist/Quick Reference Guide

  24. 24 ESPIM – Lessons learned � JAD sessions ensured buy-in from most stakeholders. Identifying issues and decisions made early in the development process helped avoid misunderstanding � Integrated but distributed approach ensured appropriate skills are available to the IRT when needed � Defining IOC and FOC helped limit scope. This was made possible by the CMMi chart � Table top exercise highlighted weaknesses in process / people that were subsequently fixed � Separating program development from implementation allowed enough time for successful implementation � Development, deployment and training in separate Privacy and Security use cases for help desk ensured ESPIM was embedded

  25. 25 Discussion / Questions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NO 3 NPGO !"#$ !"%$ !""$ &$$$ NPGO SSHa pattern Sea Level Anomalies

NO 3 NPGO !"#$ !"%$ !""$ &$$$ NPGO SSHa pattern Sea Level Anomalies

North Pacific Gyre Oscillation (NPGO) California Current CalCOFI Observations North Asia (# America Line P $'& NPGO Salinity NPC NPGO "# KOE $'! Latitude N psu explains $ '# CalCOFI ! $'! !# ! $'& North Pacific '

136 views • 9 slides
T Teaching Quanti hi Q ti Pierre Merckl (France, ENS de Lyon, Centre Max Weber) (France, ENS

T Teaching Quanti hi Q ti Pierre Merckl (France, ENS de Lyon, Centre Max Weber) (France, ENS

T Teaching Quanti hi Q ti Pierre Merckl (France, ENS de Lyon, Centre Max Weber) (France, ENS de Lyon, Centre Max Weber) Claire Zalc (France, CNRS, Institut dhistoire moderne et contemporaine) SSHA Annual Conference Chicago (Ill ) Friday 22

507 views • 19 slides
Oliver Hart May 15, 2003 Karl Borch Lecture FIRMS VERSUS CONTRACTS Firms are important in

Oliver Hart May 15, 2003 Karl Borch Lecture FIRMS VERSUS CONTRACTS Firms are important in

Oliver Hart May 15, 2003 Karl Borch Lecture FIRMS VERSUS CONTRACTS Firms are important in economic activity In December 2001, 24 companies in the U.S. with market value of equity greater than $100 billion Walmart, the largest

372 views • 16 slides
Hypothetical Reasoning and Association with Focus Gregory M. Kobele kobele@rz.hu-berlin.de

Hypothetical Reasoning and Association with Focus Gregory M. Kobele kobele@rz.hu-berlin.de

Hypothetical Reasoning and Association with Focus Gregory M. Kobele kobele@rz.hu-berlin.de Humboldt-Universit at zu Berlin 23.February 2008 9th Szklarska Poreba Workshop Kobele (Humboldt-Universit at) Focus by Hypothesis Szklarska

675 views • 33 slides
Credit Market Problems January 2011 () Credit Markets January 2011 1 / 17 Should Governments

Credit Market Problems January 2011 () Credit Markets January 2011 1 / 17 Should Governments

Credit Market Problems January 2011 () Credit Markets January 2011 1 / 17 Should Governments Intervene in Credit Markets Moneylenders historically viewed as exploitive: high interest rates , ! BUT displacing them may remove valuable/unique

497 views • 23 slides
Logical Expressiveness of Graph Neural Networks DIG seminar Mikal Monet March 12th, 2020

Logical Expressiveness of Graph Neural Networks DIG seminar Mikal Monet March 12th, 2020

Logical Expressiveness of Graph Neural Networks DIG seminar Mikal Monet March 12th, 2020 Millennium Institute for Foundational Research on Data, Chile Graph Neural Networks (GNNs) With: Pablo Barcel, Egor Kostylev, Jorge Prez, Juan

1.26k views • 86 slides
Sorption of PPCPs Organic compounds in water and wastewater Soonmi Kim CEE 697z - Lecture #24

Sorption of PPCPs Organic compounds in water and wastewater Soonmi Kim CEE 697z - Lecture #24

11/5/2014 Print version Sorption of PPCPs Organic compounds in water and wastewater Soonmi Kim CEE 697z - Lecture #24 Outline Introduction Studies; sorption of PPCPs CEE 697z - Lecture #24 1 11/5/2014 Introduction Sorption?

510 views • 17 slides
Partnering w ith the Financial Literacy Education Commission (FLEC) September 16, 2020 OFFICE

Partnering w ith the Financial Literacy Education Commission (FLEC) September 16, 2020 OFFICE

Partnering w ith the Financial Literacy Education Commission (FLEC) September 16, 2020 OFFICE OF HOUSING COUNSELING 1 Technical Issues? Questions? All participants have been muted. Please do not use video camera to ensure best

515 views • 17 slides
Autonomous Vehicle Research Testbed: Service Vehicle Pilot RFP Submission Process Webinar

Autonomous Vehicle Research Testbed: Service Vehicle Pilot RFP Submission Process Webinar

Autonomous Vehicle Research Testbed: Service Vehicle Pilot RFP Submission Process Webinar February 6, 2020 1:00 PM Eastern 1 Key Information US Ignite: Nonprofit building Smart Bases and Communities, us-ignite.org US Ignite Issued Service

627 views • 23 slides
Applications of Renormalization Group Methods in Nuclear Physics 5 Dick Furnstahl Department

Applications of Renormalization Group Methods in Nuclear Physics 5 Dick Furnstahl Department

Applications of Renormalization Group Methods in Nuclear Physics 5 Dick Furnstahl Department of Physics Ohio State University HUGS 2014 Outline: Lecture 5 Lecture 5: New methods and IM-SRG in detail New methods with some applications

1.8k views • 53 slides
Variations on a Theme: Fields of Definition, Fields of Moduli, Automorphisms, and Twists

Variations on a Theme: Fields of Definition, Fields of Moduli, Automorphisms, and Twists

Fields of Definition / Fields of Moduli Automorphism Groups Twists Variations on a Theme: Fields of Definition, Fields of Moduli, Automorphisms, and Twists Michelle Manes (mmanes@math.hawaii.edu) ICERM Workshop Moduli Spaces Associated to

754 views • 47 slides
A Framework for Efficient Computations of Belief Theoretic Operations Lalintha G. Polpitiya,

A Framework for Efficient Computations of Belief Theoretic Operations Lalintha G. Polpitiya,

A Framework for Efficient Computations of Belief Theoretic Operations Lalintha G. Polpitiya, Kamal Premaratne, Manohar N. Murthi and Dilip Sarkar 19th International Conference on Information Fusion, Heidelberg, Germany, 2016 Acknowledgement:

634 views • 38 slides
Homework 8 due Tues 11/16 CLRS 18.1-5 (red-black vs. BTrees) CLRS 18.2-6 (complexity in t )

Homework 8 due Tues 11/16 CLRS 18.1-5 (red-black vs. BTrees) CLRS 18.2-6 (complexity in t )

Homework 8 due Tues 11/16 CLRS 18.1-5 (red-black vs. BTrees) CLRS 18.2-6 (complexity in t ) 1 Chapter 18: B-Trees A B-tree is a balanced tree scheme in which balance is achieved by permitting the nodes to have multiple keys and more

389 views • 28 slides
Incremental learning of motion primitives for full body motions Dana Kuli c Department of

Incremental learning of motion primitives for full body motions Dana Kuli c Department of

Incremental learning of motion primitives for full body motions Dana Kuli c Department of Electrical and Computer Engineering, University of Waterloo, Canada Incremental learning of motion primitives for full body motions p. 1/43

703 views • 43 slides
Construction of Realistic Gate Construction of Realistic Gate Sizing Benchmarks Sizing

Construction of Realistic Gate Construction of Realistic Gate Sizing Benchmarks Sizing

Construction of Realistic Gate Construction of Realistic Gate Sizing Benchmarks Sizing Benchmarks With Known Optimal Solutions With Known Optimal Solutions Andrew B. Kahng, Seokhyeong Kang VLSI CAD LABORATORY, UC San Diego International

501 views • 26 slides
Fit for the Future Programme Citizens Jury Travel Times Analysis 21 st January 2020

Fit for the Future Programme Citizens Jury Travel Times Analysis 21 st January 2020

15/01/2020 Fit for the Future Programme Citizens Jury Travel Times Analysis 21 st January 2020 @one_glos 1 Contents Introduction to me and what I will be presenting Why are travel times relevant to the jury questions?

166 views • 13 slides
Managing Large Scale Drupal and Agile Culture by Dinesh Waghmare, TCS Myself @DrupalCon Dublin

Managing Large Scale Drupal and Agile Culture by Dinesh Waghmare, TCS Myself @DrupalCon Dublin

Managing Large Scale Drupal and Agile Culture by Dinesh Waghmare, TCS Myself @DrupalCon Dublin 2017 What is Large Scale Drupal? Traditional Clients Top Product organisation want to promote there product, connect with customer base and would

1.26k views • 38 slides
Evaluation of a Clinical Simulation-based Method for EHR-platforms Authors: Sanne Jensen, Stine

Evaluation of a Clinical Simulation-based Method for EHR-platforms Authors: Sanne Jensen, Stine

Evaluation of a Clinical Simulation-based Method for EHR-platforms Authors: Sanne Jensen, Stine Loft Rasmussen, Karen Marie Lyng Istanbul, September 1st 2014 Sanne Jensen Background Procurement of new EHR-platform 2012 2013 2

396 views • 15 slides
Sharper Tools Topic 15 Implementing and Using Stacks "stack n. The set of things a person

Sharper Tools Topic 15 Implementing and Using Stacks "stack n. The set of things a person

Sharper Tools Topic 15 Implementing and Using Stacks "stack n. The set of things a person has to do in the future. "I haven't done it yet because every time I pop my stack something new gets pushed." If you are interrupted

369 views • 7 slides
Dipole Antennas Prof. Girish Kumar Electrical Engineering Department, IIT Bombay

Dipole Antennas Prof. Girish Kumar Electrical Engineering Department, IIT Bombay

Dipole Antennas Prof. Girish Kumar Electrical Engineering Department, IIT Bombay gkumar@ee.iitb.ac.in (022) 2576 7436 Infinitesimal Dipole An infinitesimally small current element is called the Hertz Dipole (Length L< /50) Assume an

404 views • 24 slides
KESS2 a Llesiant Cenedlaethaur Dyfodol KESS 2 and the Well-being of Future Generations 12/2/18

KESS2 a Llesiant Cenedlaethaur Dyfodol KESS 2 and the Well-being of Future Generations 12/2/18

KESS2 a Llesiant Cenedlaethaur Dyfodol KESS 2 and the Well-being of Future Generations 12/2/18 Dr Einir Young Cyfarwyddwr Cynaliadwyedd, Prifysgol Bangor Director of Sustainability, Bangor University www.planet.cymru | @PlanetDotCymru

341 views • 12 slides
Getting Started The Command Line Today our computers all have GUIs G raphic U ser I

Getting Started The Command Line Today our computers all have GUIs G raphic U ser I

Lesson 0 Getting Started The Command Line Today our computers all have GUIs G raphic U ser I nterfaces Ability to control with mice or touch But we did not use to have that (pre mid-80s) Intead, we used text to interact with

402 views • 21 slides
WINDOWS SHELLBAGS FORENSICS IN DEPTH RUXCON 2014 Vincent Lo WHO AM I? Vincent Lo CISSP, GCFA

WINDOWS SHELLBAGS FORENSICS IN DEPTH RUXCON 2014 Vincent Lo WHO AM I? Vincent Lo CISSP, GCFA

WINDOWS SHELLBAGS FORENSICS IN DEPTH RUXCON 2014 Vincent Lo WHO AM I? Vincent Lo CISSP, GCFA Gold, GCIH, GREM, CCE Blog: lylcdigitalforensics.blogspot.com Twitter: @_VincentLo_ CONTENT What is ShellBag? ShellBag Structure ShellBag

1.03k views • 51 slides
How To: Run the ENCODE histone ChIP-seq analysis pipeline

How To: Run the ENCODE histone ChIP-seq analysis pipeline

How To: Run the ENCODE histone ChIP-seq analysis pipeline on DNAnexus Overview: In this exercise, we will run the ENCODE Uniform Processing

328 views • 15 slides

More recommend