Securing Biomedical Devices. IT Challenges - A View from the Trenches
|
|
- Kelley Gregory
- 5 years ago
- Views:
Transcription
1 Securing Biomedical Devices IT Challenges - A View from the Trenches
2 Background Lead newly formed medical device security (MDS) team Previously clinical/research/teaching activities Extensively collaborated with clinical and research teams Unique user/security perspective Steve Smith IT clinical applications background Institution Clinical/research/teaching missions IT security consists of these teams Cybersecurity Medical device security (MDS) Access/Identity Risk FISMA/PCI Testing
3 Medical Device Security (MDS) Team Challenges
4 MDS or Other Team Responsible for a Device? What is a biomedical device? FDA medical device definition provides some guidance A device is: "an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them, intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or intended to affect the structure or any function of the body of man or other animals, and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of its primary intended purposes. The term "device" does not include software functions excluded pursuant to section 520(o). Definition includes obvious things like CT and MR scanners, infusion pumps, pacemakers, etc In practice, not always clear cut 4
5 MDS or Other Team Responsible for a Device? The Capsule Neuron 2 is a bedside mobile clinical computer that enables the automatic collection of vital signs data. Is it a biomedical device? Neuron 2 Infusion Pump Smart Bed Ventilator 5
6 MDS or Other Team Responsible for a Device? How about a network connected battery monitoring system for a mobile electronic health record (EHR) computer? Our approach to defining: ANY device, research or clinical, that Connects directly or through another device to our network Does not meet the requirements of our Windows 10 security standard which includes: Host based firewall, anti-malware, timely patching, encryption, device control, meets password standard, etc If it does, then cybersecurity team manages it Notice that this definition captures lots of IoT devices Networked connected cameras, DVRs, printers, HVAC, etc All devices on the network must be the responsibility of some team Devices 'clearly' not a biomedical device are then assigned to the cybersecurity team 6
7 Creating an Inventory of Current Devices We can't defend what we don't know about! Generating the inventory requires identifying and working with the various asset owners/managers In our case, groups such as: The clinical equipment department Academic resources for research assets Research administration for clinical trials Specialized service groups such as for imaging and cardiology equipment Network scanning to locate and profile devices From the MAC address (first three bytes) From its network behavior (who it communicates with) Tools such a nmap could be used to profile a device through active port scanning May cause device to drop off the network and need to be restarted 7
8 Creating an Inventory of Current Devices We also need owners/managers to provide data that will allow us to assess and manage the risk of the device such as: Does it connect wired or wirelessly to the network? If wireless, what protocol does it support (dot1x, etc)? It s IP and MAC address? Does it use a default password? Does the vendor have remote access to the device (tool used)? Is it Active Directory joined? What OS does it use? Does it store/transmit PHI? Does it have a local firewall? Does it have anti-virus? Is it subject to regular patching? Not routinely tracked 8
9 Implementing Mitigating Controls What can we do to reduce risk of the device? Consider also risk to patient/subject if hacked Common issues: Out of date OS or no patching Default passwords and poor password management Only supports wireless protocols with weak or no security No firewall or anti-virus These issues need to be addressed on a device by device basis One solution does not fit all Need to understand who it needs to communicate with and over which ports Approaches we are exploring Device specific VLANS and wireless networks CISCO ISE for dynamic VLAN and access control list assignment 9
10 Evaluating Device Risk BEFORE Purchase or Network Addition We are identifying all the paths that a device might take to get into the Medical Center such as: Faculty transferring from other institutions Clinical capital and operational expenditures Research capital and operational expenditures Research grants Proof of concept demos Clinical trials Hospital mergers Inserting the MDS team into each path For example, we are now reviewers on all research proposals Timely notice of some proposed purchases is an issue Vendor month or year end sales Capital equipment requests all coming in at one time 10
11 Questions? Don Gage
Medical Devices Cybersecurity? Introduction to the Cybersecurity Landscape in Healthcare
May 5 & 6, 2017 Medical Devices Cybersecurity? Introduction to the Cybersecurity Landscape in Healthcare Marc Schlessinger, RRT, MBA, FACHE Senior Associate Applied Solutions Group Evolution of the Connected
More informationMedical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.
Medical Devices and Cyber Issues JANUARY 23, 2018 AHA and Cybersecurity Policy Approaches Role of the FDA FDA Guidance and Roles Pre-market Post-market Assistance during attack Recent AHA Recommendations
More informationMobile Health Apps: A Primer
Mobile Health Apps: A Primer René Quashie Senior Counsel Epstein Becker Green July 2014 2014 Epstein Becker & Green, P.C. All Rights Reserved. ebglaw.com 1 Agenda 1. mhealth Publishers 2. Status of the
More informationMEDICAL DEVICE SECURITY. A Focus on Patient Safety February, 2018
MEDICAL DEVICE SECURITY A Focus on Patient Safety February, 2018 WHO I AM Adam Brand I Am The Cavalry Director Privacy and Security, Protiviti Focus on Medical Device Healthcare Security Custom EEG Manufacturing,
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationMedical Device Cybersecurity A Marriage of Safety and Security
Medical Device Cybersecurity A Marriage of Safety and Security 121 st AFDO Annual Education Conference Medical Devices Track June 20 th, 2017 By: Armin Torres, Principal Consultant 1 Cyber Security Overview
More informationForging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health
Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health 1 Speaker Introduction Tom Stafford, Vice President & CIO Education: Bachelors
More informationHealth on Your Hip: Leveraging the Power of the Wireless World
Health on Your Hip: Leveraging the Power of the Wireless World Agenda The Questions The Move to Mobile The Wireless Revolution Examples of Success Some of the problems The Future Some Questions to Answer
More informationInternet of Medical Things (IoMT)
Internet of Medical Things (IoMT) RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018 RiskSense, Inc. IoMT Is Here and the Risks Are Real It s always
More informationIIC Testbed Overview. Stan Schneider, PhD CEO, Real-Time Innovations (RTI) Vice Chair, Industrial Internet Consortium (IIC)
IIC Testbed Overview Stan Schneider, PhD CEO, Real-Time Innovations (RTI) Vice Chair, Industrial Internet Consortium (IIC) What is the Industrial IoT Really About? 2018 Real-Time Innovations, Inc. Permission
More informationA Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface
A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface ORGANIZATION SNAPSHOT The level of visibility Tenable.io provides is phenomenal, something we just
More informationMedical Device Cybersecurity: FDA Perspective
Medical Device Cybersecurity: FDA Perspective Suzanne B. Schwartz MD, MBA Associate Director for Science and Strategic Partnerships Office of the Center Director (OCD) Center for Devices and Radiological
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationPCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity
Kaspersky Enterprise Cybersecurity Kaspersky Endpoint Security v3.2 Mapping 3.2 regulates many technical security requirements and settings for systems operating with credit card data. Sub-points 1.4,
More informationDesigning Secure Medical Devices
Rick Brooks Director of Systems, Software, and Electrical Engineering Designing Secure Medical Devices 1 Copyright 2018 Battelle Memorial Institute. Permission granted to INCOSE to publish and use. About
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationISE North America Leadership Summit and Awards
ISE North America Leadership Summit and Awards November 6-7, 2013 Presentation Title: Presenter: Presenter Title: Company Name: Embracing Cyber Security for Top-to-Bottom Results Larry Wilson Chief Information
More informationAddressing Cybersecurity in Infusion Devices
Addressing Cybersecurity in Infusion Devices Authored by GEORGE W. GRAY Chief Technology Officer / Vice President of Research & Development Ivenix, Inc. INTRODUCTION Cybersecurity has become an increasing
More informationEvaluating the Security of Your IT Network. Vulnerability Scanning & Network Map
Click to edit Master title style Evaluating the Security of Your IT Network Vulnerability Scanning & Network Map Kyle Stafford / M-CEITA 5/12/2017 1 1 Disclaimer This presentation was current at the time
More informationTypical Server Elements
Component 8 Installation and Maintenance of Health IT Systems Unit 1b Elements of a Typical Electronic Health Record System This material was developed by Duke University, funded by the Department of Health
More informationFDA CDRH perspective on new technologies in inhaler products
2017 IPAC RS/ISAM Joint Workshop New Frontiers in Inhalation Technology FDA CDRH perspective on new technologies in inhaler products Linda Ricci Associate Director ODE DH Office of Device Evaluation Center
More informationDesignated Cyber Security Protection Solution for Medical Devices
Designated Cyber Security Protection Solution for Medical s The Challenge Types of Cyber Attacks Against In recent years, cyber threats have become Medical s increasingly sophisticated in terms of attack
More informationSecuring Wireless Medical Infusion Pumps A Use Case
Securing Wireless Medical Infusion Pumps A Use Case Session 168, February 22, 2017 Gavin O Brien, Computer Scientist, NCCoE/NIST Rob Skelton, Program Manager, BD (Becton, Dickinson and Co.) 1 Speaker Introduction
More informationTHREAT REPORT Medical Devices
THREAT REPORT Medical Devices Detailed analysis of connected medical devices across 50 hospitals in 2017 THREAT REPORT In this Threat Report Introduction 3 About This Report 3 Device Deployments 4 Most
More informationMeaningful Use or Meltdown: Is Your Electronic Health Record System Secure?
SESSION ID: PDAC-R03 Meaningful Use or Meltdown: Is Your Electronic Health Record System Secure? Gib Sorebo Chief Cybersecurity Strategist Leidos @gibsorebo High Cost of Healthcare Data Breaches Source:
More informationInformation Governance, the Next Evolution of Privacy and Security
Information Governance, the Next Evolution of Privacy and Security Katherine Downing, MA, RHIA, CHPS, PMP Sr. Director AHIMA IG Advisors Follow me @HIPAAQueen 2017 2017 Objectives Part Part I IG Topic
More informationPhysician Office Name Ambulatory EHR Security Risk Analysis
Process is in place to verify access granted is appropriate (ie: Role Based access indicates that the biller has access to billing screens and the nurse has access to the patient medical information).
More informationCisco BioMed NAC Solution for Healthcare: Flexible, Cost-Effective Provisioning for Identified Networked Biomedical Devices
Cisco BioMed NAC Solution for Healthcare: Flexible, Cost-Effective Provisioning for Identified Networked Biomedical Devices Housekeeping Incident in the OR In a real situation, hospital housekeeping staff
More informationHEALTHCARE IT NETWORK SURVEY REPORT
HEALTHCARE IT NETWORK SURVEY REPORT FEBRUARY 2019 PAGE 2 Healthcare IT Network Survey Report INTRODUCTION Harnessing digital technologies for patient engagement is essential for healthcare organizations
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationEnsuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard
Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure
More informationTrends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk
Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk Standards Certification Education & Training Publishing Conferences & Exhibits Steve Liebrecht W/WW Industry
More informationHealthcare Hacked. Mayra Rosario Fuentes/Numaan Huq Forward Looking Threat Research (FTR) Sr. Threat Researcher
Healthcare Hacked Mayra Rosario Fuentes/Numaan Huq Forward Looking Threat Research (FTR) Sr. Threat Researcher mayra_rosario@trendmicro.com Introduction Who Am I? Information Assurance (IA) Booz Allen
More informationFDA & Medical Device Cybersecurity
FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US
More informationISSP Network Security Plan
ISSP-000 - Network Security Plan 1 CONTENTS 2 INTRODUCTION (Purpose and Intent)... 1 3 SCOPE... 2 4 STANDARD PROVISIONS... 2 5 STATEMENT OF PROCEDURES... 3 5.1 Network Control... 3 5.2 DHCP Services...
More informationPotential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group Submitted on behalf of the U.S. Department of Energy National
More informationNIST Cybersecurity Framework Protect / Maintenance and Protective Technology
NIST Cybersecurity Framework Protect / Maintenance and Protective Technology Presenter Charles Ritchie CISSP, CISA, CISM, GSEC, GCED, GSNA, +6 Information Security Officer IT experience spanning two centuries
More informationDOD Medical Device Cybersecurity Considerations
Enedina Guerrero, Acting Chief, Incident Mgmt. Section, Cyber Security Ops Branch 2015 Defense Health Information Technology Symposium DOD Medical Device Cybersecurity Considerations 1 DHA Vision A joint,
More informationINFORMATION RESOURCE SECURITY CONFIGURATION AND MANAGEMENT
INFORMATION RESOURCE SECURITY CONFIGURATION AND MANAGEMENT Policy UT Health San Antonio shall adopt and document Standards and Procedures to define and manage a secured operating configuration for all
More informationFOLLOW-UP REVIEW OF RISK MANAGEMENT ETC RISK MANAGEMENT FRAMEWORK
2017 FOLLOW-UP REVIEW OF RISK MANAGEMENT ETC RISK MANAGEMENT FRAMEWORK MA. LUISA JASA-LOQUE IMAAN HIGHER COLLEGE OF TECHNOLOGY Educational Technology Center DISTRIBUTION LIST ETC QA CORDINATOR Report Distribution
More informationInside the 6 principal layers of the cloud security ARMOR.COM PAGE PAGE 1 1
Inside the 6 principal layers of the cloud security stack @ARMOR ARMOR.COM PAGE PAGE 1 1 The cloud is critical, complex Establishing a secure cloud infrastructure has become incredibly important for most
More informationNavigating Regulatory Issues for Medical Device Software
Navigating Regulatory Issues for Medical Device Software Michelle Jump, MS, MSRS, CHA Principal Regulatory Affairs Specialist Stryker Corporation IEEE Symposium on Software Reliability Engineering (Ottawa,
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationSecuring the Internet of Things (IoT) at the U.S. Department of Veterans Affairs
Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs Dominic Cussatt Acting Deputy Assistant Secretary / Chief Information Security Officer (CISO) February 20, 2017 The Cyber
More informationJUST WHAT THE DOCTOR ORDERED: A SOLUTION FOR SMARTER THERAPEUTIC DEVICES PLACEHOLDER IMAGE INNOVATORS START HERE.
JUST WHAT THE DOCTOR ORDERED: A SOLUTION FOR SMARTER THERAPEUTIC DEVICES PLACEHOLDER IMAGE INNOVATORS START HERE. EXECUTIVE SUMMARY There s little question that advances in therapeutic technologies have
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationMeaningful Use Ready or Not. Brenda Christman, RN. What Will We Be Covering? 10/8/2014
Meaningful Use Ready or Not CMS Audits are Underway Brenda Christman, RN Career Health Care Consultant 3+ years with Arnett Foster Toothman PLLC Prior Big 4 Consultant Registered Nurse Industry experience
More informationUpdate and Demonstration to FDA: AdvaMed Ad Hoc Spine/Trauma Trays and UDI Working Group
Update and Demonstration to FDA: AdvaMed Ad Hoc Spine/Trauma Trays and UDI Working Group Disclaimer: The information and perspectives represented in this document are not intended to represent a standard
More information2015 HFMA What Healthcare Can Learn from the Banking Industry
2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical
More informationAugust 30, 2018 UWW Wireless: Registering Windows Laptop to UWW Wireless Network for Staff
August 30, 2018 UWW Wireless: Registering Windows Laptop to UWW Wireless Network for Staff OVERVIEW This guide will walk you through the steps to register your Windows computer to the UWW network, install
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationTips for Passing an Audit or Assessment
Tips for Passing an Audit or Assessment Rob Wayt CISSP-ISSEP, HCISPP, CISM, CISA, CRISC, CEH, QSA, ISO 27001 Lead Auditor Senior Security Engineer Structured Communication Systems Who likes audits? Compliance
More informationData Loss Protection Guidelines For Insurance Agents. By Insurance Standing Committee for Cyber Security (ISCCS)
Data Loss Protection Guidelines For Insurance Agents By Insurance Standing Committee for Cyber Security (ISCCS) 6 February 2017 Change History Version Change Description by Date 1.0 Initial Official release
More informationRegulatory Aspects of Digital Healthcare Solutions
Regulatory Aspects of Digital Healthcare Solutions TÜV SÜD Product Service GmbH Dr. Markus Siebert Rev. 02 / 2017 02.05.2017 TÜV SÜD Product Service GmbH Slide 1 Contents Digital solutions as Medical Device
More informationThe Intersection of Patient Safety and Medical Device Cybersecurity
The Intersection of Patient Safety and Medical Device Cybersecurity Session CYB4, March 5, 2018 Kevin A. McDonald Director, Clinical Information Security, Mayo Clinic Axel Wirth Distinguished Healthcare
More informationHIPAA Assessment. Prepared For: ABC Medical Center Prepared By: Compliance Department
HIPAA Assessment Prepared For: ABC Medical Center Prepared By: Compliance Department Agenda Environment Assessment Overview Risk and Issue Score Next Steps Environment NETWORK ASSESSMENT (changes) Domain
More informationCybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank
Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank NJ Bankers Association Annual Convention May 19, 2017 Presented by: Jeremy Burris, Principal, S.R. Snodgrass,
More informationOne Hospital s Cybersecurity Journey
MAY 11 12, 2017 SAN FRANCISCO, CA One Hospital s Cybersecurity Journey SanFrancisco.HealthPrivacyForum.com #HITprivacy Introduction Senior Director Information Systems Technology, Children s Mercy Hospital
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationClinical and ICT Cybersecurity Overview and Cases A242-3
Clinical and ICT Cybersecurity Overview and Cases A242-3 Elliot B. Sloane, PhD, CCE - Elected Fellow of ACCE, AIMBE, and HIMSS President and Founder Center for Healthcare Information Research and Policy,
More informationAddressing HIPAA privacy compliance on hospital wireless network
E-Guide Addressing HIPAA privacy compliance on hospital wireless network Medical devices, tablets, smartphones and RFID are forcing hospital wireless networks open. HIPAA privacy compliance is harder than
More informationInstalling Your Multifunction to Your Network for the First Time
Installing Your Multifunction to Your Network for the First Time MAXIFY MB5020 Windows OS Wireless Setup Using Standard Setup 1 Installing Your Multifunction to Your Network for the First Time MAXIFY MB5020
More informationa. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard
Kiosk Security Standard 1. Purpose This standard was created to set minimum requirements for generally shared devices that need to be easily accessible for faculty, staff, students, and the general public,
More informationCisco Connected Factory Accelerator Bundles
Data Sheet Cisco Connected Factory Accelerator Bundles Many manufacturers are pursuing the immense business benefits available from digitizing and connecting their factories. Major gains in overall equipment
More informationEndpoint Security Can Be Much More Effective and Less Costly. Here s How
Endpoint Security Can Be Much More Effective and Less Costly Here s How Contents Introduction More is not always better Escalating IT Security Budgets Ineffective management Need of the hour System management
More informationClassification and regulation of software
Classification and regulation of software Ciara Farrell, Arthur Cox 5 October 2017 Medtec Ireland 2017 2 Law cannot keep up! 3 Legal issues Regulation as medical devices Privacy and cybersecurity Licensing
More informationClient Computing Security Standard (CCSS)
Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices
More informationLessons Learned from the Medical Device Interoperability Program (MD PnP) at Partners HealthCare / Mass. Gen Hosp
S.M.A.R.T. Medical Device Informatics Thinktank Improving Structured Device Data Capture AHRQ February 24, 2015 Lessons Learned from the Medical Device Interoperability Program (MD PnP) at Partners HealthCare
More informationAn Update on the Activities and Progress of the mhealth Regulatory Coalition Prepared for the 2011 Medical Device Connectivity Conference
An Update on the Activities and Progress of the mhealth Regulatory Coalition Prepared for the 2011 Medical Device Connectivity Conference Dane Stout The Anson Group September 8, 2011 MRC Background Formed
More informationDEPARTMENT OF HEALTH & HUMAN SERVICES
DEPARTMENT OF HEALTH & HUMAN SERVICES Public Health Service Food and Drug Administration 10903 New Hampshire Avenue Silver Spring, MD 20993 March 22, 2016 Tara M. Federici, Vice President Zachary A. Rothstein,
More informationCyber Hygiene: Uncool but necessary. Automate Endpoint Patching to Mitigate Security Risks
Cyber Hygiene: Uncool but necessary Automate Endpoint Patching to Mitigate Security Risks 1 Overview If you analyze any of the recent published attacks, two patterns emerge, 1. 80-90% of the attacks exploit
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationACM Retreat - Today s Topics:
ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party
More informationBiomedical Device Security: New Challenges and Opportunities. Florence D. Hudson Senior Vice President and Chief Innovation Officer Internet2
Biomedical Device Security: New Challenges and Opportunities Florence D. Hudson Senior Vice President and Chief Innovation Officer Internet2 The evolution to today s reality in biomedical devices Number
More informationSample Security Risk Analysis ASP Meaningful Use Core Set Measure 15
Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15 Risk Analysis with EHR Questions Example Answers/Help: Status What new electronic health information has been introduced into my practice
More informationConnected Medical Devices
Connected Medical Devices How to Reduce Risks Inherent in an Internet of Things that Can Help or Harm Laura Clark Fey, Esq., Principal, Fey LLC Agenda Overview of the Internet of Things for Healthcare
More informationChecklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)
Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations
More informationSecure wired and wireless networks with smart access control
Secure wired and wireless networks with smart access control Muhammad AbuGhalioun Senior Presales Consultant Hewlett-Packard Enterprise Aruba Saudi Arabia Managing risk in today s digital enterprise Increasingly
More informationREAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY
SEPTEMBER 11 13, 2017 BOSTON, MA REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY HealthcareSecurityForum.com/Boston/2017 #HITsecurity Brian Selfridge Partner, Meditology Services https://www.meditologyservices.com/
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More information2018 By: RemoveVirus.net. Remove A Virus From Your PC In 5 Simple Steps
2018 By: RemoveVirus.net Remove A Virus From Your PC In 5 Simple Steps PCs, like Macs and Mobile Devices are susceptible to different types of malware. Avoid panicking when you realize that your PC has
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationSecurity Challenges and
Security Challenges and Opportunities for IoE Becoming an IoE Ready Organization Steve Martino, Chief Information Security Officer, Cisco Lokesh Sisodiya, President, ISC2, East Bay Chapter Cisco Public
More informationInstalling the Printer to Your Wireless Network. imageprograf PRO Mac OS
Installing the Printer to Your Wireless Network imageprograf PRO - 1000 Mac OS Setup and Installation Setup and Installation The instructions contained in this document apply equally to first-time installations,
More informationComprehensive Mitigation
Comprehensive Mitigation Jenny Anderson Compliance Engineer - CIP janderson.re@spp.org 501.614.3299 July 25, 2013 Goals and Benefits of Mitigation Mitigation should lessen the risk of unintended consequences
More informationTechnology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014
Technology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014 Welcome! Thank you for joining us today. In today s call we ll cover the Security Assessment and next steps. If you want
More informationCisco ISE Plus SIEM and Threat Defense: Strengthen Security with Context
White Paper Cisco ISE Plus SIEM and Threat Defense: Strengthen Security with Context What You Will Learn Network security threats are a fact of life. But the modern security arsenal has two highly effective
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationInternet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin
Internet of Things Internet of Everything Presented By: Louis McNeil Tom Costin Agenda Session Topics What is the IoT (Internet of Things) Key characteristics & components of the IoT Top 10 IoT Risks OWASP
More informationInternet of Things. The Digital Oilfield: Security in SCADA and Process Control. Mahyar Khosravi
Internet of Things The Digital Oilfield: Security in SCADA and Process Control Mahyar Khosravi makhosra@cisco.com Critical infrastructures worldwide not ready to battle cyber attacks, claims new study.
More informationPlenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.
Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Cybersecurity is a top priority for the financial services industry. Firms dedicate significant resources every
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationForeScout Extended Module for Palo Alto Networks Next Generation Firewall
ForeScout Extended Module for Palo Alto Networks Next Generation Firewall Version 1.2 Table of Contents About the Palo Alto Networks Next-Generation Firewall Integration... 4 Use Cases... 4 Roll-out Dynamic
More informationThe Next Frontier in Medical Device Security
The Next Frontier in Medical Device Security Session #76, February 21, 2017 Denise Anderson, President, NH-ISAC Dr. Dale Nordenberg, Executive Director, MDISS 1 Speaker Introduction Denise Anderson, MBA
More informationLegal Issues Surrounding the Internet of Things and Other Emerging Technology
Legal Issues Surrounding the Internet of Things and Other Emerging Technology ACC Houston Chapter Meeting September 12, 2017 Jonathan Ishee Vorys Sater Seymour and Pease, LLP Dean Fisher RigNet Overview
More informationJeff Wilbur VP Marketing Iconix
2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle Executive Director & President Online Trust Alliance Jeff Wilbur VP Marketing Iconix 1 Who is OTA? Mission to enhance online
More informationHijacking Your Life Support: Medical Device Security. March 2017
Hijacking Your Life Support: Medical Device Security March 2017 Table of Contents Overview... 3 Hijacking Life Support: Medical Device Risks... 4 The Weakest Link... 4 Defining Medical Devices... 5 Breach
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More information