Healthcare Security Success Story

Similar documents
"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Certified Information Security Manager (CISM) Course Overview

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

CCISO Blueprint v1. EC-Council

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Altius IT Policy Collection

locuz.com SOC Services

The NIST Cybersecurity Framework

SOC 3 for Security and Availability

The Common Controls Framework BY ADOBE

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria

Certified Information Systems Auditor (CISA)

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

IoT & SCADA Cyber Security Services

01.0 Policy Responsibilities and Oversight

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

Protecting your data. EY s approach to data privacy and information security

Cyber Security Program

Altius IT Policy Collection Compliance and Standards Matrix

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cybersecurity Protecting your crown jewels

Altius IT Policy Collection Compliance and Standards Matrix

ISE North America Leadership Summit and Awards

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

The NIS Directive and Cybersecurity in

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

THE POWER OF TECH-SAVVY BOARDS:

TEL2813/IS2820 Security Management

Modern Database Architectures Demand Modern Data Security Measures

Turning Risk into Advantage

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Putting It All Together:

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Security and Privacy Governance Program Guidelines

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

MEETING ISO STANDARDS

John Snare Chair Standards Australia Committee IT/12/4

COURSE BROCHURE CISA TRAINING

Building a Resilient Security Posture for Effective Breach Prevention

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

ROLE DESCRIPTION IT SPECIALIST

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

CISA Training.

Address C-level Cybersecurity issues to enable and secure Digital transformation

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

Position Description IT Auditor

One Hospital s Cybersecurity Journey

Security Management Models And Practices Feb 5, 2008

Security and Architecture SUZANNE GRAHAM

CISM Certified Information Security Manager

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

GDPR Update and ENISA guidelines

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

Cesium Co. Ltd., Company Profile. Certification. Laboratory. Metrology Standards. When Performance Matters. Testing Quality

Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM

Department of Management Services REQUEST FOR INFORMATION

BHConsulting. Your trusted cybersecurity partner

Google Cloud & the General Data Protection Regulation (GDPR)

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009

Smart Software Licensing tools and Smart Account Management Privacy DataSheet

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

WELCOME ISO/IEC 27001:2017 Information Briefing

IT Attestation in the Cloud Era

ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

Run the business. Not the risks.

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Twilio cloud communications SECURITY

Solutions Technology, Inc. (STI) Corporate Capability Brief

Data Management and Security in the GDPR Era

TSC Business Continuity & Disaster Recovery Session

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Information Technology Branch Organization of Cyber Security Technical Standard

Threat and Vulnerability Assessment Tool

Objectives of the Security Policy Project for the University of Cyprus

Accelerate GDPR compliance with the Microsoft Cloud

Enhancing Security With SQL Server How to balance the risks and rewards of using big data

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

Welcome ControlCase Conference. Kishor Vaswani, CEO

The CIA Challenge Exam. August 2018

Uncovering the Risk of SAP Cyber Breaches

HCL GRC IT AUDIT & ASSURANCE SERVICES

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Best Practices in Securing a Multicloud World

Next Generation Policy & Compliance

Cyber Resilience. Think18. Felicity March IBM Corporation

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Predstavenie štandardu ISO/IEC 27005

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Transcription:

Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Healthcare Security Success Story Dr. Mohamed AbdelFattah VP of Advisory Services, ALTERNA, IT Business unit, 57357 Group

Healthcare Trending 1 The World Health Organization (WHO) estimates up to 40% of resources spent on healthcare are wasted, in part due to antiquated processes and systems. 2 It has been estimated that there will be approximately 50 billion devices connected to the Internet and, therefore, to each other by 2020. 3 Increased demand of healthcare due to an increased number of elderly and changed life styles leading to an increase in chronic diseases 4 Need for increased efficiency, individualization and equity of quality-oriented healthcare with limited financial resources 2 ALTERNA - Confidential

Smart Hospital The Smart can be summarized in a simple question: How do we leverage real time information to achieve clinical excellence and enhanced patient experience? Intelligent hospital Intelligent hospital is one that works better and smarter better because it s resourceful, creative, and perceptive about what patients and doctors need 3 smarter because it s astute and inventive when it comes to weaving together diverse technologies to enhance patient care.

4D s Framework

The key of success Business first Technology second 5

1 Discover Design 2 Identify Stakeholder Define Project Strategy Discover Current state of Healthcare system Recommend current system enhancements Discover Get Stakeholders Consensus Design Organizational Integrated workflow Propose and approve future state of Healthcare system components & its infrastructure Deliver Project Life Cycle Design 4 Deliver Validate solution and measure outcomes Identify opportunities for improvement Share lessons learned Improve the knowledge transfer Develop 3 Develop Develop and Configure approved solution Develop knowledge transfer plan Deliver training

Smart Hospital Framework

Technology Process Security and Monitoring / GRC Value Measuring People Proposed Technology Services Framework Risk Management Decision Support Clinical Repository Management Program E-learning System IoT Web Portal Services ERP HIS PACS Telemedicine Application Management Program Desktop Database Messaging Service Desk Services Video Conferencing VOIP Services Program Physical Security Data Security Cabling Internet Connectivity Switches & Routers Hardware (Servers) Data Center Infrastructure Program IT Governance 8

Proposed Technology Services Framework, Continue IT Governance IT governance provides a structure for aligning IT strategy with business strategy. By following a formal framework, organizations can produce measurable results toward achieving their strategies and goals. Governance, Risk and Compliance IT governance and GRC are practically the same thing. GRC is the parent program, what determines which framework is used is often the placement of the CISO and the scope of the security program. Value Measuring Value measuring methodology (or VMM) is a tool that helps financial planners balance both tangible and intangible values when making investment decisions, and monitor benefits.

Security Business Approaches Information Security Programs

11 Services Framework

Security Awareness Program Information Security Transformation Approach Security Baseline Assessment Current State Site Survey Baseline Security Assessment Gap Analysis Vulnerability Assessment Pen Test Configuration Audit and Re- Design Recommendatio ns Organization of information security Technology Acquisition Establish Information Security Office Roles & Responsibilities Monitoring, Controlling & Analytics SOC Information Security Policies CSIRT Guidelines for Data Classification Resilience Management Guidelines for Data Protection Forensics Security Training Program IT GRC Program (Governance, Risk and Compliance) Corporate IT Policies & procedures IT Risk Assessment & Treatment Establish Compliance Framework Implement ISO27k1 12

13 Security Healthcare Solution

Information Security Programs

Advanced Security Programs for Enterprise Security Baseline Assessment SBA Monitoring, Controlling and Analytics - MCA Identity and Access Management - IAM Data Privacy, Protection and Classification - DPPC

Security Baseline Assessment Site Survey Baseline Security Assessment Gap Analysis Vulnerability Assessment & Management Penetration Testing Application Security Assessment Configuration Audit and Re-Design Considerations & Recommendations 17

Advanced Security Programs for Enterprise Security Baseline Assessment SBA Monitoring, Controlling and Analytics - MCA Identity and Access Management - IAM Data Privacy, Protection and Classification - DPPC

Monitoring, Controlling and Analytics Monitoring & Controlling Analytics NOC SOC E-Discovery Incident Response Management CSIRT Forensics

Advanced Security Programs for Enterprise Security Baseline Assessment SBA Monitoring, Controlling and Analytics - MCA Identity and Access Management - IAM Data Privacy, Protection and Classification - DPPC

Identity and Access Management Managed Certificate Services IAM Professional Services PKI Digital Certificate Access Management SSO Password Management & Self Service Role Management Privilege Users

Advanced Security Programs for Enterprise Security Baseline Assessment SBA Monitoring, Controlling and Analytics - MCA Identity and Access Management - IAM Data Privacy, Protection and Classification - DPPC

Data Privacy and Protection Protect & Classify User/Client Data Data Security Access and authentication Confidentiality Integrity Availability Data retention Data Privacy Ownership and distribution

Data Classification Compliance Data classification can help define in-scope systems and aid with compliance efforts. Financial Services Data classification can help meet compliance requirements of financial regulations and solutions Healthcare Data classification can help ensuring compliance with Health Regulations as HIPAA (Health Informatics Portability and Accountability Act) Public Corporations Knowing where key financial data resides and ensuring it is kept safe. Government Organizations Data classification can help meet the requirements of the Government Information Systems Management Systems Utility Organizations Define required data classification efforts, specifically to define what a "critical cyber asset" is and how it is protected.

Professional Consulting Security Programs IT (Governance, Risk and Compliance) - GRC Managing Operational Resilience - MOR Security Awareness & Simulation Program SAS Security Training Program - STP

IT (Governance, Risk and Compliance) IT Governance IT Risk Management IT Compliance Management IT Quality Management IT Strategic Plan Process Policies & Controls Procedures Performance Monitoring Risk Identification Risk Assessment Treatment Plan BIA RCA IT Standards Control Objectives Control Testing Internal Auditing Quality Control Quality Assurance Document Management System Business Processes

Professional Consulting Security Programs IT (Governance, Risk and Compliance) - GRC Managing Operational Resilience - MOR Security Awareness & Simulation Program SAS Security Training Program - STP

Managing Operational Resilience Business Continuity Disaster Recovery Outsourced Security Management Outsourced Operation Management

Professional Consulting Security Programs IT (Governance, Risk and Compliance) - GRC Managing Operational Resilience - MOR Security Awareness & Simulation Program SAS Security Training Program - STP

Security Awareness & Simulation Program Implement CBT Courses for Security Awareness Add Data Protection to the Security Awareness Program Include the IT security department in orientation classes Map acceptable use policy Provide Security Awareness in a new IT, existing newsletters or Digital Signage Provide adequate training for new technologies Measure Baseline Deliver Develop

31 e- Learning Platform

Professional Consulting Security Programs IT (Governance, Risk and Compliance) - GRC Managing Operational Resilience - MOR Security Awareness & Simulation Program SAS Security Training Program - STP

Security Training Program EC-Council Certified Certified Secure Computer User (C SCU) Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E CSA) Certified Chief Information Security Officer (C CISO)

Hire CISO 1 2 3 4 Direct and approve the design of security systems Review and approve security policies, controls and incident response planning Schedule periodic security audits Manage all teams, employees, contractors and vendors involved in IT security, which may include hiring

Hire CISO Increase Quality Increase Security Increase Productivity Decrease Cost

3

VISION We believe in talents to provide innovativealternative ways to change the world. Mission Our mission is to inspire and transform businesses into the new digital era through smart minds, research and alternative solutions.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback