One Hospital s Cybersecurity Journey

Similar documents
ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

locuz.com SOC Services

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

ITSM SERVICES. Delivering Technology Solutions With Passion

Automating the Top 20 CIS Critical Security Controls

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

CyberArk Privileged Threat Analytics

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

A company built on security

Cisco Secure Ops Solution

Aligning with the Critical Security Controls to Achieve Quick Security Wins

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Information Security Controls Policy

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

eplus Managed Services eplus. Where Technology Means More.

NEN The Education Network

K12 Cybersecurity Roadmap

Designing and Building a Cybersecurity Program

50+ Incident Response Preparedness Checklist Items.

FDIC InTREx What Documentation Are You Expected to Have?

Unlocking the Power of the Cloud

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Everything visible. Everything secure.

ISO27001 Preparing your business with Snare

ISE North America Leadership Summit and Awards

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

The Common Controls Framework BY ADOBE

Managed Security Services - Endpoint Managed Security on Cloud

SIEMLESS THREAT MANAGEMENT

USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017

Reinvent Your 2013 Security Management Strategy

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

Qualys Cloud Platform

MEETING ISO STANDARDS

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

BUILDING AND MAINTAINING SOC

External Supplier Control Obligations. Cyber Security

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

CipherCloud CASB+ Connector for ServiceNow

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Data Management and Security in the GDPR Era

Cyber Security Program

RSA NetWitness Suite Respond in Minutes, Not Months

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

From Managed Security Services to the next evolution of CyberSoc Services

Security Architecture

Consolidation Committee Final Report

Click to edit Master title style. DIY vs. Managed SIEM

White Paper. How to Write an MSSP RFP

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Cybersecurity, the Challenges Healthcare Faces AUGUST 17, 2018 BUILDING LEADERS TRANSFORMING HOSPITALS IMPROVING CARE HTS3 2018

Security Fundamentals for your Privileged Account Security Deployment

10 FOCUS AREAS FOR BREACH PREVENTION

Goal 1: Maintain Security of ITS Enterprise Systems

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

QuickBooks Online Security White Paper July 2017

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Transforming Security from Defense in Depth to Comprehensive Security Assurance

T22 - Industrial Control System Security

Mapping BeyondTrust Solutions to

Cybersecurity Protecting your crown jewels

Addressing Cybersecurity in Infusion Devices

COPE-ing with Cyber Risk Exposures

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

CIS Controls Measures and Metrics for Version 7

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Supporting the Cloud Transformation of Agencies across the Public Sector

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

CIS Controls Measures and Metrics for Version 7

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

How to Write an MSSP RFP. White Paper

the SWIFT Customer Security

Cyber Hygiene: A Baseline Set of Practices

Industrial Defender ASM. for Automation Systems Management

How AlienVault ICS SIEM Supports Compliance with CFATS

SYMANTEC DATA CENTER SECURITY

Transcription:

MAY 11 12, 2017 SAN FRANCISCO, CA One Hospital s Cybersecurity Journey SanFrancisco.HealthPrivacyForum.com #HITprivacy

Introduction Senior Director Information Systems Technology, Children s Mercy Hospital Chief Technology Officer and Chief Information Security Officer, Huntzinger Owner / Principal, East End Technology Consulting, Inc. Senior Vice President Architecture and Business Operations, Discovery Communications Master of Business Administration, Healthcare The George Washington University School of Business

How the Journey Began Children s Mercy Hospital, a premiere children s healthcare system, has grown immensely over the last 10 years. Unfortunately, information systems technology particularly cybersecurity had not kept pace with that growth. We teamed with PwC, our strategic partner, to develop our security roadmap, implement quick wins, and enhance the network perimeter over 6 months. New IT Leadership Team Audit Findings Our Trusted Consulting Partner Cybersecurity Strategic Plan

Listened to Our Employees The internet is too slow The ticketing system doesn t work There aren t enough IT resources It takes too long to get access

Developed Our Strategic Goals 1 2 3 Patient Driven Cloud Provided Secure Solution Preventing business impact to continue providing top-tier service to our patients Migrating services to the cloud where possible to minimize maintenance Securing our environment to with leading technologies and documented processes Complexity Reducing the complexity of the system environment, including the hardware and software utilized

Aligned Projects to Audit Items for the Strategic Plan Strategic Initiatives Network Security Enhancement Threat Discovery and Management Identity Management and Information Protection Process Improvement and Documentation Current Projects: Current Projects: Current Projects: Current Projects: Network Perimeter Migration Palo Alto Migration OpenDNS IP Address Management Future Projects: Network Access Control Network Infrastructure Upgrade Mobile Device Security Medical Device Security Security Tool and Personnel Alignment Vulnerability Management Program Penetration Testing Patch Management Managed Security Service Provider SIEM Deployment / Splunk Cloud Future Projects: Active Directory Cleanup User Access Review IAM Business Requirements and Vendor Selection Future Projects: IAM Implementation Multi-Factor Authentication Data Inventory and Classification HIPAA Data Assessment and Logging IT Service Management / ServiceNow Implementation Risk, Asset, and Change Management Processes Policies, Standards, Procedures, and MSBs Future Projects: Business Continuity and Disaster Recovery Planning Third Party Risk Management Security Awareness Training Data Loss Prevention Office365 Migration Develop a zero trust network Use the best tools for monitoring Follow principle of least privilege Define repeatable processes

Identified and Tackled Quick Wins Working with our partner, we tackled quick wins - which allowed our team to continue day to day operations. Upgraded Operating Systems Migrated Windows systems running 2000 and 2003 to newer versions Reduced Help Desk Tickets Directed the completion of LAN Desk tickets to meet business SLAs Changed Local Admin Passwords Began the process of managing local administrator credentials through the use of Microsoft LAPS Investigated Basic Security Alerts Removed med devices with Confliker Infrastructure Upgrade Ticketing SLAs Sustainable Security Behaviours Local Administrator Password Solution Cyber Crisis Response Network Troubleshooting Quick Wins Incident and Crisis Management Security Strategy Remediated Network Issues Troubleshot network related issues at specific sites Information Systems Process Documentation Email Security Identity and Access Management Documented Processes Assisted with defining and improvement the procurement process to handle purchase orders and invoices Configured ProofPoint Configured ProofPoint with the proper settings to drastically increase email security Enabled Password Vault Completed testing of Secret Server vaulting and password rotation for privileged accounts

Enhanced the Perimeter Network Network Perimeter Migration Palo Alto Migration Consolidated the internet connection to simplify CMH network architecture and improve network performance, while providing future scalability Replaced the perimeter Cisco ASA firewalls with next generation firewalls to increase the security and improve visibility into network traffic Audit findings Complex management requirements High maintenance costs Multiple egress points Multiple firewall appliances OpenDNS Implemented a domain name security solution to filter out internet traffic from CMH systems to malicious destinations (e.g. malware sites) IP Address Management Installed the IP Address Management (IPAM) tool to CMH devices for the organization and troubleshooting of IP addresses Simplified network design Increased traffic visibility Amplified internet speeds Improved security

Identified and Tackled Quick Wins In the past, we had been able to simply upgrade a circuit to increase speeds, but recent upgrades had not been successful. Our edge equipment was undersized and not performing correctly. During the enhancement projects, adequately sized Cisco networking and Palo Alto Firewalls were deployed. The result drastically increased speeds and a happy customer base. Before After We also realized where all the bandwidth was going

Established Proactive Security Services Security Tool and Personnel Alignment Provided an analysis of tool rationalization and job descriptions for needed roles Vulnerability Management Program (Qualys) Created the routine process of vulnerability scanning within Qualys, vulnerability categorization, and remediation Penetration Testing Performed a network penetration test against publicly-facing and internal CMH systems to identify critical vulnerabilities that could lead to systems compromise Patch Management Documented the process of using SCCM to schedule patching activities on CMH systems Managed Security Service Provider (MSSP) Transitioned the network and systems security monitoring to PwC for continuous coverage and proper alerting of discoveries SIEM Deployment (Splunk Cloud) Implemented enterprise-level security information event management system to collect, consolidate, and correlate security events from CMH systems for incident monitoring and response As vulnerabilities were discovered, our partner guided our team towards a remediation path and offered continual guidance.

Stood Up Managed SOC in 60 days Detection Policy Development & Rule Response Develop, Tune, and Maintain Response rules Analyze SIEM events for false positives Continuous Monitoring and tune detection rules accordingly Provide 24/7/365 Security Event monitoring Event Triage and Escalation Escalate identified SIEM incidents that needs further investigation up the support tiers or to client Documentation Maintain technical, and functional documentation for the Monitoring program Use Case Development Log Source Ingestion Identify gaps in coverage and work with client teams on an enrichment strategy Development of parsers for new log sources Tuning existing parsers for more effective/efficient data ingestion Hunt/Find Performs incident detection, analysis and classification Coordinate with client for analysis, containment and remediation Maintenance SIEM solution health check and maintenance Deploy updates, patches and minor release upgrades Create and respond to tickets for technical and functional issues arising with the SIEM Continuous Improvement through additional use case development and implementation and lifecycle monitoring review

Protected Access to Information To supplement our on-going efforts in implementing an IAM solution, we worked with our partner and created numerous automated scripts to maintain a clean Active Directory. Review users Review access Begin IAM process Future Projects Active Directory Cleanup User Access Review IAM Business Requirements Implement the chosen IAM solution with role based access based on the principle of least privilege to limit access Perform, cleanup, and establish a process for periodic review of users with access to the CMH network control by Active Directory Review and document CMH user access to the multitude of applications within the CMH environment Define and prioritize the requirements for an identity and access management solution

Defined and Improved Processes IT Service Management: Developed the processes to deliver the highest level of IT service, while implementing ServiceNow to track requests and incidents Risk, Asset, and Change Management Processes: Documented and implemented the processes for maintaining a log of assets, potential risks, and changes to the CMH environment Policies, Standards, Procedures, and MSBs: Created an IT and Security program with the supporting documentation to define the expectations of CMH and configuration standards

Measured Our Progress and Success Safety People Quality Delivery Stewardship The installation of monitors and setup numerous dashboards to track the team s progress through the process.

Understood the Continuous Process for Improvement Continuous Improvement

With the Opportunity to Learn Throughout Ignore the sins of the past Build before your audit, not after Cybersecurity is a journey, not a destination

Darin Prill Children's Mercy Hospital @dprill in/dprill SanFrancisco.HealthPrivacyForum.com #HITprivacy

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback