© 2006 EmeSec

HealthTechNet

The Management and Operational Perspective of

Privacy and Security

12801 Worldgate Drive, Suite 500Herndon, Virginia 20170

703-871-3973

A Privacy / Security Presentation

For HealthTechNet

July 21, 2006

Maria C. Horton, CISSP-ISSMP, IAM

© 2006 EmeSec

HealthTechNet

About EmeSec (pronounced em-ēē-sek)

• 8(a), Service Disabled Veteran, Woman Owned Business – Founded April 2003

• EmeSec specializes e-Security solutions IT policy and planning, Continuity of Operations, Incident Response, and Regulatory Compliance

© 2006 EmeSec

HealthTechNet

Security in Large Organizations

Source: Meta Group, 2004

1-2 yr phase

© 2006 EmeSec

HealthTechNet

Data Protection

• Drivers– Government

• Regulatory

– Commercial• Revenue • Privacy

• Management– Policy driven– Procedurally

oriented

• Operational– Technically focused– Location based

© 2006 EmeSec

HealthTechNet

Common Security Issues

• Five Basic problem Areas– Inherent Security Defects– Misuse of Tools – Improper maintenance– Ineffective Security– Inadequate detection systems

© 2006 EmeSec

HealthTechNet

Threat Response Activities• Annual Risk Assessment• Perimeter protections

– Changing: wireless / virtual worlds– Automated configuration management

• Access control– Role Based– Multi-factorial Authentication

• Specialized security training

© 2006 EmeSec

HealthTechNet

Managing Vulnerabilities

• Continuous Monitoring– Automated patching– Network and server

functionality– Audit trail monitoring /

alerts

• Trend analysis– Incident Response– Key Performance

Indicators• Up time

• Training

• Size does matter– Monitoring and response

are required– Resources generally

limited• Money

• Personnel

– Innovation Critical to success

© 2006 EmeSec

HealthTechNet

Contact Us: 12801 Worldgate Drive, Suite

500Herndon, Virginia 20170

703.871.3973www.emesec.net

8(a), Service Disabled Veteran, Woman-owned, Small Business