"WhatsApp:+1(859)740-9292" Get CISCO,CHST,CISSP,CISM,AWS Proxy to attend exam
HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff...
-
Upload
michelle-weber -
Category
Documents
-
view
217 -
download
1
Transcript of HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff...
![Page 1: HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO.](https://reader035.fdocuments.net/reader035/viewer/2022070305/55146f6c5503462d4e8b5f9a/html5/thumbnails/1.jpg)
HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods)
Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVESM
Principal & CSO
Treadstone 71
www.treadstone71.com
![Page 2: HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO.](https://reader035.fdocuments.net/reader035/viewer/2022070305/55146f6c5503462d4e8b5f9a/html5/thumbnails/2.jpg)
Agenda
From Threat Agent to Safeguard The NSA IAM Method
Criticality of Information Matrix Systems Criticality Matrix
OCTAVESM Method Human Actors Using Network Access Threat Profile: System Problems Basic Risk Profile
Initial Findings Scorecards HIPAA & ISO17799 Roadmap Q&A
![Page 3: HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO.](https://reader035.fdocuments.net/reader035/viewer/2022070305/55146f6c5503462d4e8b5f9a/html5/thumbnails/3.jpg)
ThreatAgent
Threat
Vulnerability
Risk
Asset(ePHI)
Exposure
Safeguard
Gives rise to
Exploits
Leads to
Can damage
And causes an
Can be countermeasured by
Directly affects
![Page 4: HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO.](https://reader035.fdocuments.net/reader035/viewer/2022070305/55146f6c5503462d4e8b5f9a/html5/thumbnails/4.jpg)
Confidentiality Integrity Availability
Patient Records
Medical Staff Records
Employee Records
Vendor Contracts
Employee Health Records
Legal Files (lawsuit information)
Contracts w/Agency People
Meeting Minutes (Board)
Survey Reports (Joint Commission (Medicare/Medicaid)
Docs – Security Eng Tests & Inspections
Patient Accounts
Financial Audits
Planning Documents (Strategic/Master Facility Plan)
Payroll Records
Psych/Drug/Alcohol/HIV
Criticality of Information Matrix
H
M
MM
M
MM
M
M
M
H
H
H
H
H
H
H
HH
H
H
H
H
H
H
M
H
H
H
H
M
MM
M
MM
M
M
M
H
H
H
H
M M
National Security AgencyInformation Assurance Methodology