1 / 8

The Management and Operational Perspective of Privacy and Security

A Privacy / Security Presentation For HealthTechNet. 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170 703-871-3973. The Management and Operational Perspective of Privacy and Security. Maria C. Horton, CISSP-ISSMP, IAM. July 21, 2006. About EmeSec (pronounced em-ēē-sek).

gardenia
Download Presentation

The Management and Operational Perspective of Privacy and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Privacy / Security Presentation For HealthTechNet 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170 703-871-3973 The Management and Operational Perspective of Privacy and Security Maria C. Horton, CISSP-ISSMP, IAM July 21, 2006

  2. About EmeSec (pronounced em-ēē-sek) • 8(a), Service Disabled Veteran, Woman Owned Business • Founded April 2003 • EmeSec specializes e-Security solutions IT policy and planning, Continuity of Operations, Incident Response, and Regulatory Compliance

  3. Security in Large Organizations 1-2 yr phase Source: Meta Group, 2004

  4. Drivers Government Regulatory Commercial Revenue Privacy Management Policy driven Procedurally oriented Operational Technically focused Location based Data Protection

  5. Common Security Issues • Five Basic problem Areas • Inherent Security Defects • Misuse of Tools • Improper maintenance • Ineffective Security • Inadequate detection systems

  6. Threat Response Activities • Annual Risk Assessment • Perimeter protections • Changing: wireless / virtual worlds • Automated configuration management • Access control • Role Based • Multi-factorial Authentication • Specialized security training

  7. Continuous Monitoring Automated patching Network and server functionality Audit trail monitoring / alerts Trend analysis Incident Response Key Performance Indicators Up time Training Size does matter Monitoring and response are required Resources generally limited Money Personnel Innovation Critical to success Managing Vulnerabilities

  8. Contact Us: 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170 703.871.3973 www.emesec.net 8(a), Service Disabled Veteran, Woman-owned, Small Business

More Related