Presentation is loading. Please wait.

Presentation is loading. Please wait.

Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 12/12/2000 Physician Reminder System: Survivability Network Analysis Step 4.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 12/12/2000 Physician Reminder System: Survivability Network Analysis Step 4."— Presentation transcript:

1 Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 12/12/2000 Physician Reminder System: Survivability Network Analysis Step 4

2 Overview Review of previous SNA findings Softspots Survivability Map Recommendations

3 Physician Reminder System Mission Proactive patient management JIT physician reminders Compliance with practice guidelines Result: High quality outpatient care and follow up Improved patient outcomes and reduce variations in care

4 Essential services & assets Generate reminders for physicians Generate reminders for staff  PRS data for reminders  PRS rules for reminders Essential services Essential assets

5 Selected Attack Scenarios IUS 1-Unauthorized use of PRS by internal staff IUS 2-Unauthorized use of PRS by external hacker IUS 3-Spoofing attack IUS 4-Malicious code Downloaded binary

6 Softspots Architecture Hospital Information System Other Client PRS System Affinity System (Registration) LABEclypsis Interface Engine PRS Server PRS Client Database BrowserEmail FirewallEmail Server Web Server Public network PRS Client Program PRS Client Program Database EmailBrowser Firewall Other Client PRS Client Program Database

7 Survivability Map for IUS 1 Intrusion Scenario Resistance Strategy Recognition Strategy Recovery Strategy IUS 1: Unauthorized use of PRS, by legitimate user/other office staff Current: Trust Threat of punishment Current: Audit Trail Current: Paper-based backup system Audit trail recovery Built-in recovery in commercial database Recommended: Warning Dialogues Security Education Time-based restrictions Visit-based restrictions Recommended: Flag access rule violations Office Manager Review Automated scan of audit logs Recommended: Backup PRS server Review of hospital privacy policy

8 Survivability Map for IUS 2 Intrusion Scenario Resistance Strategy Recognition Strategy Recovery Strategy IUS 2: Unauthorized use of PRS, by outsiders Current: Password management Threat of punishment Current: Audit Trail Physical Access Control Current: Paper-based backup system Audit trail recovery Built-in recovery in commercial database Recommended: Time-based restrictions Visit-based restrictions Screensaver timeouts Login timeouts Boot password Upgrade OS Rotation of dial-up numbers Recommended: Physical access control Oracle security tool Office Manager Review Access Rules Recommended: Backup policy Backup on the other machine(s)/device(s)

9 Survivability Map for IUS 3 Intrusion Scenario Resistance Strategy Recognition Strategy Recovery Strategy IUS 3: Spoofing attack Current: Physical access control Current: Physical access control Current: Built-in recovery in commercial database Recommended: Subnet PRS system with router Encryption Non-promiscuous mode network cards Access control review Recommended: IDS (spoofing) Recommended: Change password Backup policy Backup on the other machine(s)/ device(s) Checksum

10 Survivability Map for IUS 4 Intrusion Scenario Resistance Strategy Recognition Strategy Recovery Strategy IUS 4: Malicious Code Current: Anti-virus software Proxy server Unauthorized software installation Current: Anti-virus software Suspicious software behavior Current: None Recommended: Security Education IDS Recommended: Same Recommended: Commercial recovery utility

11 Policy Recommendations P1-Establish new access control rules P2-Establish a backup and appropriate backup policy P3-Establish security training procedures P4-Monitor and update system security P5-Rotation of dial-up numbers

12 Architecture Recommendations R1-Firewall R2-Distinct backup for PRS R3-Workstation timeouts R4-Database scanner: Automated tool for checking “Audit Trail” logs R5-Cryptographic Checksum R6-Encryption(Database Encryption) R7-IDS

13 Example: Architecture Modifications PRS System with usage timeout PRS Server PRS Client Compartmentalized Database Browser PRS Client Program Email Backup System Automated Log Audit Tool HIS network Checksum Tool Firewall

14 Timeline Phasing of Recommendations TypeShort Term 1-6 months Mid Term 6-12 months Long Term 18+ months Policy P2-Establish a backup and appropriate backup policy P5-Rotation of dial number for dial-up connection P1-Establish new access control rules P3-Establish security training procedures P4-Monitor and update system security Architecture R1-Firewall R3-Workstation timeouts R4-Database scanner R5-Cryptographic checksum R6-Encryption R2-Distinct backup for PRS R7-IDS

15 Estimated Relative Resources to Implement Recommendations RecommendationLaborEquipment P1-Establish new access control rules P2-Establish a backup and appropriate backup policy P3-Establish security training procedures P4-Monitor and update system security P5-Rotation of dial numbers for dial-up connection Low High Low Existing R1-Firewall R2-Distinct backup for PRS R3-Workstation timeouts R4-Database scanner: Automated tool for checking “Audit Trail” logs R5-Cryptographic Checksum R6-Encryption(Database Encryption) R7-IDS High Low Medium Low Medium High Medium High Existing Medium High

16 Lessons Learned External client accountability Understanding client business Business tradeoffs SNA process

Download ppt "Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 12/12/2000 Physician Reminder System: Survivability Network Analysis Step 4."

Similar presentations

Information Technology Awareness Wayne Donald IT Security Officer.

Information Technology Awareness Wayne Donald IT Security Officer.
Oracle Financial System Project Team: Aseem Gupta Jeng Toa Lee Jun Lu Kevin Patrick Zhu Thomas Verghese Weicheng Wong Xuegong Wang ( Jeff ) Date : 26 th.

Oracle Financial System Project Team: Aseem Gupta Jeng Toa Lee Jun Lu Kevin Patrick Zhu Thomas Verghese Weicheng Wong Xuegong Wang ( Jeff ) Date : 26 th.
Student Application System SNA Step 3 Attacker Profiles and Scenarios 11.14.2001.

Student Application System SNA Step 3 Attacker Profiles and Scenarios
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………

Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
Distance Education Team 2 Security Architectures and Analysis.

Distance Education Team 2 Security Architectures and Analysis.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
11/14 SNA Presentation 3 Survivable Network Analysis Oracle Financial System SNA step 3 Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian.

11/14 SNA Presentation 3 Survivable Network Analysis Oracle Financial System SNA step 3 Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian.
Physician Reminder System The Western Pennsylvania Hospital 10/3/00 95-750 Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga.

Physician Reminder System The Western Pennsylvania Hospital 10/3/ Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga.
Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.

Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Similar presentations

Ads by Google