CompTIA Security+ Study Guide (SY0-401)

Slides:

Advertisements

Similar presentations

IT Security Policy Framework

Advertisements

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:

Confidentiality and HIPAA

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

NAU HIPAA Awareness Training

Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Springfield Technical Community College Security Awareness Training.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Security Controls – What Works

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT Introduction to Network Security Instructor – Jan McDanolds,

Electronic Records Management: What Management Needs to Know May 2009.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

HIPAA PRIVACY AND SECURITY AWARENESS.

1 General Awareness Training Security Awareness Module 1 Overview and Requirements.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Privacy, Confidentiality, Security, and Integrity of Electronic Data

Group 3 Angela, Rachael, Misty, Kayelee, and Krysta.

Lesson 5-Legal Issues in Information Security. Overview U.S. criminal law. State laws. Laws of other countries. Issues with prosecution. Civil issues.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Chapter 4: Laws, Regulations, and Compliance

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Information Security and Privacy in HRIS

Junli M. Awit, RN.  Enacted by President Bill Clinton in 1996  Title I of HIPAA protects health insurance coverage for workers and their families when.

Law and Ethics INFORMATION SECURITY MANAGEMENT

Chapter 11: Security Administration

Protection of CONSUMER information

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

Data Security Policies

Understanding HIPAA Dr. Jennifer Lu.

E&O Risk Management: Meeting the Challenge of Change

Developed by: Human Resources February 2011

Chapter 3: IRS and FTC Data Security Rules

Protecting Personal Information Guidance for Business.

Red Flags Rule An Introduction County College of Morris

Confidentiality and Privacy Controls

Chapter 4 Law, Regulations, and Compliance

DATA BREACHES & PRIVACY Christine M

Employee Privacy and Privacy of Employee Information

Security Awareness Training: Data Owners

County HIPAA Review All Rights Reserved 2002.

Health Care: Privacy in a Digital Age

UCA Gramm-Leach Bliley Act (GLBA) Safeguards Rule Compliance Training Effective June 12, 2018 Adapted from materials published by the Federal Trade Commission.

CIT 485: Advanced Cybersecurity

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

The Health Insurance Portability and Accountability Act

Lesson 1: Introduction to HIPAA

Presented by Elizabeth Kunkel Member Service Trainer

Move this to online module slides 11-56

Introduction to the PACS Security

Presentation transcript:

CompTIA Security+ Study Guide (SY0-401) Chapter 11: Security Administration

Chapter 11: Security Administration Summarize the security implications of integrating systems and data with third parties. Explain the importance of security related awareness and training. Given a scenario, select the appropriate control to meet the goals of security. Summarize mobile security concepts and technologies. Compare and contrast alternative methods to mitigate security risks in static environments.

Third-Party Integration Transitioning Ongoing Operations

Providing Education and Training Organization’s training and educational programs need to be tailored for at least three different audiences: The organization as a whole (the so-called rank and file employees) Management Technical staff

Training Topics Clean Desk Policy Compliance with Laws, Best Practices, and Standards Data Handling Dealing with Personally-Owned Devices Personally Identifiable Information Prevent Tailgating

Training Topics Continued Safe Internet Habits Smart Computing Habits Social Networking Dangers The Need for All Computing to Be Safe The Value of Strong Passwords Understanding Data Labeling and Handling What to Do When Disposing of Old Media Responding to Hoaxes

Classifying Information Three Primary Categories of Information: Public Use Internal Use Restricted Use

Chapter 11: Security Administration Private Information intended only for use internally in the organization. Internal Information includes personnel records, financial working documents, ledgers, customer lists, and virtually any other information that is needed to run a business. Restricted Information could seriously damage the organization if disclosed. It includes proprietary processes, trade secrets, strategic information, and marketing plans. placed on a need-to-know basis

Information Access Controls Access control defines the methods used to ensure that users of your network can access only what they’re authorized to access. Implicit Denies Least Privilege Job Rotation

Complying with Privacy and Security Regulations Regulatory and governmental agencies are key components of a security management policy. As a security professional, you must stay current with these laws because you’re one of the primary agents to ensure compliance.

Regulations Health Insurance Portability and Accountability Act (HIPAA) a regulation that mandates national standards and procedures for the storage, use, and transmission of personal medical information. The Gramm-Leach-Bliley Act also known as the Financial Modernization Act of 1999, requires financial institutions to develop privacy notices and to notify customers that they are entitled to privacy.

Regulations The Computer Fraud and Abuse Act (CFAA) this act gives federal authorities, primarily the FBI, the ability to prosecute hackers, spammers, and others as terrorists. The Family Educational Rights and Privacy Act (FERPA) dictates that educational institutions may not release information to unauthorized parties without the express permission of the student or, in the case of a minor, the parents of the student. The Computer Security Act of 1987 requires federal agencies to identify and protect computer systems that contain sensitive information.

Regulations Cyberspace Electronic Security Act (CESA) gives law enforcement the right to gain access to encryption keys and cryptography methods. Cyber Security Enhancement Act of 2002 allows federal agencies relatively easy access to ISPs and other data-transmission facilities to monitor communications of individuals suspected of committing computer crimes using the Internet. The Patriot Act This law gives the U.S. government extreme latitude in pursuing criminals who commit terrorist acts.

Chapter 11: Security Administration Mobile Devices BYOD Issues Alternative Methods to Mitigate Security Risks Control redundancy and diversity SCADA (Supervisory Control and Data Acquisition)