Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Slides:



Advertisements
Similar presentations
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Introduction to Information and Computer Science Networks Lecture e This material (Comp4_Unit7e) was developed by Oregon Health and Science University,
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Prepared by:Nahed AlSalah Data Security 2 Unit 19.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 1 This material was developed by Oregon Health & Science University,
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.
BUSINESS B1 Information Security.
Introduction to Information and Computer Science Security Lecture a This material (Comp4_Unit8a) was developed by Oregon Health and Science University,
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Troubleshooting Windows Vista Security Chapter 4.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.
Information Systems Security
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 7 Windows 7 Security Features.
Jan 11 Encryption and Hacking. Your Answer Data encryption is used to keep information safe from unauthorised users. Data encryption software makes the.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
Chapter 2 Securing Network Server and User Workstations.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
Network Security & Accounting
Component 3-Terminology in Healthcare and Public Health Settings Unit 16-Definitions and Concepts in the EHR This material was developed by The University.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Internet safety By Suman Nazir
Component 4: Introduction to Information and Computer Science Unit 7: Networks & Networking Lecture 5 This material was developed by Oregon Health & Science.
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
Component 4: Introduction to Information and Computer Science Unit 7: Networks & Networking Lecture 1 This material was developed by Oregon Health & Science.
Security and Ethics Safeguards and Codes of Conduct.
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
How to Mitigate Stay Safe. Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure.
Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Computer Security Sample security policy Dr Alexei Vernitski.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Information Systems Design and Development Security Precautions Computing Science.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Primary/secondary data sources Health and safety Security of Data Data Protection Act.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,
Security Issues in Information Technology
Introduction to Computer Science
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web Lecture 4 This material was developed by Oregon.
Information Systems for Health:
Securing Windows 7 Lesson 10.
Component 4: Introduction to Information and Computer Science Unit 7: Networks & Networking Lecture 2 Welcome to Component 4, which, as you know, is entitled.
Designing IIS Security (IIS – Internet Information Service)
Protection Mechanisms in Security Management
G061 - Network Security.
Presentation transcript:

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC

Unit Objectives List and describe common security concerns Describe safeguards against common security concerns, including firewalls, encryption, virus protection software and patterns, programming for security, etc. Describe security concerns for wireless networks and how to address them List security concerns/regulations for health care applications Describe security safeguards used for health care applications 2 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Mitigating Security Issues Create a security policy Authenticate users Firewalls Antivirus software Intrusion Protection Systems Encrypt communications & stored data Audit adherence to security policies 3 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Security Policy Most policies contain provisions related to: –Security definition –Enforcement –User access to the network, devices, software, & data –Password management – & Internet use –Antivirus software –Backup and recovery –Intrusion detection –Auditing –Others 4 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Authentication Factors - Proving Your Identity Something you know –Username and password Something you have –Smart cards and employee badges Something that is a part of you (biometrics) –Fingerprints, retinal scans, etc. 5 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Factor Authentication One factor authentication –Simplest authentication process –Username and password needed Two factor authentication –Username and password needed –Need one of other authentication types Such as smart card or fingerprint reader Three factor authentication –All three authentication types used Such as username/password and smart card and fingerprint reader 6 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Firewalls Software and/or hardware that blocks unauthorized communications on a computer. Windows OS all provide Windows Firewall. Routers provide basic firewall protection. –Most ISP routers act as firewalls. Inspects each piece of communication. Permits or denies traffic based on rules. –For example, you will not be able to connect to your brother’s PC to copy shared photos unless his firewall is configured to allow the communication. 7 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Windows Firewall Example 8 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 My Network

Antivirus (AV) Software Detects and removes malware. –Can also protect against adware & spyware. Requires current virus pattern definitions. –Cost of approx. $50/year. Searches all computer files for virus signatures. Monitors for malicious computer activity. –For example, if a running program attempts to perform some odd action, the AV software will stop and quarantine the program. 9 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Common Antivirus Software Vendors Avast! - AVG - HouseCall - Kaspersky - McAfee - Symantec Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Intrusion Protection Systems (IPS) Similar to firewall functionality – but more! Hardware and/or software that monitors all network traffic for malicious activity. –Works to stop intrusions and alert network administrators. 11 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 The Cisco Secure Intrusion Detection System (formerly NetRanger), is an enterprise-scale, real-time, intrusion detection system designed to detect, report, and terminate unauthorized activity throughout a network. Approximate cost: $700

Encryption Makes communication unreadable to unauthorized viewers. –Uses electronic private and public key set. Authorized viewers provided with encryption key, with ability to encrypt and decrypt messages. –Medical office encrypts data using its private key. –Patient decrypts data using the medical office’s public key. Encryption keeps data confidential. –Entities never share their private key. 12 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Encryption Example Encrypting a Microsoft Excel 2010 document makes the spreadsheet unreadable to anyone who tries to open it without the encrypting password. Any Microsoft Office file can be encrypted (password protected) in this way. 13 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Encryption Example (cont’d) If the user does not enter the correct password, the encrypted document cannot be opened. Entering the correct password allows the document to be decrypted so that it can be viewed. 14 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 Opening an encrypted document requires the user to enter the password used to encrypt it.

Encryption Example (cont’d) 15 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011 Any file on a Windows-based PC can be encrypted. To encrypt a document: 1.Create a new folder. 2.Right-click the folder and select Properties. 3.Click Advanced. 4.Click Encrypt contents to secure data. 5.All files placed in this folder will be encrypted.

Audit Security Policy Practices Is organization doing what it says it will do? –If nurses are to log off nursing stations when they leave the station, is this being done? –Is the database server kept up to date with critical updates? –Is all access of medical records logged? –Are backups being done regularly and stored according to the security policy? –Do employees adhere to policies? –Others? 16 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Additional Steps to Take... Educate employees –Don’t open unsolicited attachments. –Users lock screens when not at station. –Don’t click on popup ads while surfing. –Report strange activity to network admins. Create secure software applications –Only authenticated & authorized use of software. –Non-repudiation of network actions. Means that a user or device cannot deny having done something. 17 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Additional Steps to Take... Use of password policies –Password complexity. –Passwords changed regularly (60 days, etc.). –No reuse of old passwords. –Passwords not written down anywhere. Domain-based network environment –Server manages users, devices, and policies. –No use of network assets unless part of domain. –Restricted number of network administrators. 18 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Additional Steps to Take... Physical security of assets –Servers bolted to floor/wall in locked room. –No unauthorized physical access of equipment. –Devices password protected at all times. –UPS and power surge equipment utilized. –No access to data without authentication. Validation of data entered into database –All database entries validated before stored in database. –Test for expected and unexpected database entries. 19 Component 4 / Unit 8-2 Health IT Workforce Curriculum Version 2.0/Spring 2011

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.