Configuring Electronic Health Records Privacy and Security in the US Lecture f This material (Comp11_Unit7f) was developed by Oregon Health & Science University,

Slides:



Advertisements
Similar presentations
CERN – European Organization for Nuclear Research GS Department – Administrative Information Services Secure software development for the World Wide Web.
Advertisements

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
CERN – European Organization for Nuclear Research GS Department – Administrative Information Services Secure software development for the World Wide Web.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Geneva, Switzerland, September 2014 ITU-T CYBEX standards for cybersecurity and data protection Youki Kadobayashi, NICT Japan Rapporteur, ITU-T Q.4/17.
Chapter 4 Application Security Knowledge and Test Prep
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.
Quiz Review.
Chapter Nine Maintaining a Computer Part III: Malware.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 1 This material was developed by Oregon Health & Science University,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Secure Software Development Mini Zeng University of Alabama in Huntsville 1.
Securing Information Systems
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Data Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
Life in a Dangerous World: Developing effective strategies against Virus, Worms and Other Threats Marshall Breeding Vanderbilt University
Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Security Management prepared by Dean Hipwell, CISSP
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Name: Perpetual Ifeanyi Onyia Topic: Virus, Worms, & Trojan Horses.
1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Small Business Security Keith Slagle April 24, 2007.
Computer Skills and Applications Computer Security.
Chapter 1 The Software Security Problem. Goals of this course Become aware of common pitfalls. Static Analysis and tools.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
W elcome to our Presentation. Presentation Topic Virus.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
SANS Top 25 Most Dangerous Programming Errors Catagory 1: Insecure Interaction Between Components These weaknesses are related to insecure ways.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
 Mal icious soft ware  Programs that violate one (or more) of the IA pillars  Does not (generally) refer to unintentional program bugs that violate.
Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.
ITU-T CYBEX standards for cybersecurity information dissemination and exchange Youki Kadobayashi, Ph.D. NICT Japan / Rapporteur, ITU-T SG17 Q.4 ITU-T SG17.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Chapter 40 Internet Security.
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Chapter 7: Identifying Advanced Attacks
Chapter 17 Risks, Security and Disaster Recovery
Information Security Awareness
CS2S562 Secure Software Development
Security.
Operating System Concepts
Test 3 review FTP & Cybersecurity
Presentation transcript:

Configuring Electronic Health Records Privacy and Security in the US Lecture f This material (Comp11_Unit7f) was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC000015

Privacy and Security in the US Learning Objectives Compare and contrast the concepts of privacy and security (Lecture a) List the regulatory frameworks for an EHR (Lecture b, c) Describe the concepts and requirements for risk management (Lecture d) Describe authentication, authorization and accounting (Lecture d) Describe passwords and multi-factor authentication and their associated issues (Lecture d) Describe issues with portable devices (Lecture d) Describe elements of disaster preparedness and disaster recovery (Lecture e) Describe issues of physical security (Lecture e) Describe malware concepts (Lecture f) 2 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Viruses Oldest and simple concept: unwanted program that executes when the host program executes Copies itself to media 3 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Virus Types File Boot sector Macro Multi-variant RFID (theoretical) 4 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Worms Self-replicating program that copies itself to other computers across a network LAN or Intranet Web or Internet IM IRC P2P 5 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Trojans Destructive program that appears to be a other than what it is From the Greek myth of the wooden horse brought into the city as a trophy – filled with warriors Brought in by the user... Backdoor trojan Data collecting Downloader or dropper 6 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Botnets Coordinated attack using infected systems Stages: –Creation –Configuration –Infection –Control Used for: –DDoS –Spam & spreading malware –Information leakage –Click fraud –Identify fraud 7 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Zero-Day Malware What to do about a new threat? Zero-day malware is not detected by existing anti-virus May be based on zero-day exploits – newly discovered vulnerabilities Are signatures enough? 8 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Rogueware Attempts to defraud users by requesting payment to remove non-existent threats Indications: –Fake pop-up warnings –Appear similar to real antivirus –Quick scan –May identify different files on each pass Highly lucrative Like a virus, hard to remove 9 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

What to Do? Resource: Malware Threats and Mitigation Strategies by US-CERT Enclave boundary –Firewalls –IDS Computing environment –Authorized local network devices –O/S patching/updating –O/S hardening –Anti-virus updating –Change control process –Host-based firewall –Vulnerability scanning –Proxy servers and web content filters – attachment filtering –Monitor logs What to do when compromised –If, not when 10 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Why Viruses Exist Software engineering limitations Bugs 11 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

2011 Top 25 Mistakes Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Missing Authentication for Critical Function Missing Authorization Use of Hard-coded Credentials Missing Encryption of Sensitive Data Unrestricted Upload of File with Dangerous Type Reliance on Untrusted Inputs in a Security Decision Execution with Unnecessary Privileges Cross-Site Request Forgery (CSRF) 12 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

2011 Top 25 Mistakes (continued) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Download of Code Without Integrity Check Incorrect Authorization Inclusion of Functionality from Untrusted Control Sphere Incorrect Permission Assignment for Critical Resource Use of Potentially Dangerous Function Use of a Broken or Risky Cryptographic Algorithm Incorrect Calculation of Buffer Size Improper Restriction of Excessive Authentication Attempts URL Redirection to Untrusted Site ('Open Redirect') Uncontrolled Format String Integer Overflow or Wraparound Use of a One-Way Hash without a Salt 13 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Detection and Prevention Automated tools Policies and procedures Knowledgeable implementation staff 14 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Privacy and Security in the US Summary – Lecture f Malware Software design issues 15 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Privacy and Security in the US Summary Concepts of privacy and security Regulatory framework Risk assessment Portable devices System access Security awareness training Incident response and disaster recovery Physical security Malware and software design issues 16 Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Privacy and Security in the US References – Lecture f References Christey, S. (2011) CWE/SANS Top 25 Most Dangerous Software Errors, from U.S. Computer Emergency Readiness Team. (2005). Malware Threats and Mitigation Strategies, from Health IT Workforce Curriculum Version 3.0/Spring 2012 Configuring Electronic Health Records Privacy and Security in the US Lecture f

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.