Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber-Security for Healthcare

Published byCharity Curtis Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber-Security for Healthcare"— Presentation transcript:

1 Cyber-Security for Healthcare
Jim Rice Director, Security Consulting During this presentation, we will review the Security Consulting services offered to Sirius clients

2 Professional Profile: Dr. Jim Rice
Jim Rice is a Director of Security Consulting Services for Sirius Computer Solutions. After joining Sirius in 2000, he has worked with clients in a wide variety of industries - including healthcare, financial services, government, manufacturing, and insurance; addressing a wide variety of IT optimization, availability, recoverability, security, regulatory response, IT service deployment, and IT service governance challenges. He has been responsible for building Consulting, Enterprise Architecture, and Security Consulting capabilities ensuring client solutions are optimized for business. Jim holds degrees in electrical engineering, business information systems, an MAPM, and an MBA. Jim holds a doctorate in organizational leadership and information systems technologies. His dissertation examined the correlation between IT governance maturity and patient care costs in United States healthcare systems. Jim is ITIL v2 and v3 certified. He holds an IBM healthcare industry masters certification. He was a member of the ISO/IEC JTC 1, WG6 focusing on IT service governance standards. Jim is a Research Fellow for the Center for Global Business Research and mentors doctoral students in the University of Phoenix, School of Advanced Studies. Jim is also on the board of directors for the Minnesota chapter of HIMSS. (m) (w) Hello. My name is Jim Rice. I am the director of the IT consulting team that delivers security solutions services to our clients. I have had the privilege of working with the IT consulting team for more than 13 years. During my tenure, it has been my pleasure to work with some of the best and most talented business and technology consultants in the industry. The IT consulting team brings to Sirius clients, in a wide variety of industries, decades of business process and industry specific information technology experience. Our services help Sirius client to optimize financial performance, improve availability, enhance resilience, and meet the security needs of their organization by delivering IT solution consulting services that meets their business needs.

3 Sirius Healthcare Consulting Format & Rules of the Road
Facilitated Discussion Summary Finding Provided Following Workshop Sirius offers our clients a comprehensive collection of security solutions. The three types of security services we offer are Standard Security Framework Assessments, Regulatory and Compliance assessments, and Remediation Activities Standard Security Framework Assessments examine the security standards that establish the frameworks within which businesses govern their information assets. Client who have experienced changes in leadership or business structure – such changes resulting from mergers or acquisitions – often result in the need for a Sirius client to assess their security posture. Regulatory and Compliance assessments (our most common consulting assessment). Helps clients ensure that their businesses operate within well-defined regulatory controls. For example, health care must comply with HIPAA/HITECH controls, while retail businesses must meet PCI standards. Whatever the industry, organizations need to periodically ensure that their business is compliant with the appropriate regulations. Sirius has the ability to internally or with certified partners, assess the compliance of our client’s business and recommend products and solutions to close identified gaps. Remediation Activities result when gaps in security posture are identified. In response to security standards or compliance needs, Sirius clients often need to improve their security posture. Sirius is uniquely qualified to offer technical architecture reviews, vulnerability scans, and offer security products from our brands and partners to improve the security of our client business.

4 Healthcare Consulting Building a Program
Activities Current State Analysis Policies, Practice, Controls, Audit Future State Planning Business Alignment, Goals, Priorities GAP Analysis People Skills & Capacity Governance Process Technology Sirius offers our clients a comprehensive collection of security solutions. The three types of security services we offer are Standard Security Framework Assessments, Regulatory and Compliance assessments, and Remediation Activities Standard Security Framework Assessments examine the security standards that establish the frameworks within which businesses govern their information assets. Client who have experienced changes in leadership or business structure – such changes resulting from mergers or acquisitions – often result in the need for a Sirius client to assess their security posture. Regulatory and Compliance assessments (our most common consulting assessment). Helps clients ensure that their businesses operate within well-defined regulatory controls. For example, health care must comply with HIPAA/HITECH controls, while retail businesses must meet PCI standards. Whatever the industry, organizations need to periodically ensure that their business is compliant with the appropriate regulations. Sirius has the ability to internally or with certified partners, assess the compliance of our client’s business and recommend products and solutions to close identified gaps. Remediation Activities result when gaps in security posture are identified. In response to security standards or compliance needs, Sirius clients often need to improve their security posture. Sirius is uniquely qualified to offer technical architecture reviews, vulnerability scans, and offer security products from our brands and partners to improve the security of our client business. Rowe, B. R., & Pokryshevskiy, I. D. (2013, February). Economic analysis of an inadequate cyber-security technical infrastructure. Nation Institute of Standards and Technology. Retrieved from

5 Healthcare Consulting 2017 Outlook
Security in Healthcare equals Reputation Rapidly evolving regulatory environment creates business risk Significant M&A results in inconsistent security controls Nature of information increases its value to identity thieves Malicious modification of medical data results in patient risk – health & safety Privacy Safety Reputation Compliance Sirius offers our clients a comprehensive collection of security solutions. The three types of security services we offer are Standard Security Framework Assessments, Regulatory and Compliance assessments, and Remediation Activities Standard Security Framework Assessments examine the security standards that establish the frameworks within which businesses govern their information assets. Client who have experienced changes in leadership or business structure – such changes resulting from mergers or acquisitions – often result in the need for a Sirius client to assess their security posture. Regulatory and Compliance assessments (our most common consulting assessment). Helps clients ensure that their businesses operate within well-defined regulatory controls. For example, health care must comply with HIPAA/HITECH controls, while retail businesses must meet PCI standards. Whatever the industry, organizations need to periodically ensure that their business is compliant with the appropriate regulations. Sirius has the ability to internally or with certified partners, assess the compliance of our client’s business and recommend products and solutions to close identified gaps. Remediation Activities result when gaps in security posture are identified. In response to security standards or compliance needs, Sirius clients often need to improve their security posture. Sirius is uniquely qualified to offer technical architecture reviews, vulnerability scans, and offer security products from our brands and partners to improve the security of our client business.

6 Healthcare Security Security Architecture Review (SAR)
A Security Architecture Review is a client collaboration to learn about and prioritize gaps and value opportunities in the security environment Healthcare Client Security Posture Reviews the depth and breadth of the client security capabilities with client security team Delivers a color coded gap analysis of the client capability Executive prioritize gaps in the security framework and identify industry best practices for remediation Security touches every aspect of our client’s business For our brands, leads for products and services uncovered during security assessments - are often motivated by regulatory compliance. As a result, these leads have shorter sales cycles and may have fewer budget constraints and experience shorter sales cycles. As this diagram illustrate, security touches every aspect of our client’s information services. Every technology brand in Sirius – software, servers, network, and storage – have offers that may improve the security posture or satisfy regulatory requirements for our clients. All we need to do is help our client identify the need and close the security gap.

7 Sirius Security Consulting Services Framework
Security Architecture Review Consulting (SAR – Identify and Prioritize Client Security Gaps) Technical Architecture Review, Remediation, and Oversight Consulting IT Service Security Roadmap Consulting (Data Classification, Review Application Configuration, & Perform Code Review) External Vulnerability Assessment Service (External Scan, Report, Recommendation) Internal Vulnerability Assessment Service (Internal Scan, Report, Recommendation) Security Risk Remediation Services (Security Technologies, Products, & Product Affinity Services) Penetration Testing Services Security and Policy Awareness Consulting (Educate stakeholders about business protection policies and processes) Security & Risk Governance Consulting (Policies, Roles and Decision Making Processes) (ISO27001, ISO38550, NIST, FISMA, ITIL, Calder-Moir, COBIT Regulatory Compliance Assessment & Audit Services (Assessment & Audit Services for Compliance with Industry Controls) (HIPAA/HITECH, SOX, HITRUST, PCI, TAC202) Vendor & Partner Risk Assessment Service (Vender Management and Due Diligence) Managed Security Services (Monitor Network Devices and Network Traffic, Identify Events, & Escalate Incidents) (Sirius Managed Services) Security Incident Response, Forensics and Remediation Services (Respond Exploitation, Root Cause Analysis, & Legal Expert Services) (Sirius Security Services) Security means many things to many people. As any Certified Information Systems Security Professional (CISSP) will tell you they’re all probably right. Security is a broad topic with many important elements. All of which are important to developing a security posture that protects the business-critical assets but doesn’t hinder the creation of business value. When planning a comprehensive security program for business, Sirius clients have many things to consider in a comprehensive security program. For each element of the program, Sirius will review the specific client business needs, describe the Sirius Security Solution offerings (products and services) designed to meet the need, and highlight the client value at each step.

8 Sirius Healthcare Consulting 2017 Outlook
Its All About the Data Medical Data Analytics is Driving Aggregation (MDM) Significant Biometric Data Collection is Increasing the Volume of Information and Opportunity for Corruption (IoT) Data Privacy Stewardship is the focus of legislation and regulation Sirius offers our clients a comprehensive collection of security solutions. The three types of security services we offer are Standard Security Framework Assessments, Regulatory and Compliance assessments, and Remediation Activities Standard Security Framework Assessments examine the security standards that establish the frameworks within which businesses govern their information assets. Client who have experienced changes in leadership or business structure – such changes resulting from mergers or acquisitions – often result in the need for a Sirius client to assess their security posture. Regulatory and Compliance assessments (our most common consulting assessment). Helps clients ensure that their businesses operate within well-defined regulatory controls. For example, health care must comply with HIPAA/HITECH controls, while retail businesses must meet PCI standards. Whatever the industry, organizations need to periodically ensure that their business is compliant with the appropriate regulations. Sirius has the ability to internally or with certified partners, assess the compliance of our client’s business and recommend products and solutions to close identified gaps. Remediation Activities result when gaps in security posture are identified. In response to security standards or compliance needs, Sirius clients often need to improve their security posture. Sirius is uniquely qualified to offer technical architecture reviews, vulnerability scans, and offer security products from our brands and partners to improve the security of our client business.

9 Sirius Healthcare Consulting 2017 Outlook
2017 Threats are evolving Social Hacking is resulting in more focus on identity and authorization management and security awareness programs Data Theft by Professional Hackers is is driving a focus on end-point protection and encryption Malicious Data Modification threat is increasing because of biometric data collection (IoT) and is driving a focus on network security and threat analytics Data Ransom as a Service is returning data protection to its roots and increasing the use of ”air-gap” backup methods Sirius offers our clients a comprehensive collection of security solutions. The three types of security services we offer are Standard Security Framework Assessments, Regulatory and Compliance assessments, and Remediation Activities Standard Security Framework Assessments examine the security standards that establish the frameworks within which businesses govern their information assets. Client who have experienced changes in leadership or business structure – such changes resulting from mergers or acquisitions – often result in the need for a Sirius client to assess their security posture. Regulatory and Compliance assessments (our most common consulting assessment). Helps clients ensure that their businesses operate within well-defined regulatory controls. For example, health care must comply with HIPAA/HITECH controls, while retail businesses must meet PCI standards. Whatever the industry, organizations need to periodically ensure that their business is compliant with the appropriate regulations. Sirius has the ability to internally or with certified partners, assess the compliance of our client’s business and recommend products and solutions to close identified gaps. Remediation Activities result when gaps in security posture are identified. In response to security standards or compliance needs, Sirius clients often need to improve their security posture. Sirius is uniquely qualified to offer technical architecture reviews, vulnerability scans, and offer security products from our brands and partners to improve the security of our client business.

10 Sirius Security Consulting Security Roadmap Consulting
Extended Analysis & Planning Collects internal and external security posture details through interviews and automated tools. Evaluates security and compliance of environment against established security controls, such as HIPAA/HITECH, MU, PCI, NIST, FISMA, and ISO. Produce a specific and actionable roadmap to remediate identified compliance gaps and security vulnerabilities Designed for clients who need to address audit findings, support executive initiatives, support M&A activity, plan for post incident remediation, enable contractual commitments, and support brand reputation efforts. Security touches every aspect of our client’s business For our brands, leads for products and services uncovered during security assessments - are often motivated by regulatory compliance. As a result, these leads have shorter sales cycles and may have fewer budget constraints and experience shorter sales cycles. As this diagram illustrate, security touches every aspect of our client’s information services. Every technology brand in Sirius – software, servers, network, and storage – have offers that may improve the security posture or satisfy regulatory requirements for our clients. All we need to do is help our client identify the need and close the security gap.

11 Thank you for taking a few moments to learn about Sirius Security Solutions.

12 Sirius Security Consulting Security Consulting Resources
More Information: Sirius Security & Compliance

Download ppt "Cyber-Security for Healthcare"

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
ISS IT Assessment Framework

ISS IT Assessment Framework
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Privileged and Confidential Strategic Approach to Asset Management Presented to October 2004 2004 Urban Water Council Regional Seminar.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Vulnerability Management Dimension Data – Tom Gilis 24 November 2011.

Vulnerability Management Dimension Data – Tom Gilis 24 November 2011.
Consultancy.

Consultancy.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Continual Service Improvement Process

Continual Service Improvement Process
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Similar presentations

Ads by Google