Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System 402.354.4894 Managed Information Security.

Similar presentations


Presentation on theme: "1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System 402.354.4894 Managed Information Security."— Presentation transcript:

1 1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Doug.Petry@nmhs.org 402.354.4894 Managed Information Security Architecture

2 2 Introduction to MISA The goal of the MISA model is to provide:  Tool to assess the security architecture  16 Areas of Security  Dashboard executive overview  Current state of security capabilities.

3 3 Introduction to MISA Additional tools were developed to :  Provide a method to identify /document the future state of our security capabilities.  Define efficient implementation approaches across the 16 security areas within the assessment tool.  Map and crosswalks to new and existing regulations to refine the architecture and align with organizational requirements.  Provide a metrics or baseline to enable us to modularize and focus on the levels of security capabilities / deficiencies.  Define efficient implementation approaches across the 16 security areas within the assessment tool.

4 4 Gap Analysis Model Web Servers ApplicationSystems e-Mail NetworkInfrastructure OperatingSystems Databases IntrusionDetection Firewalls Antivirus Educate Administer MonitorRespond Audit Documentation Policies and Procedures Essential and Best Practices Knowledge Gap Compliance Gap Technology Gap

5 5 Information Security Architecture What is ISA?  Way to bridge the gaps  Manage the processes  Alignment to business needs  Minimize risks without impeding the quality of care to the customer

6 6 ISA –vs.– Managed ISA (MISA) Managed ISA, or MISA, provides:  Ongoing review and quality assurance of an ISA with a metrics to track ISA capabilities from a current state to a future state  ISA provides system-based assessments -- MISA assesses the ISA methodologies

7 7 ISA –vs.– Managed ISA (MISA) ISA provides the framework within which our security program aligns with our business objectives and involves:  Organizational Infrastructure  Policies, Standards, and Procedures  Security Baselines and Assessments  Training and Awareness  Compliance MISA provides the managerial, operational, and technical controls necessary to help ensure security.

8 8 Managed ISA Manage Measure Document MISA ISA Most security architectures provide ample documentation on controls, policies, and procedures. In some case, metrics are identified for specific systems or capabilities. MISA manages and measures the security capabilities and the architecture.

9 9 MISA – Documentation Document Management Controls Operational Controls Technical Controls System Security Plan – NIST 800-18 Business Contingency Plan – NIST 800-34 Incident Response Capability – NIST 800-3

10 10 MISA – Measurement Measure Assessments Internal / External Audit Operational Metrics Security Metrics Guide – NIST 800-55 Security Self Assessment Guide – NIST 800-26 CSI – IPAK, NSA IAM, BS 7799, ISO 17799

11 11 MISA – Management Manage Review / Refine Certification Accreditation URAC BS 7799 / ISO 17799

12 12 MISA - Overview MISA requires you to :  Determine Security Capabilities  Determine Current State  Determine Future State  Develop Route Map to Future State  Identify Key Initiatives  Continuous Quality Improvement  Re-Assess Current State/Future State

13 13 Security Capability Identification

14 14 Security Capabilities C / A – Evaluation End User ControlsTraining / Awareness Integrity Controls Charter / Plan Contingency Controls Incident Response Physical / Environmental Encryption Network / Telecom Access Controls Audit Controls Sponsorship / Responsibility Information Mgmt Risk Management Documentation Strategic Tactical

15 15 Manage Measure Document MISA

16 16 Information Service Policy Structure Tier 3 Policy System Specific Tier 2 Policy Business Unit / Service Tier 1 Policy Corporate System Administrator HandbookRisk Management GuideSystem Security PlanSystem Continuity PlanSystem Incident Response Plan

17 17 MISA – Topology

18 18 Manage Measure Document MISA – Topology Foundations for Security Program The Documentation

19 19 MISA – Topology Security Capabilities The Measurement Manage Measure Document

20 20 Implementation Road Map

21 21 Capability Assessment Impact Analysis Risk Analysis

22 22 Security Capabilities

23 23 MISA – Topology Strategic Initiative Alignment The Management Manage Measure Document

24 24 MISA – Topology Quality Improvement The Refinement Manage Measure Document

25 25 Security Capabilities C / A – Evaluation End User ControlsTraining / Awareness Integrity Controls Charter / Plan Contingency Controls Incident Response Physical / Environmental Encryption Network / Telecom Access Controls Audit Controls Sponsorship / Responsibility Information Mgmt Risk Management Documentation Strategic Tactical Manage Measure Document

26 26 Benefit Summary The Bottom Line = MISA provides:  A structured approach to a security architecture and  Consistent tools/methods encourages collaboration and vendor leverage resulting in increased security awareness!


Download ppt "1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System 402.354.4894 Managed Information Security."

Similar presentations


Ads by Google