Security Risk Assessment Cookbook: Incorporating Security in HL7 Standards

1. Security Risk Assessment Cookbook:Incorporating Security in HL7 Standards HL7 Security Working Group John Moehrke Diana Proud-Madruga

2. Agenda • Introduce the Security Risk Assessment Cookbook Process • Break • Apply the Process to Student Provided Sample Standard • Wrap up and Questions

3. Objectives You will be able to answer: • What is a security risk? • What are the steps needed to complete a security risk assessment for a standard? • How to identify security and privacy gaps in a standard’s baseline. • What is the role of the Security Working Group in the security risk assessment process?

4. Introduction Within Healthcare today there is an increase in: • Sharing of patient data • Moving patient information among systems. Therefore: • HL7 domain committees and working groups need to publish standards with privacy and security considerations in order to protect our patients.

5. The Value of the HL7 Risk Assessment Cookbook • HL7 Standards incorporate security and privacy issue from the start. • Supports patient safety and improved patient outcomes • Facilitates the identification of security and privacy gaps • Encourages collaboration between the HL7 Security Working Group and other HL7 Working Groups

6. What is a Security Risk? Risk is “The potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization.”(ISO/IEC PDTR 13335-1) • To quantify risk, experts use the calculation of level of threat (probability of event) to the level of vulnerability, often stated as: • Threat x Vulnerability = Risk. • Point A: A significant vulnerability with little or no threat = low to medium risk. • Point B: A high threat with little or no vulnerabilities tied to the threat = Low to medium risk. • Point C: A high threat with a credible vulnerability = high risk. HIGH

7. Risk Scenario • In this scenario: • The vulnerability is the hole in the roof • The threat is the rain cloud • Rain could exploit the vulnerability The risk is that the building and equipment in the building could be damaged as long as the vulnerability exists and there is a likely chance that rain will fall.

8. Questions? • What is a security risk? • Review the relationship between vulnerabilities, threats and risks • Start thinking about and recording health risk scenarios

9. Risk Assessment Five Stages of the HL7 Risk Assessment Process

10. Risk Assessment and Management

11. Stage 1 – Identify Step 1 - Define Scope • Describe standard being assessed • Establish assumptions to be used • Content (asset) • Messaging • Transport • Existing security controls • Physical/Technical environment

12. Stage 1 – Identify Step 1 Example:

13. Stage 1 – Identify Step 2 - Identify Threat Scenarios/Type of Impact • What are the various scenarios that could lead to an adverse event? • Express the scenario as a short story • Who? • What are they doing? • How are they doing it? (What are they using?) • What is their goal? • What are the consequences (type of impact)?

14. Brainstorm Risk Scenarios

15. Stage 2 - Analyze Step 1 – Assess Likelihood of Occurrence

16. Step 2 – Assess Level of Impact 16

17. Stage 2 - Analyze Step 3 – Prioritize using Likelihood of Occurrence and Level of Impact Sample Risk Map (Source: SSHA)

18. Assessment of Risks • Complete the Analysis stage for your own standard. • Example:

19. Stage 3 - Plan • Risks with a priority rating of 3 – 5 must be mitigated to: • Lower level of Impact • Lower probability of occurrence • Both

20. Stage 3 – Plan 5 Mitigation Strategies: • Accept • Transfer to • Mitigate • Avoid • Assign (Defer) Example: Car insurance with a high deductible is an example of partial transference and partial acceptance. In the case of an accident, expenses below the $1000 deductible need to be accepted. Any expenses above $1000 are covered by insurance, thus the risk is transferred to the insurance company. An example of mitigation would be performing regular car maintenance to reduce the risk of having an accident that is caused by mechanical failure.

21. Risk Management Complete the Management of risks section of the Risk Assessment and Mitigation Table.

22. Stage 4 - Track • Review Security Risk Assessment for HL7 Standards document: • When the standard is updated • Concerns are voiced • Technology changes • To determine impact of mitigation strategies • Use Comments section to record effect of mitigation strategy • Extend Management of Risks section as needed.

23. Stage 5 - Document • Place a “Security Considerations” section in the standard • Description of scope and assumptions • Description of mandatory/optional mitigations • Description of unmitigated risks for implementers to know about • Keep Security Risk Assessment for HL7 Standards document in committee knowledgebase

24. Questions? • What are the steps needed to complete a security risk assessment for a standard? • What tools are available to help you identify security and privacy gaps in a standard’s baseline?

25. The Role of the HL7 Security WG • Communication is at the center of the HL7 Risk Assessment Process • HL7 Security Working Group: • Provides training on the HL7 Risk Assessment process • Gives direct assistance to WGs during the risk assessment process

26. Resources Wiki Site: “Cookbook for Security Considerations” • http://wiki.hl7.org/index.php?title=Cookbook_for_Security_Considerations • HL7 gForge folder with other resources • Tutorial Presentation on the Security Risk Assessment Cookbook • Formal Security Cookbook Paper • Template Spreadsheet for Risk Assessment • IHE Equivalent Process Do NOT use this tool  :-)

27. Conclusion • Incorporating risk assessment in standards will: • Help HL7 organizations when planning and implementing standards • Add value to decision-making and business processes • Require up front investment of time and resources • The HL7 Security Risk Assessment Cookbook will facilitate that process