Encryption – First line of defense Plamen Martinov Director of Systems and Security
0 likes | 133 Views
Encryption – First line of defense Plamen Martinov Director of Systems and Security. Agenda. Encryption basics Importance of encryption Encryption solutions Laptops/Desktops USB/CD Email/Cloud. What is Encryption?.
Encryption – First line of defense Plamen Martinov Director of Systems and Security
An Image/Link below is provided (as is) to download presentationDownload Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.Content is provided to you AS IS for your information and personal use only. Download presentation by click this link.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.During download, if you can't get a presentation, the file might be deleted by the publisher.
E N D
Presentation Transcript
Encryption – First line of defense Plamen Martinov Director of Systems and Security
What is Encryption? Encryption is a security process that scrambles information. It changes information from a readable form into something that can not be read unless you have the key. This: Encryption changes data into an unreadable format Becomes something like this: Rmvtu[yopm dhqht3w 3qtq isem ze mrxephlebl oermzq …so ONLY the person with the decryption key or password can read the information
Encryption vs. Passwords Having a password does not necessarily mean something is encrypted. Passwords by themselves do notscramblethe information. If something is only “password protected,”it is not enough protection - someone could bypass the password and read the information. Password Protected Encrypted Original
Why is Encryption Important? Encryption protects confidential information and helps keep it private! Laptops and USB devices can be easily lost or stolen Statistics show that as many as one in ten laptops will be stolen or lost from an organization over the lifetime of each computer
Why is Encryption Important? (Cont’d) HIPAA – Health Insurance Portability and Accountability Act to ensure confidentiality of patient health information Regulatory efforts impose stiffer fees and fines in the event that a breach occurs and steps are not taken to appropriately protect sensitive data Breach Notification Laws - require notification if information was not encrypted Encryption technologies can assist with ensuring the confidentiality of patient health information and also serve as a strong measure of protection against today’s commonly anticipated threats, such as unauthorized access, modification, and disclosure.
HIPAA Fines April, 2014 - OCR levies $2 million in HIPAA fines for stolen laptops: $1,725,220 against Concentra Health Services for an unencrypted laptop that had been stolen from one of Concentra Health Services facilities. $250,000 against QCA Health Plan, Inc. of Arkansas after an unencrypted laptop containing personal health information for 148 people was stolen from an employee's car.
What to Encrypt? High Risk Confidential Information: A person’s name or other identifier, in conjunction with: Personally-identifiable Medical Information Dates (birth date, admission date, discharge date, etc.) Social Security number Driver’s license State ID or Passport number Biometric information Medical Record # (MRN) Health Insurance # Other Confidential Information: Human Subjects information HR Records Credit Card Information Whatever you considers confidential
BSD Encryption Solutions
BSD Encryption Solutions (Cont’d)
Security – “Isn’t this just an I.T. Problem?” Good Security Standards follow the “90 / 10” Rule: 10% of security safeguards are technical 90% of security safeguards rely on the computer user (“YOU”) to adhere to good computing practices The lock on the door is the 10%. You remembering to lock, check to see if it is closed, ensuring others do not prop the door open, keeping control of keys is the 90%.
Resources & References Center for Research Informatics Cri.uchicago.edu BSD HIPAA Program Office Hipaa.bsd.uchicago.edu Apple Encryption – FileVault 2 http://support.apple.com/kb/ht4790 Windows Encryption - Bitlocker http://windows.microsoft.com/en-us/windows-vista/bitlocker-drive-encryption-overview Files/Volumes Encryption – Axcrypt http://www.axantum.com/axcrypt/ External Storage Encryption – Aegis Secure Storage http://www.apricorn.com/aegis-secure-key.html