Download
1 / 8
80 likes | 205 Views
A Privacy / Security Presentation For HealthTechNet. 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170 703-871-3973. The Management and Operational Perspective of Privacy and Security. Maria C. Horton, CISSP-ISSMP, IAM. July 21, 2006. About EmeSec (pronounced em-ēē-sek).
E N D
A Privacy / Security Presentation For HealthTechNet 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170 703-871-3973 The Management and Operational Perspective of Privacy and Security Maria C. Horton, CISSP-ISSMP, IAM July 21, 2006
About EmeSec (pronounced em-ēē-sek) • 8(a), Service Disabled Veteran, Woman Owned Business • Founded April 2003 • EmeSec specializes e-Security solutions IT policy and planning, Continuity of Operations, Incident Response, and Regulatory Compliance
Security in Large Organizations 1-2 yr phase Source: Meta Group, 2004
Drivers Government Regulatory Commercial Revenue Privacy Management Policy driven Procedurally oriented Operational Technically focused Location based Data Protection
Common Security Issues • Five Basic problem Areas • Inherent Security Defects • Misuse of Tools • Improper maintenance • Ineffective Security • Inadequate detection systems
Threat Response Activities • Annual Risk Assessment • Perimeter protections • Changing: wireless / virtual worlds • Automated configuration management • Access control • Role Based • Multi-factorial Authentication • Specialized security training
Continuous Monitoring Automated patching Network and server functionality Audit trail monitoring / alerts Trend analysis Incident Response Key Performance Indicators Up time Training Size does matter Monitoring and response are required Resources generally limited Money Personnel Innovation Critical to success Managing Vulnerabilities
Contact Us: 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170 703.871.3973 www.emesec.net 8(a), Service Disabled Veteran, Woman-owned, Small Business
