HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO Treadstone 71 www.treadstone71.com [email protected]
HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO.
Mar 26, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods)
Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVESM
Principal & CSO
Treadstone 71
www.treadstone71.com
Agenda
From Threat Agent to Safeguard The NSA IAM Method
Criticality of Information Matrix Systems Criticality Matrix
OCTAVESM Method Human Actors Using Network Access Threat Profile: System Problems Basic Risk Profile
Initial Findings Scorecards HIPAA & ISO17799 Roadmap Q&A
ThreatAgent
Threat
Vulnerability
Risk
Asset(ePHI)
Exposure
Safeguard
Gives rise to
Exploits
Leads to
Can damage
And causes an
Can be countermeasured by
Directly affects
Confidentiality Integrity Availability
Patient Records
Medical Staff Records
Employee Records
Vendor Contracts
Employee Health Records
Legal Files (lawsuit information)
Contracts w/Agency People
Meeting Minutes (Board)
Survey Reports (Joint Commission (Medicare/Medicaid)
Docs – Security Eng Tests & Inspections
Patient Accounts
Financial Audits
Planning Documents (Strategic/Master Facility Plan)
Payroll Records
Psych/Drug/Alcohol/HIV
Criticality of Information Matrix
H
M
MM
M
MM
M
M
M
H
H
H
H
H
H
H
HH
H
H
H
H
H
H
M
H
H
H
H
M
MM
M
MM
M
M
M
H
H
H
H
M M
National Security AgencyInformation Assurance Methodology
Related Documents
