SlideShare a Scribd company logo

Consumerization of IT: Mobile Infrastructure, Support and Security

Marie-Michelle Strah, PhD
Marie-Michelle Strah, PhD

Marie-Michelle Strah gave a presentation on managing and securing mobile devices in healthcare. She discussed building productivity while reducing risk through mobile device encryption, access control, and policy versus technical controls. Her presentation covered conceptualizing "mobile health" and applying governance, risk, and compliance frameworks to consumerization of IT. She provided best practices around security risk analysis, stakeholder involvement, and defining a minimum set of technical requirements for mobile devices in healthcare.

Technology
1 of 18
Download to read offline
Healthcare Information Transformation #HIT12 | 4/3/2012 | Jacksonville, FL Managing and Securing Mobile Devices Marie-Michelle Strah, PhD
Introductions Marie-Michelle Strah, PhD Federal Program Manager Applied Information Sciences Ideas @ AIS: http://ideas.appliedis.com/ michelle.strah@appliedis.com Twitter: @cyberslate Blog: http://lifeincapslock.com Linkedin: http://www.linkedin.com/in/drstrah
Workshop Goals • Building productivity • Reducing risk • Mobile device encryption • Access control • Policy vs. technical controls • MDM technologies – maturity? • Unexpected expenses of data protection Source: http://www.readwriteweb.com/enterprise/2011/03/consumerization-of- it-95-of-in.php
Agenda • Conceptualizing “mobile health” – business cases for IT infrastructure management • GRC – governance, risk and compliance in a CoIT framework • Best practices for CoIT in healthcare • Security Risk Analysis • PTA/PIA • Stakeholders • Policy vs. technical controls • Lessons learned | Considerations for the enterprise
Introduction: #mhealth Summit 2011 • Mobile is enabler… • Patients • Providers • “Wellness lifecycle” • Productivity • From “there’s an app for that” to enterprise information management lifecycle • Content delivery • Cloud and thin client Source: http://healthpopuli.com/2011/02/15/success-factor-for-mobile-health-mash-up- the-development-team/
Conceptualizing “mobile health”
The Ideal Employees Contractors Partners Need to know Need to manage InfoSec IT Ops Legal
The Reality Employees IT Ops Contractors Partners Manage Know InfoSec Legal
The Challenge • There is no endpoint • There is no perimeter • Users own the data Contractors Partners • No one owns the risk Employees • Security doesn’t have control • IT Ops own the databases • IT Ops own the servers • IT Ops own the apps InfoSec IT Ops Legal
GRC for Healthcare • Governance – organizational and IT • Risk – management and mitigation • Compliance – HITECH/Meaningful Use • BYOx/CoIT *must* be part of overall GRC strategy • Security Risk Analysis • PTA/PIA • Stakeholders – CPGs, workflow, training • Policy vs. technical controls
Enterprise Security Model 𝒙 𝒚 𝑺 = (𝑷 ∗ 𝑨 ) Information Security (Collaborative Model) Equals People (all actors and agents) Times Architecture (technical, physical and administrative)
Complexity = Higher Risks and Costs
Mobile Device Roundtable Washington, DC 3/16/2012 http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&objID=3816
Healthcare Information Transformation Master Data Enterprise Then… MDM2 MDM EIM Management Information Master Management Device Management Data- centric Device- model (or hardware) Reactive centric Posture model
Minimum Technical Requirements • Policy Encryption of Data at Rest • Wireless • Data segmentation (on premise, cloud, metadata) • Customer support (heterogeneity) Encryption of • Infection control Data in Motion • MSIRT • Vendor evaluation (the myth of the “HIPAA Good Housekeeping Seal”) Two Factor • Applications: APM and ALM Authentication • Infrastructure • Costs HIPAA Security Rule: Remote Use http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/remoteuse.pdf
Best Practices: Datacentric Model 1. This is NOT an IT problem 2. Privacy Impact Assessment: PHI, ePHI, PII (Compartmentalization and segregation) 3. Security Risk Analysis 4. MSIRT (policy and training) 5. Look to stakeholders for domain expertise in clinical workflows 6. Datacentricity: Use connected health framework reference (SOA) model 7. Governance, governance, governance
Lessons Learned: Risk-based Model 1. Define permissible mobile devices 2. Access control policies (time/geolocation) 3. Manage applications (third party tools/enterprise app store) 4. Integrate mobile devices onto network 5. Vendor evaluation 6. Costs Source: http://www.beckershospitalreview.com/healthcare-information-technology/4-best- practices-for-hospitals-managing-mobile-devices.html Finally… consider issuing agency or organization owned devices
THANK YOU! Marie-Michelle Strah, PhD Federal Program Manager Applied Information Sciences Ideas @ AIS: http://ideas.appliedis.com/ michelle.strah@appliedis.com Twitter: @cyberslate Blog: http://lifeincapslock.com Linkedin: http://www.linkedin.com/in/drstrah

Recommended

Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...
Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...
Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...mfrancis
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset SecurityMaganathin Veeraragaloo
 
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)Peter Tutty
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionGianmarco Ferri
 
Information security
Information securityInformation security
Information securitySanjay Tiwari
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
Dstca
DstcaDstca
Dstcaajay vj
 

Recommended

Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...
Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...
Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...mfrancis
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset SecurityMaganathin Veeraragaloo
 
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)Peter Tutty
 
Classification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionClassification-HowToBoostInformationProtection
Classification-HowToBoostInformationProtectionGianmarco Ferri
 
Information security
Information securityInformation security
Information securitySanjay Tiwari
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
Dstca
DstcaDstca
Dstcaajay vj
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsCillian Kieran
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...NextLabs, Inc.
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorCamilo Fandiño Gómez
 
Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC NextLabs, Inc.
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security NextLabs, Inc.
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Digital Guardian and CDM
Digital Guardian and CDMDigital Guardian and CDM
Digital Guardian and CDMGreg Cranley
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinalAlan Hartman
 
Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Arushi00
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2ShubhraGoyal4
 
Dlp Methodology
Dlp MethodologyDlp Methodology
Dlp Methodologytbeckwith
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset SecurityHamed Moghaddam
 
IT Asset Management by Miradore
IT Asset Management by MiradoreIT Asset Management by Miradore
IT Asset Management by MiradoreMiradore
 
Payment Card Industry Security Standards
Payment Card Industry Security StandardsPayment Card Industry Security Standards
Payment Card Industry Security StandardsAshintha Rukmal
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
Executive Summary_2016
Executive Summary_2016Executive Summary_2016
Executive Summary_2016Annie Cute
 
IT ASSET MANAGEMENT
IT ASSET MANAGEMENTIT ASSET MANAGEMENT
IT ASSET MANAGEMENTHabeeb Abdul Kader
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 

More Related Content

What's hot

Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsCillian Kieran
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...NextLabs, Inc.
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorCamilo Fandiño Gómez
 
Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC NextLabs, Inc.
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security NextLabs, Inc.
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Digital Guardian and CDM
Digital Guardian and CDMDigital Guardian and CDM
Digital Guardian and CDMGreg Cranley
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinalAlan Hartman
 
Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Arushi00
 
Dlp Methodology
Dlp MethodologyDlp Methodology
Dlp Methodologytbeckwith
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset SecurityHamed Moghaddam
 
IT Asset Management by Miradore
IT Asset Management by MiradoreIT Asset Management by Miradore
IT Asset Management by MiradoreMiradore
 
Payment Card Industry Security Standards
Payment Card Industry Security StandardsPayment Card Industry Security Standards
Payment Card Industry Security StandardsAshintha Rukmal
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
Executive Summary_2016
Executive Summary_2016Executive Summary_2016
Executive Summary_2016Annie Cute
 

What's hot (20)

Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity Monitor
 
Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Digital Guardian and CDM
Digital Guardian and CDMDigital Guardian and CDM
Digital Guardian and CDM
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinal
 
Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
 
Dlp Methodology
Dlp MethodologyDlp Methodology
Dlp Methodology
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset Security
 
IT Asset Management by Miradore
IT Asset Management by MiradoreIT Asset Management by Miradore
IT Asset Management by Miradore
 
Payment Card Industry Security Standards
Payment Card Industry Security StandardsPayment Card Industry Security Standards
Payment Card Industry Security Standards
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset Security
 
Executive Summary_2016
Executive Summary_2016Executive Summary_2016
Executive Summary_2016
 
IT ASSET MANAGEMENT
IT ASSET MANAGEMENTIT ASSET MANAGEMENT
IT ASSET MANAGEMENT
 

Similar to Consumerization of IT: Mobile Infrastructure, Support and Security

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0Fabrizio Cilli
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCDATAVERSITY
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)OnRamp
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityLenin Aboagye
 
Mobile device management v5
Mobile device management v5Mobile device management v5
Mobile device management v5RoyGerritse
 
The Bigger They Are The Harder They Fall
The Bigger They Are The Harder They FallThe Bigger They Are The Harder They Fall
The Bigger They Are The Harder They FallTrillium Software
 
Qualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life Connect 2013: 2net System Overview, Security and PrivacyQualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life Connect 2013: 2net System Overview, Security and PrivacyQualcomm Life
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)Danny Miller
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
DG_Architecture_Training.pptx
DG_Architecture_Training.pptxDG_Architecture_Training.pptx
DG_Architecture_Training.pptxTranVu383073
 

Similar to Consumerization of IT: Mobile Infrastructure, Support and Security (20)

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
 
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
ISACA GRC-CYBER CALL FOR PAPERS ABSTRACT v.3.0
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLC
 
InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Mobile application securitry risks ISACA Silicon Valley 2012
Mobile application securitry risks ISACA Silicon Valley 2012Mobile application securitry risks ISACA Silicon Valley 2012
Mobile application securitry risks ISACA Silicon Valley 2012
 
Mobile device management v5
Mobile device management v5Mobile device management v5
Mobile device management v5
 
The Bigger They Are The Harder They Fall
The Bigger They Are The Harder They FallThe Bigger They Are The Harder They Fall
The Bigger They Are The Harder They Fall
 
Qualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life Connect 2013: 2net System Overview, Security and PrivacyQualcomm Life Connect 2013: 2net System Overview, Security and Privacy
Qualcomm Life Connect 2013: 2net System Overview, Security and Privacy
 
Health IT and Information security by Manish Tiwari
Health IT and Information security by Manish TiwariHealth IT and Information security by Manish Tiwari
Health IT and Information security by Manish Tiwari
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
DG_Architecture_Training.pptx
DG_Architecture_Training.pptxDG_Architecture_Training.pptx
DG_Architecture_Training.pptx
 

More from Marie-Michelle Strah, PhD

Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Marie-Michelle Strah, PhD
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareMarie-Michelle Strah, PhD
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareMarie-Michelle Strah, PhD
 
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...Marie-Michelle Strah, PhD
 
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...Marie-Michelle Strah, PhD
 
Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011Marie-Michelle Strah, PhD
 
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2Marie-Michelle Strah, PhD
 
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...Marie-Michelle Strah, PhD
 
Best Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePointBest Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePointMarie-Michelle Strah, PhD
 
Best Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical CommandBest Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical CommandMarie-Michelle Strah, PhD
 
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...Marie-Michelle Strah, PhD
 
Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...Marie-Michelle Strah, PhD
 
Business Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare OutcomesBusiness Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare OutcomesMarie-Michelle Strah, PhD
 
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 UpdateTricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 UpdateMarie-Michelle Strah, PhD
 
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)Marie-Michelle Strah, PhD
 

More from Marie-Michelle Strah, PhD (17)

Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: Healthcare
 
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
 
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
 
Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011
 
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
 
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
 
Best Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePointBest Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePoint
 
Best Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical CommandBest Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical Command
 
Case Study for a SharePoint SDLC
Case Study for a SharePoint SDLCCase Study for a SharePoint SDLC
Case Study for a SharePoint SDLC
 
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
 
Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...
 
Business Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare OutcomesBusiness Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare Outcomes
 
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 UpdateTricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
 
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
 

Recently uploaded

IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Alison B. Lowndes
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...Elena Simperl
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 

Recently uploaded (20)

IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 

Consumerization of IT: Mobile Infrastructure, Support and Security

  • 1. Healthcare Information Transformation #HIT12 | 4/3/2012 | Jacksonville, FL Managing and Securing Mobile Devices Marie-Michelle Strah, PhD
  • 2. Introductions Marie-Michelle Strah, PhD Federal Program Manager Applied Information Sciences Ideas @ AIS: http://ideas.appliedis.com/ michelle.strah@appliedis.com Twitter: @cyberslate Blog: http://lifeincapslock.com Linkedin: http://www.linkedin.com/in/drstrah
  • 3. Workshop Goals • Building productivity • Reducing risk • Mobile device encryption • Access control • Policy vs. technical controls • MDM technologies – maturity? • Unexpected expenses of data protection Source: http://www.readwriteweb.com/enterprise/2011/03/consumerization-of- it-95-of-in.php
  • 4. Agenda • Conceptualizing “mobile health” – business cases for IT infrastructure management • GRC – governance, risk and compliance in a CoIT framework • Best practices for CoIT in healthcare • Security Risk Analysis • PTA/PIA • Stakeholders • Policy vs. technical controls • Lessons learned | Considerations for the enterprise
  • 5. Introduction: #mhealth Summit 2011 • Mobile is enabler… • Patients • Providers • “Wellness lifecycle” • Productivity • From “there’s an app for that” to enterprise information management lifecycle • Content delivery • Cloud and thin client Source: http://healthpopuli.com/2011/02/15/success-factor-for-mobile-health-mash-up- the-development-team/
  • 7. The Ideal Employees Contractors Partners Need to know Need to manage InfoSec IT Ops Legal
  • 8. The Reality Employees IT Ops Contractors Partners Manage Know InfoSec Legal
  • 9. The Challenge • There is no endpoint • There is no perimeter • Users own the data Contractors Partners • No one owns the risk Employees • Security doesn’t have control • IT Ops own the databases • IT Ops own the servers • IT Ops own the apps InfoSec IT Ops Legal
  • 10. GRC for Healthcare • Governance – organizational and IT • Risk – management and mitigation • Compliance – HITECH/Meaningful Use • BYOx/CoIT *must* be part of overall GRC strategy • Security Risk Analysis • PTA/PIA • Stakeholders – CPGs, workflow, training • Policy vs. technical controls
  • 11. Enterprise Security Model 𝒙 𝒚 𝑺 = (𝑷 ∗ 𝑨 ) Information Security (Collaborative Model) Equals People (all actors and agents) Times Architecture (technical, physical and administrative)
  • 12. Complexity = Higher Risks and Costs
  • 13. Mobile Device Roundtable Washington, DC 3/16/2012 http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&objID=3816
  • 14. Healthcare Information Transformation Master Data Enterprise Then… MDM2 MDM EIM Management Information Master Management Device Management Data- centric Device- model (or hardware) Reactive centric Posture model
  • 15. Minimum Technical Requirements • Policy Encryption of Data at Rest • Wireless • Data segmentation (on premise, cloud, metadata) • Customer support (heterogeneity) Encryption of • Infection control Data in Motion • MSIRT • Vendor evaluation (the myth of the “HIPAA Good Housekeeping Seal”) Two Factor • Applications: APM and ALM Authentication • Infrastructure • Costs HIPAA Security Rule: Remote Use http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/remoteuse.pdf
  • 16. Best Practices: Datacentric Model 1. This is NOT an IT problem 2. Privacy Impact Assessment: PHI, ePHI, PII (Compartmentalization and segregation) 3. Security Risk Analysis 4. MSIRT (policy and training) 5. Look to stakeholders for domain expertise in clinical workflows 6. Datacentricity: Use connected health framework reference (SOA) model 7. Governance, governance, governance
  • 17. Lessons Learned: Risk-based Model 1. Define permissible mobile devices 2. Access control policies (time/geolocation) 3. Manage applications (third party tools/enterprise app store) 4. Integrate mobile devices onto network 5. Vendor evaluation 6. Costs Source: http://www.beckershospitalreview.com/healthcare-information-technology/4-best- practices-for-hospitals-managing-mobile-devices.html Finally… consider issuing agency or organization owned devices
  • 18. THANK YOU! Marie-Michelle Strah, PhD Federal Program Manager Applied Information Sciences Ideas @ AIS: http://ideas.appliedis.com/ michelle.strah@appliedis.com Twitter: @cyberslate Blog: http://lifeincapslock.com Linkedin: http://www.linkedin.com/in/drstrah