Cyber Security presentation given by Luke Schneider, Chief Executive Officer of Medicine Bow Technologies at the 2016 Wyoming Hospital Association Annual Conference
Doug Copley presented on cybersecurity challenges in healthcare including threats, trends in healthcare, practical steps and building security without boundaries.
This presentation delves into the many cybersecurty risks that plague the healthcare industry and how these risks can be mitigated with the help of security solutions that Seqrite offers.
DR. STEVEN GORIAH,
Vice President of Information Technology & CISO
Westchester Medical Center Health Network
The U.S Healthcare system is seeing a
staggering amount of security breaches each
year. In this session, you’ll learn about the role
of a cybersecurity framework, best practices in
choosing a framework, and which framework
best fits your organization and why. Dr. Goriah
will also speak on implementation, roles and
responsibilities and why it's essential to create
a culture of privacy and security
Presented at the Health Informatics and Health Information Technology Course, Doctor of Philosophy and Master of Science Programs in Data Science for Health Care (International Program), Faculty of Medicine Ramathibodi Hospital, Mahidol University on October 17, 2017
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
▪ “AI techniques in cyber-security applications”. Invited speech at “Sunetdagarna våren 2019” (conference of the association of Swedish universities), April 1-4 2019, Växjö, Sweden.
Doug Copley presented on cybersecurity challenges in healthcare including threats, trends in healthcare, practical steps and building security without boundaries.
This presentation delves into the many cybersecurty risks that plague the healthcare industry and how these risks can be mitigated with the help of security solutions that Seqrite offers.
DR. STEVEN GORIAH,
Vice President of Information Technology & CISO
Westchester Medical Center Health Network
The U.S Healthcare system is seeing a
staggering amount of security breaches each
year. In this session, you’ll learn about the role
of a cybersecurity framework, best practices in
choosing a framework, and which framework
best fits your organization and why. Dr. Goriah
will also speak on implementation, roles and
responsibilities and why it's essential to create
a culture of privacy and security
Presented at the Health Informatics and Health Information Technology Course, Doctor of Philosophy and Master of Science Programs in Data Science for Health Care (International Program), Faculty of Medicine Ramathibodi Hospital, Mahidol University on October 17, 2017
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
▪ “AI techniques in cyber-security applications”. Invited speech at “Sunetdagarna våren 2019” (conference of the association of Swedish universities), April 1-4 2019, Växjö, Sweden.
Its is project based on one of the most interesting and wide topic of Computer Science, named Cyber Security
CONTENT :
1. What is Cyber Security
2. Why Cyber Security is Important
3. Brief History
4. Security Timeline
5. Architecture
6. Cyber Attack Methods
7. Technology for Cyber Secuirty
8. Development in Cyber Security
9. Future Trend in Cyber Security
Information Security Awareness
Tips to improve infosec awareness in any organization
To learn more visit http://www.SnapComms.com/solutions/employee-security-awareness
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
In this presentation we have covered the topic Data Security from the subject of Information Security. Where Data, Data Security, Security, Security Policy, Tools to secure data, Security Overview (Availability, Integrity, Authenticity, Confidentiality), Some myths and Dimensions of System Security and Security Issues are discussed.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
Its is project based on one of the most interesting and wide topic of Computer Science, named Cyber Security
CONTENT :
1. What is Cyber Security
2. Why Cyber Security is Important
3. Brief History
4. Security Timeline
5. Architecture
6. Cyber Attack Methods
7. Technology for Cyber Secuirty
8. Development in Cyber Security
9. Future Trend in Cyber Security
Information Security Awareness
Tips to improve infosec awareness in any organization
To learn more visit http://www.SnapComms.com/solutions/employee-security-awareness
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
In this presentation we have covered the topic Data Security from the subject of Information Security. Where Data, Data Security, Security, Security Policy, Tools to secure data, Security Overview (Availability, Integrity, Authenticity, Confidentiality), Some myths and Dimensions of System Security and Security Issues are discussed.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
Cyber Security and the Impact on your BusinessLucy Denver
With cyber scams costing UK businesses an estimated £4.14bn* in lost data, reputational damage and online theft every year, Cyber Security is rapidly climbing the priority list of directors across the UK. This presentation will help you to:
- spot the most common cyber attacks, defend your business and protect your critical data if the worst does happen;
- understand the impact of GDPR on your business and how to protect yourself against expensive data losses.
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
This White Paper looks the higher impact (and therefore riskier) attacks on cyber-physical systems in critical infrastructure control networks and propose protection by making some changes on organizations structures and procedures and new technologies of intrusion detection based on analysis behavior of control protocols and correlation of operational events.
Global Cyber Security trend & impact of Internet on the society of Bangladesh...Fakrul Alam
The internet has, in the mere space of a decade, completely revolutionized the way things are done in Bangladesh. Everything from making friends, shopping, learning and even starting and promoting businesses has experienced paradigm shifts due to the internet. But, despite the allures of connectivity. There are also dangers as well.
This event will focus on cyber security and how to keep privileged data safe from unwanted observation. The event will also talk about how society has changed, both good and bad, and how we can use this opportunity to drive more meaningful growth.
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...SurfWatch Labs
Credit Unions have to deal with the same cybercrime-related issues as large banks, but they often have less resources to address those risks. Cyber risk intelligence can help to make sure they use those limited resources wisely.
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...SurfWatch Labs
By using Cyber Threat Intelligence, organizations can understand what specific threats they face and use these insights to drive the most effective defense.
Create a Safer Learning Environment with Absolute Safe SchoolsAbsolute
Educational organizations are embracing mobile devices to provide a more flexible approach to classroom learning. Laptops and tablets are enhancing the learning experience by motivating students, providing a wealth of instant information, and eliminating costly textbooks that date quickly. But along with the benefits of mobile devices comes the associated risks. Device theft is on the rise and some students are becoming targets of crime.
SANS Report: The State of Security in Control Systems TodaySurfWatch Labs
SANS conducted a survey of more than 300 ICS professionals and this presentation shares key highlights from the findings to give you insights on the cybersecurity challenges facing your peers and the approaches used to reduce cyber risks.
Guest lecture on web application security, presented to students at the Indianapolis campus of The Iron Yard on November 9, 2016. This presentation was a basic overview/introduction to security, discussed the CIA Triad, why security is difficult, what happens if we don't do security right, what developers can do to enhance security, and included a brief overview of the OWASP Top Ten.
Join Kaseya and guest cybersecurity expert from Kaspersky, Cynthia James, to hear how companies like Target, eBay, and Home Depot are losing data, and how you can protect your company from suffering the same fate.
• The latest cybersecurity threats and vectors putting organizations at risk
• How your organization can avoid falling victim to a data breach
• Additional strategies to secure your organization and its data
Learn what cyber security means for your law firm, your employees, and your bottom line. This presentation will provide a snapshot of the IT Security threats facing law firms today, as well as the knowledge and tools you can use to prevent them.
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
With 2015 cybersecurity themes and realities nearly in the rearview mirror, “Cybersecurity – Securing your 2016 Audit Plan” will shift our outlook to looking forward into what cybersecurity predictions are being made for 2016, and what key topics and themes will drive 2016 audit planning in the cybersecurity area.
Cyber Attacks aren't going away - including Cyber Security in your risk strategyJames Mulhern
There's a data explosion underway and it's a lucrative market for cyber criminals. Charities with their complex contexts and valuable data are an obvious target and so it's essential Cyber threats are addressed in Charities' risk strategies.
This presentation set outs the current situation, what the potential consequences are and who could be impacted before explaining what can be done about it and how to approach the challenge.
Presentation to representatives from the UK Charities sector at the Charity Finance Group's annual IT, Data, Insights and Cyber Security Conference.
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
A presentation delivered at the 2014 meeting of the Municipal Information Systems Association of California. Includes suggestions for security awareness programs.
The Presentation is about the Basic Introduction to Cybersecurity that talks about introduction and what is security means. Also the presentation talks about CIA Triad i.e confidentiality, integrity and availability
How do we separate hype from useful information in Cyber Security? As Congress is debating a National privacy law, and several states have privacy and breach reporting laws, how will that impact our workload? Privacy starts with good cyber-hygiene. We will look at how we can leverage the focus on Privacy to address standards for:
Firewall and network Configs,
Cloud security
Protocols and ports that need attention
Authentication best practices
Server and network rights
Password rules
How US Cybersecurity Executive Order Impacts IBM i Customers Precisely
Increasing threats from ransomware and geo-political threats of cyber warfare mean these are challenging times for those responsible for IT security. Earlier this year, US President Joe Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act. In addition, the White House recommended companies execute multiple strategies to protect critical services and systems in a statement titled “Act Now to Protect Against Potential Cyberattacks." Many of these recommendations are particularly relevant to the IBM i community. There are specific recommendations in security tools, response strategies, and preventive measures all IBM i companies should be implementing.
Watch this on-demand webinar to learn about:
• Specific recommendations from the US government
• Applying these recommendations to your IBM i environment
• How Precisely can help
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
2. Cyber Security Background
• Cyber security consequences impact national defense, businesses, public
markets, retailers, consumers, and individuals.
• Organized cyber crime has escalated in recent years and is replacing
terrorism as the largest threat to America.
• Cybercriminals are:
• Organized
• Financed
• Looking for high yield
• Adopting (Example: Ransomware)
3. More Cyber Security Background
• Why are we more at risk now?
• Our reliance on instantaneous data
• Rapidly growing data volumes
• More complex IT infrastructures
• Data integration between systems
• 3rd Party vendor relationships
4. Biggest Breaches in Recent Years…
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
5. Which Industries are Most at Risk?
http://www.nedocs.com/blog/data-breach-statistics
6. Which Industries are Most at Risk?
http://www.nedocs.com/blog/data-breach-statistics
7. Why is Healthcare a Major Target?
• Healthcare market forces
• Healthcare records are a rich set of
data:
• Financial, medical, family, and
personal data
• Patient physical characteristics can
be misused to obtain passports,
visas or ID’s
• Basic identity and insurance
information has black market value
between $10 to $100 (whereas cc #’s
may fetch $0.50 to $1 comparatively)
8. Healthcare Data Breaches Are Costly
• 90% had a data breach in the past 2 years
• 40% had more than 5
• Average economic impact due to data
breaches is 2.1 million dollars / healthcare
organization and 1 million dollars / business
associate organizations over 2 years
• Criminal attacks are now the #1 cause of
data breaches
• 56% of healthcare organizations and 59% of
business associates don’t believe their
incident response process has adequate
funding and resources
www.hhs.gov/ocr
9. Healthcare Data Breaches Are Costly
• Data breaches in healthcare are the most
expensive to remediate
• In the U.S. healthcare industry, the average
cost was $398 per record
• Average cost across all industries: $154 per
record
http://www-03.ibm.com/security/data-breach/
10. 2015 Trends in Healthcare
The Global State of Information Security® Survey 2016, October 2015
“While the healthcare industry has
traditionally lagged in the maturity of its
cybersecurity programs, some forward-
thinking organizations are beginning to
take steps to improve their security
posture.” The Global State of Information
Security® Survey 2016, October 2015
11. How do you find out if there is a breach?
• How victims learn of the crime:
• Hospital invoice
• Collection letter
• Insurance statement
• Errors in health record
• Credit report
• 65% of victims spent money to resolve:
• Average cost: $13,500
• Incorrect medical records could jeopardize safety
Fifth Annual Study on Medical Identity Theft, Sponsored by the Medical Identity Fraud Alliance,
Independently conducted by PonemonInstitute LLC, February 2015
Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, Sponsored by ID
Experts, Independently conducted by PonemonInstitute LLC, May 2015
12. Insider Threats- Employees
• “Insiders” refers to your workforce who are trusted with access to
your systems
• They make mistakes
• They violate policies (snooping, shortcuts)
• A few have criminal intentions
• Huge problem in healthcare!
13. Outside Threats-Third Parties
• Third parties were the #2 cause of breaches
• Hospitals need to manage third party risks
• Evaluate whether third parties have access to PHI
• Evaluate the level of risk
• For high-risk third parties evaluate the security program
• Before contracting
• Ongoing
• Contract terms to manage third party risks
http://www.idtheftcenter.org/ITRC-Surveys-Studies/2014databreaches.html
15. Where to begin?
• Identify
• Protect
• Detect
• Respond
• Recover
Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, National Institute of Standards and Technology, February 12, 2014
16. Cyber Security: Where to Start?
• Identify:
• Be AWARE: Have analytics and monitoring to recognize and respond to threats
• If you install monitoring or scanning software, carve out the time to work the reports each
month.
• Know what you HAVE: Maintain inventory of authorized users, devices, software
• Often accounting inventory lists and IT inventory lists do not sync because of the fast moving
environment. Make time to reconcile on a quarterly basis.
• KNOW your data: Know what data you have, where it is, who has access
• Only collect what you need, keep as long as it is required and/or has a legit business need
• Perform scans on your network looking for sensitive number formats such as SSN, residing in
shared departmental drives
• Review user access routinely
17. Cyber Security: Where to Start?
• Protect:
• Properly deploy ANTIVIRUS/ANTIMALWARE: Use a comprehensive endpoint
security product and keep the definition file up to date to continuously monitor
and protect workstations, server, and mobile devices
• Use ENCRYPTION: If you have encryption layered on your data, sensitive emails,
and mobile devices criminals may get a user name, or password, perhaps a social
security number, but the full record is encrypted. ($1 of data vs. $50)
• Password protect Excel worksheets with sensitive data
• Buy encrypted thumb drives for your employees and use an inventory system to check them
out
• Encrypt your laptops
• Secure email with encryption
18. Cyber Security: Where to Start?
• Protect Continued:
• Have POLICIES in place:
• User access policies – how fast can employee be locked out of your network in case of
turnover?
• Password policies – complexity, renewals, and physical protection (no passwords under
keyboards)
• Personal laptops-Do not allow them on your network
• Computer time out policy
• Encryption policies
• Prohibit the use of generic user IDs and common passwords
• Use SECURE CONFIGURATIONS:
• Physical security of your network is important
• Guard your hospital’s network by changing the password often
• Add filters to your guest wireless network
19. Cyber Security: Where to Start?
• Protect-Education
• TRAIN Staff: Employees can be one of the biggest threats to security (accidentally and
intentionally), map training to skills required for each job, implement, and test
• Email is vulnerable
• Ransomware is coming in as malicious macros on attachments to email, emails with links
elsewhere and through server vulnerabilities.
• Downloading of ‘free’ software often has its price.
• Know what data is sensitive and what are the procedures are to protect it
20. Cyber Security: Where to Start?
• Detection
• Monitoring tools to help detect
• Network Monitoring
• Intrusion Prevention & Detection
• Firewall & Network Configuration
• File transfer monitoring
• Email Protection Tools
• URL (web link) filtering, e-mail quarantining, email encryption, anti-spam/phishing detection
• Workstations and Server Monitoring
• Anti-virus
• Anti-malware
• Web filtering
21. Cyber Security: Where to Start?
• Detection-Continued
• Monitoring tools to help detect
• Maintain PATCHES: Apply proactive upgrades/patching of hardware and software
• This is a difficult task in small rural hospitals
• Upgrade before END-OF-LIFE
• MS Server 2003 reached ‘end of life’ July 2015, not maintained for security by Microsoft
• Windows XP reached ‘end of life’ April 8, 2014.
• McAfee email protection tools will be ‘end of life’ December 31, 2016
• Microsoft Windows Vista will reach ‘end of life’ on April 11, 2017.
• User Access
• Password Management
• The tools only help detect….the tools don’t fix issues!
• Rural hospitals are budget constrained and short staffed in IT.
22. Cyber Security: Where to Start?
• Respond
• Have a PLAN: Know how to respond to incidents, have trained team in place
• Business continuity
• Disaster recovery
• Ransomware Attacks
• Have a communication plan in place today for a potential data breach
• You want this now so you don’t panic when it happens!
• Periodically validate through neutral 3rd party via penetration testing and red
team exercises
23. Cyber Security: Where to Start?
• Recover
• Be able to RECOVER: Have regular backups for disaster recovery and continuity
• Evaluate your risk and determine if offsite backups are needed
• Is there a need for full redundancy for your business?
• Continuous REVIEW: Security is an on-going process. Proactively identify and
repair vulnerabilities to mitigate to an acceptable risk level.
• Work the scanning and monitoring reports on a monthly basis
• Create a process for reviewing employee access on a routine basis
• Walk through the office looking for passwords under keyboards and sensitive data left on
desks
• Make sure software updates ran (did not fail)
24. Defense-in-Depth / Layers of Security
• The best practice in cyber
security is to use the Defense-in-
depth model. Meaning that our
data protection should be like an
onion
• This will allow all sources of
threats to be covered. (Some of
the security solutions can cover
more than one threat source and
can work in more than one layer
of the model)
http://www.nedocs.com/blog/data-breach-statistics
25. Wyoming Businesses are at Risk
“That won’t happen in Wyoming, we are small potatoes.”
Our response:
• Are you sure your employees all know not to click on something that could introduce
Malware into your network?
• Are you sure all your terminated employees can’t get into your network?
• Are you sure that all of your workstations and servers have the latest patches for software
on them?
• Are you sure you do not have legacy software anywhere in your organization?
• Are you sure your customer’s sensitive information is being encrypted?
• Are you sure an employee isn’t walking around with a thumb drive with his/her password
on it to your network?
26. Wyoming Case Studies
• A medium sized company in Wyoming did not have strong policies about
personal devices on their network. An employee brought his personal
laptop to work (because it worked better than the company owned workstation), accessed
the wireless network, and was unaware that a BitTorrent product was
running in the background on this machine.
BitTorrent is a peer to peer file transfer protocol for sharing data over the internet. It is often used to share music or pictures illegally or to
introduce malware. People may not know that they have BitTorrent installed.
This company was sent a letter from their internet service provider telling them they would be
removed from internet service because they had engaged in illegal practices via their network. They
had to engage an attorney to work with their ISP and pursue a time consuming formal IT audit to
determine where the illegal activity had come from.
Once the mystery was solved, to ensure it did not occur again, the company implemented a ‘no
personal devices policy,’ purchased the employee a better workstation, and added web filtering
capabilities to their firewall.
27. Wyoming Case Studies
• Proactive Approach
• A behavioral health school for girls decided to increase their IT security and ensure that they meet
HIPAA compliance standards. The school had approximately 13 workstations and 17 users.
• Address Software issues
• Office 365 for Business, Anti-Virus, Secure Emails, Email Archiving
• Address Hardware Issues
• Implemented secure, centralized file storage with re-direction from workstations of the My
Documents folders, including encrypted backups for the server.
• New firewall for network security
• Set Windows updates to occur on routine basis
• Secure wireless access points in a private wireless network
• Configured email notifications to IT to ensure backups work properly
28. Wyoming Case Studies
• Password Policies
Throughout Wyoming, most of the organizations I have spoken with have weak password policies
and little to no enforcement.
-8-12 digit passwords
-at least one number, one capital, and one character
-force changes every 3 month
I have seen risk assessors crack 95% of a Wyoming organizations’ employee network passwords in
minutes because these policies were not in place/enforced.
My guess is there are hackers even better than us!
29. Wyoming Case Studies
• What we have seen in Wyoming
• Lack of secure email – offices that use personal gmail, yahoo, or msn accounts for business
• Lack of firewall
• Lack of anti-virus
• Lack of encryption on thumb drives, laptops, and mobile devices
• Use of DropBox for file sharing of sensitive information
• Poor or unenforced password policies (use of generic ids and passwords, passwords under the
keyboards, workstations that aren’t secured by passwords)
• Allowing everyone administrative access on workstations
• Old workstations and servers with internet access
• Sensitive data on spreadsheets on a file share where everyone in the company has access
• Unsecured network jacks in public areas of buildings (anyone can plug into your network)
• Downloading of inappropriate software so that your network IP address is flagged.
31. What Would You Do?
Knowing your own security practices, would you go to your
hospital and give out your personal information?
32. Questions?
Luke Schneider, MBA, CHCIO
Medicine Bow Technologies
www.medbowtech.com
Office: 1-866-455-1978
Cell: 307-460-1848
lschneider@medbowtech.com
Editor's Notes
Driven by market forces, desire to improve health delivery, reduce costs, and comply with Gov. mandates providers are adopting electronic records
Medical data sets tend to be more complete
Can include: demographics, Gov. ID numbers, bank/credit card accounts, insurance plan credentials, disease/health statuses and physical descriptors