The Verizon HIPAA Opportunity

1 / 28
About This Presentation
Title:

The Verizon HIPAA Opportunity

Description:

Verizon accepts no liability, expressed or implied, for the material contained herein. ... E-mail & fax. Telecommuting. IT applications. Logging & Audit trails ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 29
Provided by: chasr

less

Transcript and Presenter's Notes

Title: The Verizon HIPAA Opportunity


1
Beyond CIPA Compliance - Planning a Truly Secure
Network Infrastructure CoSN, February 28, 2002,
Session 4Apeter.haigh_at_verizon.comReproduction
of this material is permitted, with attribution,
for non-commercial purposes. This presentation
represents the professional opinion of the
author. Verizon accepts no liability, expressed
or implied, for the material contained herein.
2

Todays Agenda
  • Whats your SecurityQ?
  • Why Network Security?
  • What is Network Security
  • Where can Verizon help you?

3
Why should I care about Security?
  • Its important to ensure that Students Staff
    experience a safe computing environment
  • If you dont comply with CIPA, YOU LOSE E-RATE
    DISCOUNTS, AND MUST REPAY ANY DISCOUNTS ALREADY
    RECEIVED
  • Citizens care about security
  • Heightened by 9/11
  • Security breaches are widely frequently
    reported
  • Many laws (other than CIPA) deal with security
    privacy
  • Individuals have right of action under Tort

4
What is CIPA Compliant?
  • Internet Safety Policy
  • The Internet Safety Policy must address the
    following issues
  • access by minors to inappropriate matter on the
    Internet and World Wide Web
  • the safety and security of minors when using
    electronic mail, chat rooms, and other forms of
    direct electronic communications
  • unauthorized access, including so-called
    "hacking," and other unlawful activities by
    minors online
  • unauthorized disclosure, use, and dissemination
    of personal information regarding minors and
  • measures designed to restrict minors' access to
    materials harmful to minors.

5
  • What is Security?

6
  • State of the Art Security
  • pre-Gunpowder!

7
What is Security?
  • Classical definition
  • Confidentiality
  • Integrity
  • Availability
  • How privacy can be assured
  • Administratively
  • Physically
  • Technically

8
Information Security Lifecycle
Security Assurance Testing Reporting Monitoring Tr
aining
Building Blocks Security is aprocessnot
aproduct...
Policy andArchitecture Risk Assessment Security
Policy
Technology Implementation VPN,Encryption,
Firewalls, Authentication, IDS
Business Applications and Services
Networks, Intranet, Internet, Remote Access
Hardware and Operating Systems
Solution Design and Selection Security
Design Technology Selection
  • People
  • Process
  • Technology

9
What is Privacy?
  • The right to be left alone is the most
    comprehensive of rights... US Supreme Court
    Justice Brandeis, 1928
  • You already have zero privacy. Get over it.
    Scott McNealy, CEO Sun Microsystems, 1999
  • Consumer attitudes - The Pew Internet American
    Life Project, 2000
  • 86 favor opt-in privacy policies, requiring
    permission for use
  • 54 view web-site tracking of users as invasion
    of privacy
  • 54 have provided personal info. to use a web
    site
  • 48 have bought on-line using a credit card
  • 55 have sought medical info. on the web
  • 43 have sought financial info.
  • 27 will never divulge personal information
    on-line

10
Privacy versus Security
  • Privacy is what you promise to do
  • Security is about how you fulfil the promise
  • Networks are how the authorized (and
    unauthorized) get access
  • Therefore network security is of paramount
    importance

11
5 Principles of Fair Information Practices
  • Openness
  • Existence and purpose of record-keeping systems
    must be publicly known.
  • Individual Participation
  • Individual right to see records and assure
    quality of information.
  • Security
  • Reasonable safeguards for confidentiality,
    integrity, and availability of information.
  • Accountability
  • Violations result in reasonable penalties and
    mitigation.
  • Limits on Collection, Use, and Disclosure
  • Information collected only with knowledge and
    consent of subject.
  • Information used only in ways relevant to the
    purpose for which the data was collected.
  • Information disclosed only with consent or legal
    authority.

12
Physical Security
  • Card Access Systems
  • Closed Circuit TV (CCTV)
  • Fire Suppression Systems
  • Alarm Systems
  • Power Systems

13
Two-Factor Authentication
  • 3 ways to authenticate a person
  • What they know Password
  • What they have Token
  • Who they are - Biometrics

14
Biometrics
  • Fingerprint / Palm Print
  • Hand Geometry
  • Iris Scanning
  • Keyboard Dynamics
  • Signature Characteristics
  • Facial Recognition
  • Voice Recognition

15
PKI / LDAP / X.500
  • Digital Certificates PKI (X.509 v3)
  • Digital document attesting to the binding of a
    public key to an individual or other entity. Use
    two encrypted soft keys public private keys,
    need certificate authority (notary), strong
    authentication

16
RADIUS
17
More communications/network controls
  • Firewalls for Internet (and other) connections
  • The DMZ concept
  • Importance of proper installation maintenance
  • Strong encryption digital signature on public
    network
  • Encryption on private networks (?)
  • Regular virus checking
  • Standardized client server configurations
  • Periodic census of network software hardware
  • Vulnerability assessment intrusion detection

18
Firewalls Intrusion Detection Systems
Internet
19
Encryption
  • Encryption provides confidentiality
  • Symmetric (Secret) Key
  • Asymmetric (Public) Key
  • VPNs provide a secure channel

Network
20
Areas of unusual concern
  • E-mail fax
  • Telecommuting
  • IT applications
  • Logging Audit trails
  • Suspect activity security incidents

21
IT Applications
  • What enhanced security features will vendors
    provide?
  • Interoperability in best of breed environment
  • Audit trails logs
  • Access authorization controls
  • Single sign-on
  • Valuable protection, or
  • A more attractive target?

22
Suspect Activity Incidents
  • Suspect activity
  • Regular vulnerability assessments
  • Intrusion detection
  • Surveillance of traffic
  • Incident response
  • Treat like crime!
  • Get forensic help - evidence gathering
    protection
  • Change policy, procedure technology as
    appropriate
  • How incidents are identified
  • Ensuring staff report incidents
  • Knowing what is unauthorized

23
You Can be more Secure!
  • Services for a Trusted Environment
  • Confidentiality
  • Integrity
  • Availability
  • Identification Authentication
  • Authorization Access Control
  • Non-repudiation
  • Forensics

24
Vulnerability Testing Services
  • External Port Scan
  • Vulnerability Scan of External Network
  • Penetration Testing
  • Phone Sweep

25
Security Assessment Services
  • Comprehensive review of a clients security
  • Designed to assess and prioritize a clients
  • security risks and develop a comprehensive
  • action plan

26
Technology Planning
27
Training Programs
  • Security Awareness Program
  • Technical Training
  • Intelligence Programs

28
Thank you for your time, please contact your
Verizon Account Manager for further information
regarding solutions for your Security needs.
Write a Comment
User Comments (0)
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "The Verizon HIPAA Opportunity" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!