healthcare security success story · certified network defender (cnd) ec council certified ethical...
TRANSCRIPT
![Page 1: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/1.jpg)
Regional Forum on Cybersecurity in the Era of Emerging Technologies &
the Second Meeting of the “Successful Administrative Practices”-2017 Cairo, Egypt 28-29 November 2017
Healthcare SecuritySuccess Story
Dr. Mohamed AbdelFattahVP of Advisory Services, ALTERNA, IT
Business unit, 57357 Group
![Page 2: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/2.jpg)
2
Healthcare Trending
1
2
3
ALTERNA - Confidential
4
The World Health Organization (WHO) estimates up to 40% of resources spent on healthcare are wasted, in part due to antiquated processes and systems.
It has been estimated that there will be approximately 50 billion devices connected to the Internet and, therefore, to each other by 2020.
Increased demand of healthcare due to an increased number of elderly and changed life styles leading to an increase in chronic diseases
Need for increased efficiency, individualization and equity of quality-oriented healthcare with limited financial resources
![Page 3: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/3.jpg)
3
Smart Hospital
Intelligent hospital
The Smart can be summarized in a simple question: “How do we leverage real time information to achieve clinical excellence and enhanced patient experience?
Intelligent hospital is one that works better and smarter
better because it’s resourceful, creative, and perceptive about what patients and doctors need
smarter because it’s astute and inventive when it comes to weaving together diverse technologies to enhance patient care.
![Page 4: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/4.jpg)
4D’s Framework
![Page 5: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/5.jpg)
The key of success
Business first
Technology second
5
![Page 6: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/6.jpg)
ProjectLife Cycle
Discover
Design
Develop
Deliver
• Identify Stakeholder• Define Project Strategy • Discover Current state of Healthcare system• Recommend current system enhancements
• Get Stakeholders Consensus• Design Organizational Integrated workflow• Propose and approve future state of Healthcare system
components & its infrastructure
• Validate solution and measure outcomes• Identify opportunities for improvement• Share lessons learned• Improve the knowledge transfer
• Develop and Configure approved solution• Develop knowledge transfer plan• Deliver training
DiscoverDesign
Develop
Deliver
12
3
4
![Page 7: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/7.jpg)
Smart Hospital Framework
![Page 8: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/8.jpg)
Risk Management
Decision Support
Clinical Repository
Web Portal Services
ERP HIS PACS Telemedicine
Desktop Services
Database Messaging Service DeskVideo
ConferencingVOIP
Data Security
Physical Security
CablingInternet
Connectivity
Switches & Routers
Hardware (Servers)
Data Center
IT Governance
Secu
rity
an
d M
on
ito
rin
g /
GR
C
Application Management
Program
Management Program
Services Program
Infrastructure Program
Pe
op
leP
ro
ce
ss
Te
ch
no
log
y
Proposed Technology Services Framework
Val
ue
Me
asu
rin
g
8
E-learning System
IoT
![Page 9: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/9.jpg)
IT Governance Governance, Risk and Compliance
Value Measuring
IT governance provides a structure for aligning IT strategy with business strategy. By following a formal framework, organizations can produce measurable results toward achieving their strategies and goals.
IT governance and GRC are practically the same thing. GRC is the parent program, what determines which framework is used is often the placement of the CISO and the scope of the security program.
Value measuring methodology (or VMM) is a tool that helps financial planners balance both tangible and intangible values when making investment decisions, and monitor benefits.
Proposed Technology Services Framework, Continue
![Page 10: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/10.jpg)
Security Business Approaches
Information Security Programs
![Page 11: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/11.jpg)
Services Framework
11
![Page 12: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/12.jpg)
12
IT GRC Program (Governance, Risk and Compliance) Corporate IT Policies &
procedures IT Risk Assessment &
TreatmentEstablish Compliance
Framework Implement ISO27k1
Monitoring, Controlling & AnalyticsTechnology Acquisition
SOC CSIRTResilience
ManagementForensics
Establish Information Security OfficeOrganization of
information securityRoles &
Responsibilities Information Security
PoliciesGuidelines for Data
ClassificationGuidelines for Data
Protection
Security Baseline Assessment – Current StateSite Survey
Baseline Security Assessment
Gap AnalysisVulnerability Assessment
Pen TestConfiguration Audit and Re-
Design
Recommendations
Secu
rity
Aw
aren
ess
Pro
gram Secu
rity Trainin
g Pro
gram
Information Security Transformation Approach
![Page 13: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/13.jpg)
Security Healthcare Solution
13
![Page 14: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/14.jpg)
Information Security Programs
![Page 15: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/15.jpg)
![Page 16: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/16.jpg)
Advanced Security Programs for Enterprise
Security Baseline Assessment – SBA
Monitoring, Controlling and Analytics - MCA
Identity and Access Management - IAM
Data Privacy, Protection and Classification - DPPC
![Page 17: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/17.jpg)
17
Security Baseline Assessment
Site Survey
Baseline Security Assessment
Gap Analysis
Vulnerability Assessment & Management
Penetration Testing
Application Security Assessment
Configuration Audit and Re-Design
Considerations & Recommendations
![Page 18: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/18.jpg)
Security Baseline Assessment – SBA
Monitoring, Controlling and Analytics - MCA
Identity and Access Management - IAM
Data Privacy, Protection and Classification - DPPC
Advanced Security Programs for Enterprise
![Page 19: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/19.jpg)
Monitoring, Controlling and Analytics
Monitoring & Controlling
NOC
SOC
E-Discovery
Analytics
Incident Response Management
CSIRT
Forensics
![Page 20: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/20.jpg)
Security Baseline Assessment – SBA
Monitoring, Controlling and Analytics - MCA
Identity and Access Management - IAM
Data Privacy, Protection and Classification - DPPC
Advanced Security Programs for Enterprise
![Page 21: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/21.jpg)
Identity and Access Management
Managed Certificate Services IAM Professional
Services
Digital Certificate
PKI
SSO
Password Management & Self Service
Role Management
Privilege Users
Access Management
![Page 22: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/22.jpg)
Security Baseline Assessment – SBA
Monitoring, Controlling and Analytics - MCA
Identity and Access Management - IAM
Data Privacy, Protection and Classification - DPPC
Advanced Security Programs for Enterprise
![Page 23: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/23.jpg)
Data Privacy and Protection
Protect & Classify
Data Security
User/Client Data
Data Privacy
Access and authentication
Confidentiality
Integrity
Availability
Data retention
Ownership and distribution
![Page 24: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/24.jpg)
Data Classification
• Data classification can help define in-scope systems and aid with compliance efforts. Compliance
• Data classification can help meet compliance requirements of financial regulations and solutions Financial Services
• Data classification can help ensuring compliance with Health Regulations as HIPAA (Health Informatics Portability and Accountability Act)Healthcare
• Knowing where key financial data resides and ensuring it is kept safe. Public Corporations
• Data classification can help meet the requirements of the Government Information Systems Management Systems
Government Organizations
• Define required data classification efforts, specifically to define what a "critical cyber asset" is and how it is protected. Utility Organizations
![Page 25: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/25.jpg)
Professional Consulting Security Programs
IT (Governance, Risk and Compliance) - GRC
Managing Operational Resilience - MOR
Security Awareness & Simulation Program – SAS
Security Training Program - STP
![Page 26: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/26.jpg)
IT (Governance, Risk and Compliance)
IT Governance
• IT Strategic Plan
• Process
• Policies & Controls
• Procedures
• Performance Monitoring
IT Risk Management
• Risk Identification
• Risk Assessment
• Treatment Plan
• BIA
• RCA
IT Compliance Management
• IT Standards
• Control Objectives
• Control Testing
• Internal Auditing
IT Quality Management
• Quality Control
• Quality Assurance
• Document Management System
• Business Processes
![Page 27: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/27.jpg)
IT (Governance, Risk and Compliance) - GRC
Managing Operational Resilience - MOR
Security Awareness & Simulation Program – SAS
Security Training Program - STP
Professional Consulting Security Programs
![Page 28: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/28.jpg)
Managing Operational Resilience
Business Continuity
Outsourced Security
Management
Disaster Recovery
Outsourced
Operation Management
![Page 29: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/29.jpg)
IT (Governance, Risk and Compliance) - GRC
Managing Operational Resilience - MOR
Security Awareness & Simulation Program – SAS
Security Training Program - STP
Professional Consulting Security Programs
![Page 30: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/30.jpg)
Security Awareness & Simulation Program
Baseline
Develop
Deliver
Measure
Implement CBT Courses for Security
Awareness
Add Data Protection to the Security
Awareness Program
Include the IT security department in
orientation classes
Map acceptable use policy
Provide Security Awareness in a new IT,
existing newsletters or Digital Signage
Provide adequate training for new
technologies
![Page 31: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/31.jpg)
e- Learning Platform
31
![Page 32: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/32.jpg)
Professional Consulting Security Programs
IT (Governance, Risk and Compliance) - GRC
Managing Operational Resilience - MOR
Security Awareness & Simulation Program – SAS
Security Training Program - STP
![Page 33: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/33.jpg)
Security Training Program – EC-Council Certified
Certified Secure Computer User (C|SCU)
Certified Network Defender
(CND)
EC Council Certified Ethical Hacker
(CEH)
EC Council Certified Security Analyst (E|CSA)
Certified Chief Information Security Officer (C|CISO)
![Page 34: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/34.jpg)
Hire CISO
Schedule periodic security audits
Review and approve security policies, controls and incident response planning
Manage all teams, employees, contractors and vendors involved in IT security, which may include hiring
1
2
3
4
Direct and approve the design of security systems
![Page 35: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/35.jpg)
Hire CISO
IncreaseQuality
IncreaseSecurity
IncreaseProductivity Decrease
Cost
![Page 36: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/36.jpg)
36
![Page 37: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/37.jpg)
VISION
Mission
We believe in talents to provide innovative-alternative ways to change the world.
Our mission is to inspire and transform businesses into the new digital era through smart minds, research and alternative solutions.
![Page 38: Healthcare Security Success Story · Certified Network Defender (CND) EC Council Certified Ethical Hacker (CEH) EC Council Certified Security Analyst (E|CSA) Certified Chief Information](https://reader034.vdocuments.site/reader034/viewer/2022042413/5f2cd84f8484f80f9f69bca1/html5/thumbnails/38.jpg)