1. A Privacy / Security Presentation For HealthTechNet 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170 703-871-3973 The Management and Operational Perspective of Privacy and Security Maria C. Horton, CISSP-ISSMP, IAM July 21, 2006

2. About EmeSec (pronounced em-ēē-sek) • 8(a), Service Disabled Veteran, Woman Owned Business • Founded April 2003 • EmeSec specializes e-Security solutions IT policy and planning, Continuity of Operations, Incident Response, and Regulatory Compliance

3. Security in Large Organizations 1-2 yr phase Source: Meta Group, 2004

4. Drivers Government Regulatory Commercial Revenue Privacy Management Policy driven Procedurally oriented Operational Technically focused Location based Data Protection

5. Common Security Issues • Five Basic problem Areas • Inherent Security Defects • Misuse of Tools • Improper maintenance • Ineffective Security • Inadequate detection systems

6. Threat Response Activities • Annual Risk Assessment • Perimeter protections • Changing: wireless / virtual worlds • Automated configuration management • Access control • Role Based • Multi-factorial Authentication • Specialized security training

7. Continuous Monitoring Automated patching Network and server functionality Audit trail monitoring / alerts Trend analysis Incident Response Key Performance Indicators Up time Training Size does matter Monitoring and response are required Resources generally limited Money Personnel Innovation Critical to success Managing Vulnerabilities

8. Contact Us: 12801 Worldgate Drive, Suite 500 Herndon, Virginia 20170 703.871.3973 www.emesec.net 8(a), Service Disabled Veteran, Woman-owned, Small Business