1 / 17

Coventry Health Care

Megan Yarabinetz September 10, 2010 The Pennsylvania State University IST 495. Coventry Health Care. Cranberry 1: Includes Data Center. Cranberry 2. Company Background. Incorporated November 21, 1986 as Coventry Corporation Headquarters are located in Bethesda, Maryland.

tamarr
Télécharger la présentation

Coventry Health Care

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Megan Yarabinetz September 10, 2010 The Pennsylvania State University IST 495 Coventry Health Care

  2. Cranberry 1: Includes Data Center

  3. Cranberry 2

  4. Company Background • Incorporated November 21, 1986 as Coventry Corporation • Headquarters are located in Bethesda, Maryland. • Provides health care solutions for group and individual health insurance, Medicare and Medicaid programs, Worker’s Compensation and Behavioral Health Care services. • Serves more than 5 million members in all 50 states. • Employs approximately 14,000 employees with over 1,000 Information Technology employees reference: www.cvty.com

  5. Information Risk Management Department

  6. To support the central mission of the company by ensuring business operational continuity and assuring the Confidentiality, Integrity and Availability (CIA) of its information and information systems. Information Risk Management-Mission Information Risk Management Mission Statement

  7. Information Risk Management- Organization and Functions

  8. Responsibilities • Participated in Risk Assessment Planning Meetings • Analyzed Coventry’s Information Risk Management Program (ISO 27001) • Participated in Information Security Policy Mapping Meetings • Interviewed Key Executives to document the Information Security Program impact on their departments

  9. Objectives

  10. Objective 1: Risk Assessments in a Corporate Environment • Risk Assessment Methodology – OCTAVE Allegro

  11. Objective 2: ISO 27001 Framework

  12. Objective 3: Information Security Policies & Procedures in a Corporate Environment • Coventry has a policy mapping group that meets on a regular basis • There is a standard policy template used • ISG team is responsible for policy development • Policies are drafted by the ISG team • Policies are published on a SharePoint site • Violation of policies can result in sanctions

  13. Key Executive Interviews

  14. Key Executive Interviews • Executives interviewed: • Enterprise Architect • Director, Application Development • Director, IT Finance • Director, Information IT Management (IT Audit) • Vice President, IT Infrastructure • Chief Compliance Officer • Senior Business Technology Leader • Vice President, E-Commerce • Vice President, Customer Service Operations

  15. Key Executive Interviews (cont.) • Summary of Positive Impact of Information Security Program: • Established policies and standards • Keeps them out of legal trouble • ISG Team is helpful, as well as their security Spot Lights • Summary of Negative Impact of Information Security Program: • Many executives stated: None • Some found implementing policies and standards to be time consuming

  16. Computer Forensics Lab • Director has 25lb Alienware “Laptop” • ~72inch Plasma TV used to monitor traffic and attacks • Ability to pinpoint where attacks come from • Use FTK and EnCase Computer Forensics Software • Hard drives kept in a safe with chain of custody forms • Ability to monitor employees as well as potential attackers

  17. Wrap- Up

More Related