Professional Documents
Culture Documents
Marshall
Marshall
Pragmatic Use of
ISO/IEC 15408
(The Common Criteria)
Glen Marshall
glen.marshall@smed.com
1
4/13/2000
¥ A Security Standard
¥ A Prescription
¥ ÒSecurity for DummiesÓ
¥ A Panacea
2
4/13/2000
¥ For Healthcare IT É
Ð Translating regulations to actions
Ð Responding to external audits
Ð Assuring healthcare stakeholders
Ð Establishing trust among systems
Ð Planning systems changes
3
4/13/2000
¥ Protection Profile
Ð Environmental assumptions
Ð Threats
Ð Policies
Ð Objectives
Ð Functional Requirements
Ð Assurance Requirements
Ð Environmental Requirements
Objectives
4
4/13/2000
¥ Pragmatically É
Ð Healthcare IT systems are not monolithic.
Ð Systems are subject to frequent changes.
Ð System implementers are not security experts.
Ð System users often donÕt care about security.
Ð There are severe budget and time constraints.
Ð Managers are often impatient.
10
5
4/13/2000
¥ A Complete Solution
11
¥ Focus
Ð Central Concerns
Ð User Benefits
Ð Scope and Scale
¥ Assurance
Ð Benefits at Reasonable Cost
Ð Incremental Results
12
6
4/13/2000
13
Affiliates
Referrals Scheduling
Staff Radiology
Payers
14
7
4/13/2000
15
16
8
4/13/2000
17
18
9
4/13/2000
19
20
10
4/13/2000
Now T1
T2
21
Discussion
22
11
4/13/2000
Discussion
23
Discussion
How are you transitioning your current
assurance approaches and implementation
into the future requirements?
¥ Are you involving Risk Management?
¥ Where in the organization will the Security
Officer reside?
¥ Who is responsible and accountable for
conducting É
Ð Internal audits?
Ð External audits?
24
12
4/13/2000
Questions?
Fragen?
ÀPreguntas?
Domande?
25
Thank you
Danke
Merci
Gracias
Grazie
26
13