SANS Technology Institute Master's Presentation
- Incident Response in the Healthcare Cloud: Matching Policy with Data
- Barbara Filkins
- Monday, February 18th, 7:30pm - 8:10pm
Privacy has been, and will remain, a leading business driver for healthcare security. The sharing of sensitive patient records is protected by regulation, jurisdictional, and organizational polices, and individual patient consent, all of which articulate the set of business rules by which protected healthcare information is shared, disclosures tracked, and breaches recognized.
Cloud computing adds new challenges to how security re-enforces privacy. In the absence of explicit control over the physical infrastructure, the security architecture must focus on protecting the actual data according to the appropriate business rules. In this environment, an understanding of how policies affect the behavior around access, use, and release of sensitive data is needed to effectively monitor for incidents and proactively avoid potential breaches.
This presentation summarizes the challenges as how data and policy can be matched in the healthcare cloud and presents reference architecture, based on standards and realizable through current technology, that enables enforceable policies around sensitive data, policies which, in turn, can be supported by incident response procedures.
Barbara Filkins has done extensive work in system procurement, vendor selection and vendor negotiations in her career as a systems engineering and infrastructure design consultant. Based in Southern California, she sees security as a process that she calls ‚policy, process, platforms, pipes AND people.‚ Most recently, she‚s been involved with HIPAA security issues in the health and human services industry, with clients from federal agencies (DoD and VA), municipalities and commercial businesses. Her interest in information security comes from its impact on all aspects of the system lifecycle as well as its relation to many of the issues faced by a modern society dependent on automation‚privacy, identity theft, exposure to fraud and the legal aspects of enforcing information security. She holds the SANS GSEC (Gold) and GCIH (Gold) and is currently pursuing her Master of Science degree from the SANS Technology Institute.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
Monday, February 18
|General Session - Welcome to SANS||Dr. Eric Cole||Monday, February 18th, 8:15am - 8:45am||Special Events|
|Unleashing the Dogs of (cyber) War||Ed Skoudis||Monday, February 18th, 7:15pm - 9:15pm||Keynote|
|SANS Technology Institute Master's Presentation||Barbara Filkins||Monday, February 18th, 7:30pm - 8:10pm||Special Events|
Tuesday, February 19
|Vendor Showcase||—||Tuesday, February 19th, 10:30am - 10:50am||Vendor Event|
|Vendor Showcase||—||Tuesday, February 19th, 12:30pm - 1:15pm||Vendor Event|
|Vendor Showcase||—||Tuesday, February 19th, 3:00pm - 3:20pm||Vendor Event|
|Information Sharing for the Good Guys...........||Timothy Garcia||Tuesday, February 19th, 6:15pm - 7:15pm||SANS@Night|
|APT: It is Not Time to Pray, It is Time to Act||Dr. Eric Cole||Tuesday, February 19th, 7:15pm - 9:15pm||SANS@Night|
Wednesday, February 20
|Information Security Metrics: Practical Steps to Measurement||James Tarala||Wednesday, February 20th, 7:15pm - 8:15pm||SANS@Night|