Abstract image of a woman sitting on books and studying on a laptop

Health information secuirty session 5 best practise in information security

Download as PPTX, PDF
Dr. Lasantha Ranwala, profile picture
Dr. Lasantha Ranwala

This document outlines best practices for information security management and defense in depth. It discusses implementing security across multiple layers including personnel, procedural, technical, and physical controls. Specific controls mentioned include physical security measures, technical controls like encryption and access control lists, and administrative controls such as security policies, training, and disaster recovery plans. The document also provides best practices for protecting networks such as access controls, logging, patching, user education, policies, activity monitoring, and data breach response plans. Finally, it lists best practices for personal security including using antivirus software, strong passwords, locking computers in public, protecting personal information, limiting social media sharing, safe file downloads, and regular backups.

Health & Medicine
Related topics:
Health Informatics
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Best practices of information security management Health Information Security Session 05:Best Practices of Information Security Management
“Cyber security… It’s not just about technology”
DEFENCE IN DEPTH • Concept in which multiple layers of security controls (defence) are placed throughout an information technology (IT) system. • Its intent is to provide redundancy in the event of a security control fails or a vulnerability is exploited. • Cover aspects of personnel, procedural, technical and physical for the duration of the system's life cycle.
DEFENCE IN DEPTH CONTINU......
DEFENCE IN DEPTH CONTINU......
SECURITY CONTROLS 1. Physical control 2. Technical control 3. administrative control
1. PHYSICAL CONTROLS Implementation of security measures in a defined structure used to defend or prevent unauthorized access to sensitive material. e.g.: • Closed-circuit surveillance cameras • Motion or thermal alarm systems • Security guards • Picture Ids
2.TECHNICAL CONTROLS • Use of technology as a basis for controlling the access and usage of sensitive data throughout a physical structure and over a network. • e.g.: • Encryption • Access control lists (ACLs) • File integrity auditing software
ADMINISTRATIVE CONTROLS • Administrative controls define the human factors of security. • It involves all levels of personnel within an organization and determines which users have access to what resources and information by such means as: • e.g.: • Information Security policy • Training and awareness • Disaster preparedness and recovery plans
BEST PRACTISES - PROTECT YOUR NETWORK 1. Create Specific Access Controls • Minimum user privileges 2. Collect Detailed Logs • for security and troubleshooting purposes • backup logs 3. Maintain Security Patches • make sure your software and hardware security is up to date 4. Educate and Train Your Users • users will always be your weakest link
BEST PRACTISES - PROTECT YOUR NETWORK CONTIN.. 5. Policies and Guidelines • Clear User Policies for New Employees and Vendors • Security policy and guidelines for staff 6. User Activity Monitoring 7. Data Breach Response Plan 8. Back up and Restore
BEST PRACTICES -PROTECT OURSELF 1. Install anti-virus software and keep all computer software patched and updates. 2. Use a strong password • Password Vs Pass phrase 3. Log off public computers/Lock your computer 4. Keep personal information safe • Be wary of suspicious e-mails • Use secure Wi-Fi connections • properly delete any personal information before sell or dispose of your hardware
5. Limit social network information • you should be wary about how much personal information you post. 6. Download files only from trusted souses 7. Regular data Back up
Thank you

More Related Content

PPTX
Health information security session 4 risk management
Dr. Lasantha Ranwala
 
PPT
Lesson 1
MLG College of Learning, Inc
 
PPTX
How To Secure MIS
AaDi Malik
 
PPT
Information Assurance And Security - Chapter 1 - Lesson 3
MLG College of Learning, Inc
 
PDF
Using automation to improve the effectiveness of security operations
Huntsman Security
 
PPTX
security and system mainatance
Kudzi Chikwatu
 
PPT
Lesson 3- Effectiveness of IDPS
MLG College of Learning, Inc
 
PPTX
Management Information System Presentation
AaDi Malik
 
Health information security session 4 risk management
Dr. Lasantha Ranwala
 
Lesson 1
MLG College of Learning, Inc
 
How To Secure MIS
AaDi Malik
 
Information Assurance And Security - Chapter 1 - Lesson 3
MLG College of Learning, Inc
 
Using automation to improve the effectiveness of security operations
Huntsman Security
 
security and system mainatance
Kudzi Chikwatu
 
Lesson 3- Effectiveness of IDPS
MLG College of Learning, Inc
 
Management Information System Presentation
AaDi Malik
 

What's hot (20)

PPT
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
PPT
Lesson 1- Risk Managment
MLG College of Learning, Inc
 
PPT
Lesson 1- Intrusion Detection
MLG College of Learning, Inc
 
PPTX
It security controls, plans, and procedures
CAS
 
PPTX
Introduction to Ethical Hacking
UK Defence Cyber School
 
PPT
Lesson 2
MLG College of Learning, Inc
 
PPT
Lesson 2
MLG College of Learning, Inc
 
PPTX
MIS: Information Security Management
Jonathan Coleman
 
PPTX
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
PDF
Corporate security pdf
G3 intelligence Ltd
 
PPT
The Importance of Security within the Computer Environment
Adetula Bunmi
 
PPT
Lesson 1- Information Policy
MLG College of Learning, Inc
 
PPT
Lesson 3
MLG College of Learning, Inc
 
PPT
Physical security
Dhani Ahmad
 
PPT
Lesson 3- Fair Approach
MLG College of Learning, Inc
 
PPTX
12 security policies
Saqib Raza
 
ODP
Jupiter physical security ppt 2016 1
Maxpromotion
 
PDF
Ise viii-information and network security [10 is835]-solution
Vivek Maurya
 
PPTX
Incident Response
primeteacher32
 
PPT
Control System Cyber Security - A Different Approach
Jim Cahill
 
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
Lesson 1- Risk Managment
MLG College of Learning, Inc
 
Lesson 1- Intrusion Detection
MLG College of Learning, Inc
 
It security controls, plans, and procedures
CAS
 
Introduction to Ethical Hacking
UK Defence Cyber School
 
Lesson 2
MLG College of Learning, Inc
 
Lesson 2
MLG College of Learning, Inc
 
MIS: Information Security Management
Jonathan Coleman
 
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
Corporate security pdf
G3 intelligence Ltd
 
The Importance of Security within the Computer Environment
Adetula Bunmi
 
Lesson 1- Information Policy
MLG College of Learning, Inc
 
Lesson 3
MLG College of Learning, Inc
 
Physical security
Dhani Ahmad
 
Lesson 3- Fair Approach
MLG College of Learning, Inc
 
12 security policies
Saqib Raza
 
Jupiter physical security ppt 2016 1
Maxpromotion
 
Ise viii-information and network security [10 is835]-solution
Vivek Maurya
 
Incident Response
primeteacher32
 
Control System Cyber Security - A Different Approach
Jim Cahill
 
Ad

Similar to Health information secuirty session 5 best practise in information security (20)

PDF
Ch09 Information Security Best Practices
phanleson
 
KEY
Mis
misecho
 
KEY
Chapter 10, part 1
misecho
 
PPTX
Cyber Security and Healthcare
Jonathon Coulter
 
PDF
Measures to Avoid Cyber-attacks
Skillmine Technology Consulting
 
PDF
Measure To Avoid Cyber Attacks
Skillmine Technology Consulting
 
PPTX
Understanding Cyber Security and benifit
abdulkalamshaikhitec
 
PPTX
Information Security
Alok Katiyar
 
PPTX
Digital literacy lecture 2 data security.pptx
johnnderitu16
 
PPTX
Chapter 1 Introduction about information assurance.pptx
mc0225225
 
PDF
Elementary-Information-Security-Practices
Octogence
 
PPTX
InformationSecurity
learnt
 
PPTX
Information Systems Policy
Ali Sadhik Shaik
 
PPTX
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
PDF
Mis 1
Rohit Garg
 
PDF
1. introduction to cyber security
Animesh Roy
 
PPTX
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
PPTX
Foundation of the information securiety
ALIZAIB KHAN
 
PPTX
Recommending information security measures
Manish Singh
 
PPTX
Cyber crime and Information Security.pptx
SAINATHYADAV11
 
Ch09 Information Security Best Practices
phanleson
 
Mis
misecho
 
Chapter 10, part 1
misecho
 
Cyber Security and Healthcare
Jonathon Coulter
 
Measures to Avoid Cyber-attacks
Skillmine Technology Consulting
 
Measure To Avoid Cyber Attacks
Skillmine Technology Consulting
 
Understanding Cyber Security and benifit
abdulkalamshaikhitec
 
Information Security
Alok Katiyar
 
Digital literacy lecture 2 data security.pptx
johnnderitu16
 
Chapter 1 Introduction about information assurance.pptx
mc0225225
 
Elementary-Information-Security-Practices
Octogence
 
InformationSecurity
learnt
 
Information Systems Policy
Ali Sadhik Shaik
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
Mis 1
Rohit Garg
 
1. introduction to cyber security
Animesh Roy
 
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
Foundation of the information securiety
ALIZAIB KHAN
 
Recommending information security measures
Manish Singh
 
Cyber crime and Information Security.pptx
SAINATHYADAV11
 
Ad

More from Dr. Lasantha Ranwala (6)

PPTX
Health information security 3 vulnerability threat and risk
Dr. Lasantha Ranwala
 
PPTX
Health information security 2 : Basic concepts
Dr. Lasantha Ranwala
 
PPTX
Health information security 1 overview
Dr. Lasantha Ranwala
 
PPTX
Online application for drug stock management
Dr. Lasantha Ranwala
 
PPTX
Common Foot Problems
Dr. Lasantha Ranwala
 
PPTX
Foss for Health Care
Dr. Lasantha Ranwala
 
Health information security 3 vulnerability threat and risk
Dr. Lasantha Ranwala
 
Health information security 2 : Basic concepts
Dr. Lasantha Ranwala
 
Health information security 1 overview
Dr. Lasantha Ranwala
 
Online application for drug stock management
Dr. Lasantha Ranwala
 
Common Foot Problems
Dr. Lasantha Ranwala
 
Foss for Health Care
Dr. Lasantha Ranwala
 

Recently uploaded (20)

PPTX
ANESTHETIC CONSIDERATION IN ALCOHOLIC ASSOCIATED LIVER DISEASE.pptx
PoojaPandeya
 
PPTX
thio and propofol mechanism and uses.pptx
sarinpjohn3419
 
PPTX
Vaccines and immunization including cold chain , Open vial policy.pptx
Dr. Anu Marhatta
 
PPT
Opthalmology presentation MRCP preparation.ppt
Nida Us Sahr
 
PPTX
NRP and care of Newborn.pptx- APPT presentation about neonatal resuscitation ...
GururajaRamaiah1
 
PDF
OSCE SERIES - Set 7 ( Questions & Answers ).pdf
Jim Jacob Roy
 
PPTX
abgs and brain death dr js chinganga.pptx
docjulzchin
 
PPTX
Impression Materials in dental materials.pptx
IshitaGupta531091
 
PPTX
Vesico ureteric reflux.. Introduction and clinical management
Tariq Mir
 
PPTX
Physiology of Thyroid Hormones.pptx
BikalpThapa1
 
DOCX
PEADIATRICS NOTES.docx lecture notes for medical students
lenixjeff
 
PPT
Infections Member of Royal College of Physicians.ppt
Nida Us Sahr
 
PPTX
Wheat allergies and Disease in gastroenterology
shauryagoyal87
 
PDF
Adverse drug reaction and classification
mauryajyoti449
 
PPTX
CARDIOVASCULAR AND RENAL DRUGS.pptx for health study
sultankorme4
 
PDF
B C German Homoeopathy Medicineby Dr Brij Mohan Prasad
bcgermanhomoeo
 
PPTX
NUCLEAR-MEDICINE-Copy.pptxbabaabahahahaahha
DanielCastilloMontes
 
PDF
The_EHRA_Book_of_Interventional Electrophysiology.pdf
FransiscaMetta
 
PPT
Rheumatology Member of Royal College of Physicians.ppt
Nida Us Sahr
 
PPTX
Hypertensive disorders in pregnancy.pptx
ssuser3854cd
 
ANESTHETIC CONSIDERATION IN ALCOHOLIC ASSOCIATED LIVER DISEASE.pptx
PoojaPandeya
 
thio and propofol mechanism and uses.pptx
sarinpjohn3419
 
Vaccines and immunization including cold chain , Open vial policy.pptx
Dr. Anu Marhatta
 
Opthalmology presentation MRCP preparation.ppt
Nida Us Sahr
 
NRP and care of Newborn.pptx- APPT presentation about neonatal resuscitation ...
GururajaRamaiah1
 
OSCE SERIES - Set 7 ( Questions & Answers ).pdf
Jim Jacob Roy
 
abgs and brain death dr js chinganga.pptx
docjulzchin
 
Impression Materials in dental materials.pptx
IshitaGupta531091
 
Vesico ureteric reflux.. Introduction and clinical management
Tariq Mir
 
Physiology of Thyroid Hormones.pptx
BikalpThapa1
 
PEADIATRICS NOTES.docx lecture notes for medical students
lenixjeff
 
Infections Member of Royal College of Physicians.ppt
Nida Us Sahr
 
Wheat allergies and Disease in gastroenterology
shauryagoyal87
 
Adverse drug reaction and classification
mauryajyoti449
 
CARDIOVASCULAR AND RENAL DRUGS.pptx for health study
sultankorme4
 
B C German Homoeopathy Medicineby Dr Brij Mohan Prasad
bcgermanhomoeo
 
NUCLEAR-MEDICINE-Copy.pptxbabaabahahahaahha
DanielCastilloMontes
 
The_EHRA_Book_of_Interventional Electrophysiology.pdf
FransiscaMetta
 
Rheumatology Member of Royal College of Physicians.ppt
Nida Us Sahr
 
Hypertensive disorders in pregnancy.pptx
ssuser3854cd
 

Health information secuirty session 5 best practise in information security

  • 1. Best practices of information security management Health Information Security Session 05:Best Practices of Information Security Management
  • 2. “Cyber security… It’s not just about technology”
  • 3. DEFENCE IN DEPTH • Concept in which multiple layers of security controls (defence) are placed throughout an information technology (IT) system. • Its intent is to provide redundancy in the event of a security control fails or a vulnerability is exploited. • Cover aspects of personnel, procedural, technical and physical for the duration of the system's life cycle.
  • 4. DEFENCE IN DEPTH CONTINU......
  • 5. DEFENCE IN DEPTH CONTINU......
  • 6. SECURITY CONTROLS 1. Physical control 2. Technical control 3. administrative control
  • 7. 1. PHYSICAL CONTROLS Implementation of security measures in a defined structure used to defend or prevent unauthorized access to sensitive material. e.g.: • Closed-circuit surveillance cameras • Motion or thermal alarm systems • Security guards • Picture Ids
  • 8. 2.TECHNICAL CONTROLS • Use of technology as a basis for controlling the access and usage of sensitive data throughout a physical structure and over a network. • e.g.: • Encryption • Access control lists (ACLs) • File integrity auditing software
  • 9. ADMINISTRATIVE CONTROLS • Administrative controls define the human factors of security. • It involves all levels of personnel within an organization and determines which users have access to what resources and information by such means as: • e.g.: • Information Security policy • Training and awareness • Disaster preparedness and recovery plans
  • 10. BEST PRACTISES - PROTECT YOUR NETWORK 1. Create Specific Access Controls • Minimum user privileges 2. Collect Detailed Logs • for security and troubleshooting purposes • backup logs 3. Maintain Security Patches • make sure your software and hardware security is up to date 4. Educate and Train Your Users • users will always be your weakest link
  • 11. BEST PRACTISES - PROTECT YOUR NETWORK CONTIN.. 5. Policies and Guidelines • Clear User Policies for New Employees and Vendors • Security policy and guidelines for staff 6. User Activity Monitoring 7. Data Breach Response Plan 8. Back up and Restore
  • 12. BEST PRACTICES -PROTECT OURSELF 1. Install anti-virus software and keep all computer software patched and updates. 2. Use a strong password • Password Vs Pass phrase 3. Log off public computers/Lock your computer 4. Keep personal information safe • Be wary of suspicious e-mails • Use secure Wi-Fi connections • properly delete any personal information before sell or dispose of your hardware
  • 13. 5. Limit social network information • you should be wary about how much personal information you post. 6. Download files only from trusted souses 7. Regular data Back up