Securing the Health IT Ecosystem
(laying track when the train is coming)
Dr. Deborah Lafky
Department Of Health and Human Services

CLICK HERE FOR POWERPOINT PRESENTATIONS AND AUDIO PODCASTS 

Abstract
An overview of the challenges faced in the rapid build-out of health IT as HHS works to meet the objectives of ARRA/HITECH to provide all Americans with access to an electronic health record by 2014. With only about 20% of records available electronically now, a dramatic expansion of capability is underway.
Enabling this expansion to be done securely and protecting patient privacy is essential to building public trust in the HIT enterprise. My talk will explain our strategy and some of the steps we are taking. Input from the audience in the form of suggestions, ideas, and lessons learned in other sectors is encouraged.

About the Speaker
Deborah Lafky, MSIS, Ph.D., CISSP is the program officer for security and cybersecurity in the Office of the National Coordinator for Health IT (ONC) at HHS. The HITECH Act, a part of the Recovery Act, set out $2 billion for the purpose of nationwide adoption of electronic health records and ONC is the lead office for that effort. Dr. Lafky has been with ONC since 2007, leading security efforts first for the Nationwide Health Information Network and now over-seeing security efforts within all ONC programs.
Previously, Dr. Lafky was a researcher working with healthcare data protection at the University of California (Irvine) and at Claremont Graduate University. She earned her doctorate in Management Information Systems at Claremont, a Masters in Information Science at the University of Pittsburgh, and a Bachelor of Science from Carnegie-Mellon University.

June 15, 2010 6:30 PM
@

9500 Arena Dr.
Suite 300
Largo MD, 20774
Click here for details

Please RSVP if you plan to attend.   

Abstract:
As clearly demonstrated by China's theft of Google's Gaia single-sign-on framework, and ongoing information operations against USG agencies, many of today's network-based advanced threats from state-sponsored attackers and organized criminal groups are evading current prevention and detection techniques.  This session focuses on the true nature and sources of today's most difficult security threats to governments and major corporations, and describes the solutions required to detect and mitigate these invisible threats. 

The speaker will illustrate actual technical case studies to describe an effective operational plan of action consisting of the use of real-time situational awareness, automated network forensics, and interactive advanced threat analysis.  The session will demonstrate techniques that will enable your staff to use next generation network intrusion monitoring techniques to inspect network and application layer traffic, detect designer malware and zero-day attacks, and improve overall tactical network intelligence and situational awareness, including problems such as data leakage and exfiltration of sensitive organizational data.

Attendees will learn:

• The technical reasons that advanced persistent threats are evading current security technologies such as IDS, anti-virus, log monitoring and flow-based technologies.
• The true nature and sources of threats facing public and commercial organizations and the gaps in current network visibility.
• Advanced techniques for next generation network monitoring, continuous controls review, and real-time network surveillance using full packet capture and session reconstruction, and the situational awareness improvements provided by this approach.
• Specific examples of adversary exploits (demonstrations) similar to trends observed within organized crime groups and nation-sponsored attacks.

About the Speaker
As Chief Security Officer for NetWitness, Eddie Schwartz is responsible for the alignment of the NetWitness product strategy with the evolving operational threat management needs of government and commercial organizations. Prior to joining NetWitness, Mr. Schwartz served as CTO of ManTech Security Technologies Corp, Senior Vice President of Operations of Guardent Inc, (acquired by Verisign), and EVP of Operations for Predictive Systems (acquired by INS). Mr. Schwartz also worked as Chief Information Security Officer at Nationwide Insurance, as a Senior Computer Scientist for CSC, and a Foreign Service Officer with the U.S. Department of State.

May 18, 2010 6:30 PM
@

International Spy Museum
Garbo Room
800 F St. NW
Washington, DC 20004
Click here for details

Please RSVP if you plan to attend.   

May 19, 2009

May Meeting Topic: PCI-DSS Compliance
Presenter: Ulf Mattsson

Abstract
The session will review the different options for data protection strategies for PCI DSS and other regulations. We will present case studies on data protection in an enterprise environment. We will position different solutions that can protect the enterprise data against advanced attacks from internal and external sources. We will show how to provide a balanced mix of different approaches to protect sensitive information like credit cards across different systems in the enterprise, including tokenization, encryption and hashing. We will show how to balance performance and security, in real-world scenarios, and recommend when to use encryption at the database level, application level and file level. This session will also present methods to protect the entire data flow across systems in an enterprise while minimizing the need for cryptographic services.

This interactive, educational presentation will:

1. Review of case studies on enterprise data protection;
2. How to prevent internal and external threats;
3. Review solutions for enterprise data encryption and key management;
4. How to prevent data misuse and advanced attacks on data;
5. How to protect the entire enterprise data flow;
6. How to develop a database encryptionstrategy balancing security, performance and other aspects;
7. Review and position different solution alternatives;
8. Discuss how to balance security, performance and other aspects.

About Ulf T. Mattsson
Ulf T. Mattsson, chief Technology Officer, Protegrity Corporation, created the initial architecture of Protegrity’s database security technology, for which the company owns several key patents. His extensive IT and security industry experience includes 20 years with IBM as a manager of software development and a consulting resource to IBM’s Research and Development organization. He specializes in the areas of IT Architecture and IT Security. Ulf is the inventor of a number of European patents and US Patents, Data Usage Control, Dynamic Access Control, Intrusion Prevention and Cross System Layer Security. He holds a master’s degree in Physics, a degree in finance and a degree in electrical engineering.

May 19, 2009 6:30 PM

740 15th Street NW
4th floor
Washington, DC 20005

Click here for details.

Please email your RSVP if you plan to attend.