Transcript Diapositiva 1

Risk and Security
Management in Healthcare
Dr. Todsanai Chumwatana
Assistant Dean
Faculty of Information Technology
Rangsit University
Computer Security Risks
• A computer security risk is any event or action that could cause a
loss of or damage to computer hardware, software, data,
information, or processing capability
• A cybercrime is an online or Internet-based illegal act
Hackers
Crackers
Unethical
Employees
Script Kiddies
Cyberextortionists
Corporate Spies
Cyberterrorists
Cyber War Era
http://map.ipviking.com/
Attack Statistic
สถิติภยั คุกคาม
Thailand is number 2
2 biggest attacked targets
Military
Financial
Risk in Healthcare
• Lax security is also good business:
– Change patient’s information and get wrong
treatment
– Private information for marketing
– Selling anti-virus & security products
Data Center Infrastructure
Risk and Security management in
Healthcare:
Technical and Human resource.
• Most attention is focused on technical issues:
– Malware and anti-viruses
• Default allow vs. default deny
– Access Controls, Authentication, Encryption & Quantum Computing
– Supply chain issues
– Cyberspace as a globally connected “domain”
• Non-technical issues are at the heart of the cybersecurity mess
(Human resource)
–
–
–
–
–
HR
Training and providing knowledge
Standard and policy
Cyber security law
Education & career paths
Human Resource
Cybersecurity is an “insider problem.”
Inability to attract and retain the best workers.
• bad actors
• good people with bad instructions
• good people without awareness
• If we can stop insiders, we can secure cyberspace….
• But we can’t stop insiders.
Training and Providing Knowledge
Prashaya Fusiripong
[email protected]
Sexy Tattoo, Sexy Women, Justin Bieber
Click!!!
http://bit.ly
http://j.mp
• Pharming is a scam where
a perpetrator attempts to
obtain your personal and
financial information via
spoofing
• Phishing is a scam in
which a perpetrator
sends an official looking
e-mail message that
attempts to obtain your
personal and financial
information
Verify Virus
https://www.virustotal.com/
Cyber drill
Policy, Standard and Law
• Policy
o Health Informatics
o Patient’s information privacy
o Control the use of computer
• ISO27000
o Cyber security and Information privacy
o Information security management system
o Recovery
•
Cyber security law
o Data privacy
Education & career paths
Cyber Security
Education is not supplying enough security
engineers and cyber security human resource
• Students are not pursuing CS
• Those going into CS are not pursuing security
• Many of those studying CS are not staying in the
country
Students are not taking AP computer
science!
Calculus
Biology
CS
20
Cyber Security Academy
ขอบคุณครับ
Q&A