-
7/29/2019 Chicago South Medical Powerpoint
1/14
Team CIA
-
7/29/2019 Chicago South Medical Powerpoint
2/14
-
7/29/2019 Chicago South Medical Powerpoint
3/14
-
7/29/2019 Chicago South Medical Powerpoint
4/14
-
7/29/2019 Chicago South Medical Powerpoint
5/14
-
7/29/2019 Chicago South Medical Powerpoint
6/14
Design & Implementation Phase Design Phase
Chicago South Medical (CSM) will be implementing a
new way to improve controls for; systems administrator
accounts
password strength
remote access to patient records
-
7/29/2019 Chicago South Medical Powerpoint
7/14
Design & Implementation Phase
ContinuedImplementation Phase
CSM will introduce new ways to develop access
improvements as well as email improvementsAccess
Improvements
CSM objective is to improve controls for privileged andsystem
administrator accounts and this will be done by
creating an Enterprise Information Security Policy(EISP)
-
7/29/2019 Chicago South Medical Powerpoint
8/14
DESIGN AND IMPLEMENTATIONImproving password strength
CSM will be creating the following System-Specific
Security Policy (SSSP):
All users and administrators must follow the standardbelow when
establishing or administering passwords.
-
7/29/2019 Chicago South Medical Powerpoint
9/14
Password Requirements Must be at least 8 characters long.
Password must always contain: One alphabetic character One number
One special character Password cannot contain 3 or more consecutive
characters from the
user ID. Password must not match any of the 4 previous
passwords. Password will expire 90 days after the last password
change.
Password cannot be changed for 0 days after the last password
change. Password must not be one of 4 previous passwords. Password
change reminder will be sent 30 days after the last password
change.
-
7/29/2019 Chicago South Medical Powerpoint
10/14
FRAMEWORK
Chicago South Medical Hospital will continue to use
the HITRUST Common Security Framework (CSF).This framework helps
the hospital create, store, accessor exchange electronic health
records and othersensitive information
-
7/29/2019 Chicago South Medical Powerpoint
11/14
SETAThe Encryption Plug-in
The Encryption Plug-in places an Encrypt Message button inthe
Outlook menu bar when you are composing a new message,
replying to, or forwarding another message. This buttonprovides
an easy way for you to mark a message to be encryptedbefore sending
the email to an external email account ([email protected] or
[email protected]).
Using the Encryption Plug-in You can send secure emails by
selecting the Encrypt Message
button as you are composing an email message. Before you senda
secure message, verify that the Encrypt Message button isselected,
as shown below:
mailto:[email protected]:[email protected]:[email protected]:[email protected]
-
7/29/2019 Chicago South Medical Powerpoint
12/14
SETA
-
7/29/2019 Chicago South Medical Powerpoint
13/14
WHAT EMAIL SHOULD BE
ENCRYPTED Any time you are sending sensitive or confidential
information outside of CSM, you should encrypt themessage to
protect it from unwanted disclosure.
Any email with the following kinds of information must besent
securely as this kind of information is regulated orotherwise
sensitive:
Personal identifiers
Financial information
Health information
Proprietary information about CSM plans, strategies
andoperations
-
7/29/2019 Chicago South Medical Powerpoint
14/14
What Email Should be Encrypted
