Speakers

23 April 2017

AGENDA BREAKOUT SESSIONS – Sunday 23 April 2017

8:00 am - 9:00 am

Registration for Sunday & Monday 23rd& 24th of April 2017

ISO & SYSUSA
Breakout Session #1

9:00 am - 4:00 pm




 

INTERNATIONAL ORGANIZATION FOR STANDARIZATION (ISO)
ISO 27799: 2016
HEALTH INFORMATICS
INFORMATION SECURITY MANAGEMENT IN HEALTH USING ISO/IEC 27002

Mr. Muneer A. Baig
(Moderator),
Speaker & Trainer,
Founder & CEO,
SYSUSA Inc.
USA
 
Mr. Muhammad Shazlee,
Chief Technology Officer,
SYSUSA,
USA
Course & Certification: ISO 27799: 2016 Foundation
Health informatics - Information security management in health using ISO/IEC 27002
Certification: ISO 27799:2016 Foundation
Course Duration: 2 Days (Sunday, April 23rd& Monday, April 24th
(includes ISO 27799:2016 Foundation certification exam)
Course Fees: SAR 3,975.00
Course Description: Guidelines to support the interpretation and implementation of ISO/IEC 27002 in health informatics.

Healthcarecarries relatively high risks, especially in areas such as laboratories, emergency departments and operating theatres. This is especially true in environments with resource constraints, such as those found in many health organizations.

The interconnection of health information systems makes risk management in healthcare especially challenging. Effective risk management must ensure the alignment of responsibility for information security with the authority to make risk management decisions.

ISO 27799:2016 offers guidance on information security management and information security controls in the context of the healthcare industry and medical organizations of various kinds - hospitals, labs, surgeries, medical insurers etc.

Whatever form the information takes (words and numbers, sound recordings, drawings, video and medical images), whatever means are used to store it (printing or writing on paper or electronic storage) and whatever means are used to transmit it (by hand, via fax, over computer networks or by post), as the information must always be appropriately protected. Health informatics systems must meet the unique demands to remain operationalin the face of natural disasters, system failures and denial-of-service attacks.

ISO 27799:2016 specifies a set of detailed controls for managing health information security and provides health information security best practice guidelines. By implementing this International Standard, healthcare organizations and other custodians of health information will be able to ensure a minimum requisite level of security that is appropriate to their organization's circumstances and that will maintain the confidentiality, integrity and availability of personal health information.

ISO 27799:2016 and ISO/IEC 27002 taken together define the requirements of information security in healthcare. ISO 27799:2016 is technology-neutral and therefore does not define how these requirements are to be met. This technological neutrality leaves vendors and service providers free to suggest new or developing technologies that meet the necessary requirements that ISO 27799:2016 describes.

There are many Cyber threats facing industries across the globe with the expansion of internet and integration of personal devices, household appliances, transportation vehicles and more, the threat landscape is increasing daily. Internet of Things (IoT) creates a new cyber frontier with potential that is still beyond our imagination.Gartner forecasts that IoT installed base will grow to 26 billion by 2020.It will be the largest network of physical devices containing embedded technology, connected with internet to interact with internal and external environments. These devices create opportunities for malicious users to target a larger audience and cause significant impact to business operations and/or individuals.

Course Outline:

Day 1: Introduction to Information Security and ISO 27799
Section 01: Course Objective and Structure
Section 02: Standard and Regulatory Framework
Section 03: Fundamental Principles of Information Security based on ISO 27799
Section 04: Scope
Section 05: Information Security Policies
Section 06: Threat and Risk Assessment to Health Information
Section 07: Statement of Applicability