healthcare information security secure sensitive communications within the uw medical school

Download Healthcare information security   secure sensitive communications within the uw medical school

Post on 16-Jan-2015




0 download

Embed Size (px)




  • 1. Using Digital Certificates to Secure SensitiveCommunications Within the UW Medical School Nicholas Davis DoIT Middleware March 1, 2010

2. Overview Old business processes vs. newbusiness processes Protecting your electronic identity Email security Digital certificates defined What digital certificates can do foryour department How digital certificates can helpyour increase security Questions Next Steps 3. Old vs. New Business Processes UW-Madison hashistorically relied uponmanual businessprocesses Transcripts, HR Data,Contracts, Research Data,Health Information,Financial and AccountingInformationall kept onpaper Physically secure Difficult to access,replicate and distribute 4. Old vs. New Business Processes As the amount of information wemanage has increased, we haveturned to electronic informationsystems to help us organize anddisseminate information in a moreefficient manner 5. Old vs. New Business Processes Today, we send officialdocuments as emailattachments We send email and documentsto group mail lists Access to information is muchgreater than it was in the daysof manual processes With new technologies thereare new threats 6. Protecting Your Personal Identity When you send a document, howdoes the receiver know it camefrom you? When you send an electronicdocument, wouldnt you want thesame assurance? 7. Email Security How secure is the email yousent this morning? What happens to an emailonce you click the sendbutton? Network, IntermediaryServers, Receiving EmailServer, End UsersWorkstations Laptops! 8. Digital Certificates Defined A digital certificate is NOT asoftware application A digital certificate is anelectronic passport, with specialadded features Proves your identity Allows you to protect yourinformation with encryption Functionality already built intoexisting applications on yourcomputer 9. What Digital Certificates Can Do For Your Department Provide proof of document oremail message authorship Proves that the document(Word, Excel, PDF,Powerpoint) came from you Proves that the document hasnot been altered from originalform 10. Example 11. Example 12. Encryption Protects your email from beingread and/or altered from themoment it leaves your computer Simple as click and send In order to receive encryptedemail, you must have a digitalcertificate In order for encryption to work bi-directionally, both users must havedigital certificates 13. Example 14. If The Encrypted Email Is Intercepted 15. Uses Signing documents (andemail) to prove authorship Encrypting sensitive emailsand attachments 16. Think About ThisCould cause harm in a critical situationCase Scenario Multiple hoax emails sent with Chancellors name and email. When real crisis arrives, people might not believe the warning.It is all about trust! 17. Case Scenarios To Be Avoided HR related email concerningNicholas Davis is interceptedby someone on the campusnetwork and sent tonewspaper Laptop containing spreadsheetwith SSNs of all UW faculty isstolen at Moscow airport. 18. The Technology Is Trustworthy X.509 is the industrystandard Used by manyFederal Governmentagencies andUniversities aroundthe world Used in all WesternEuropean passports Used by GE,Raytheon, J&J, P&G 19. The Technology Is Managed DoIT generates,distributes,supports andmanages the digitalcertificate program Our certificates areprovided byVerisign, the mostwidely trustedissuer of digitalcertificates We keep copiesjust in case 20. Questions, Comments Nicholas Davis (info) (support)


View more >