Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Comp4 Unit8a Lecture Slides

    Hochgeladen von

    Health IT Workforce Curriculum - 2012
    4 Ansichten22 Seiten
    The Health IT Workforce Curriculum was developed for U.S. community colleges to enhance workforce training programmes in health information technology. The curriculum consist of 20 courses of 3 credits each. Each course includes instructor manuals, learning objectives, syllabi, video lectures with accompanying transcripts and slides, exercises, and assessments. The materials were authored by Columbia University, Duke University, Johns Hopkins University, Oregon Health & Science University, and University of Alabama at Birmingham. The project was funded by the U.S. Office of the National Coordinator for Health Information Technology. All of the course materials are available under a Creative Commons Attribution Noncommercial ShareAlike (CC BY NC SA) License. The course description, learning objectives, author information, and other details may be found at http://archive.org/details/HealthITWorkforce-Comp04Unit08. The full collection may be browsed at http://knowledge.amia.org/onc-ntdc or at http://www.merlot.org/merlot/viewPortfolio.htm?id=842513.

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PPT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    The Health IT Workforce Curriculum was developed for U.S. community colleges to enhance workforce training programmes in health information technology. The curriculum consist of 20 courses of 3 credits each. Each course includes instructor manuals, learning objectives, syllabi, video lectures with accompanying transcripts and slides, exercises, and assessments. The materials were authored by Columbia University, Duke University, Johns Hopkins University, Oregon Health & Science University, and University of Alabama at Birmingham. The project was funded by the U.S. Office of the National Coordinator for Health Information Technology. All of the course materials are available under a Creative Commons Attribution Noncommercial ShareAlike (CC BY NC SA) License. The course description, learning objectives, author information, and other details may be found at http://archive.org/details/HealthITWorkforce-Comp04Unit08. The full collection may be browsed at http://knowledge.amia.org/onc-ntdc or at http://www.merlot.org/merlot/viewPortfolio.htm?id=842513.

    Copyright:

    © All Rights Reserved
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    4 Ansichten22 Seiten

    Comp4 Unit8a Lecture Slides

    Hochgeladen von

    Health IT Workforce Curriculum - 2012
    The Health IT Workforce Curriculum was developed for U.S. community colleges to enhance workforce training programmes in health information technology. The curriculum consist of 20 courses of 3 credits each. Each course includes instructor manuals, learning objectives, syllabi, video lectures with accompanying transcripts and slides, exercises, and assessments. The materials were authored by Columbia University, Duke University, Johns Hopkins University, Oregon Health & Science University, and University of Alabama at Birmingham. The project was funded by the U.S. Office of the National Coordinator for Health Information Technology. All of the course materials are available under a Creative Commons Attribution Noncommercial ShareAlike (CC BY NC SA) License. The course description, learning objectives, author information, and other details may be found at http://archive.org/details/HealthITWorkforce-Comp04Unit08. The full collection may be browsed at http://knowledge.amia.org/onc-ntdc or at http://www.merlot.org/merlot/viewPortfolio.htm?id=842513.

    Copyright:

    © All Rights Reserved
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 22

    Introduction to Information and

    Computer Science
    Security
    Lecture a
    This material (Comp4_Unit8a) was developed by Oregon Health and Science University, funded by the Department of Health
    and Human Services, Office of the National Coordinator for Health Information Technology under Award Number
    IU24OC000015.
    Security
    Learning Objectives
    List and describe common security concerns (Lecture a)
    Describe safeguards against common security concerns
    (Lecture b)
    Describe security concerns for wireless networks and
    how to address them (Lecture b and c)
    List security concerns/regulations for health care
    applications (Lecture c)
    Describe security safeguards used for health care
    applications (Lecture c)
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 2
    Introduction to Information and Computer Science
    Security
    Lecture a
    Concerns About Security
    Loss, stolen, or compromised data
    Identity theft and impersonation
    Downtime for businesses
    Loss of revenue
    Blackmail
    Threat to disclose medical information
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 3
    Introduction to Information and Computer Science
    Security
    Lecture a
    Common Threats to Security
    Wikipedia:
    Malware. . . (malicious software) is . . . designed to infiltrate a
    computer system without the owner's informed consent. (Wikipedia,
    2007)
    Types of malware include:
    Trojans
    Viruses
    Hoaxes
    Worms
    Phishing
    Macro viruses
    Hackers
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 4
    Introduction to Information and Computer Science
    Security
    Lecture a
    Trojan Horse
    Trojan horsemalware program that usually
    impersonates a known good file installed on
    system by replacing (deleting) \good file
    Name comes from Greek Trojan Horse myth
    The Trojan then does its dirty work on certain date,
    through user action or on command
    Trojans can destroy or copy data, install adware, or
    install browser toolbar
    Trojans can record keystrokes and send this to
    attacker and scan computer ports
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 5
    Introduction to Information and Computer Science
    Security
    Lecture a
    Viruses
    A virus is a computer program that can harm a
    computer and make it inoperable. Some viruses
    are only an annoyance.
    Viruses usually do not replicate (make copies of)
    themselves on other computers
    Removing a virus usually cleans computer
    Sending a virus via email may replicate virus
    In 2008, Fun.exe virus spread itself via email
    throughout the world and was very difficult to remove
    as it made many copies of itself on an infected
    computer
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 6
    Introduction to Information and Computer Science
    Security
    Lecture a
    Macro Viruses
    Macro viruses usually infect Microsoft Office files
    and install themselves when users click files.
    A macro is a small program, usually written in VBA
    (Visual Basic for Applications)
    Macro viruses spread when users click files in which
    the macro virus resides
    Macro viruses may also delete files, etc. on infected
    system
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 7
    Introduction to Information and Computer Science
    Security
    Lecture a
    Personal Information Attacks
    Phishing
    Attempt to trick user into revealing personal
    information to attacker so they can impersonate user
    Pronounced like fishing; attacker is fishing for
    information about user
    User may receive email that appears to be from
    financial institution, eBay, or Amazon, asking for login
    to verify transaction.
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 8
    Introduction to Information and Computer Science
    Security
    Lecture a
    Personal Information Attacks
    (continued)
    Clicking link in email brings user to Web site that
    looks like real Web site
    No reputable organization will ever ask for this
    Report attack to organization so they are aware and
    can act
    Most email software includes ability to monitor for
    phishing and move suspected email to non-functional
    (junk email) folder
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 9
    Introduction to Information and Computer Science
    Security
    Lecture a
    Worms
    A worm is a program that works to create lots of
    network traffic
    Some worms are not malware as they crawl network
    searching for reporting information
    Most worms replicate themselves, making network
    unusable
    ILOVEYOU worm successfully attacked millions of
    computers (users who clicked attachment) in May
    2000
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 10
    Introduction to Information and Computer Science
    Security
    Lecture a
    False Information
    Hoaxes
    Hoaxes usually a harmless attempt to convince user of
    something that is not true
    Usually come in form of an email
    Some hoaxes invite user to send money to someone in another
    part of world or ask for contributions to find missing children
    Use search engine to determine whether emails message is true
    by entering email subject line in search engine
    Result will usually indicate whether email is hoax
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 11
    Introduction to Information and Computer Science
    Security
    Lecture a
    False Information (continued)
    Uncloak hoax
    Use trusted Internet sites to detect hoaxes
    Snopes.com - http://www.snopes.com/
    Urban Legends Online -
    http://urbanlegendsonline.com/
    Never forward email chains without verifying
    their source
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 12
    Introduction to Information and Computer Science
    Security
    Lecture a
    How do Hackers Operate?
    Packet sniffers can read Internet traffic
    Wiresharkfree protocol analyzer software tool that can
    display unencrypted network traffic on monitor screen.
    www.wireshark.org
    Install malware
    AdwareContinuous ads on screen
    SpywareReports on sites visited
    Guess at user names and passwords
    Dont use easy-to-guess passwords
    Do change default usernames and passwords (wireless
    routers)
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 13
    Introduction to Information and Computer Science
    Security
    Lecture a
    What is Network Security?
    According to Wikipedia:
    In the field of networking, the specialist area of network security
    consists of the provisions and policies adopted by the network
    administrator to prevent and monitor unauthorized access,
    misuse, modification, or denial of the computer network and
    network-accessible resources.
    In plain English:
    Network security is about rules set up for use of equipment,
    software, and data and how to follow these rules
    Use of assets revolves around authentication, authorization, and
    providing permissions to network assets.
    If user cant prove identity, he or she cant gain access to network,
    equipment, or data.
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 14
    Introduction to Information and Computer Science
    Security
    Lecture a
    Authentication
    User provides valid username and password
    Referred to as credential
    Computer authenticates credentials against user account
    and password database
    If user logs in successfully, user is authenticated!
    If credentials entered match what is in database, user is
    authenticated
    Servers authenticate users using special type of database
    known as directory
    Directory stores information about all users, user groups,
    computers, printers, and so on
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 15
    Introduction to Information and Computer Science
    Security
    Lecture a
    Authorization
    Next, authenticated users are authorized
    Authorization means that computer indicates
    precisely what user can do:
    Print files using specified printers
    Access specified network drives
    View and/or change documents in folders
    Use company email
    Actions are usually recorded for audit
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 16
    Introduction to Information and Computer Science
    Security
    Lecture a
    Permissions (Windows)
    Authorized objects are associated with permissions
    Part of authorizing object is determining permissions
    Permissions determine what object can or cannot do
    on computer or network
    Two types of permissions typically used:
    Sharing: Allows one object to connect to or use
    another object over network
    NTFS: Determines what one object can or cannot do
    to another object
    Permissions are a complex topic
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 17
    Introduction to Information and Computer Science
    Security
    Lecture a
    Permissions (Windows)
    Sharing and NTFS permissions work together
    User creates folder on his computer so his sister can
    copy pictures he took
    Next, he shares folder and sets his permissions to
    read
    Lastly, he sets NTFS permissions to read so that she
    can view and copy pictures
    Without this configuration, his sister will not be able to
    view or copy files from his computer
    Non-Windows OS protect devices and files similarly
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 18
    Introduction to Information and Computer Science
    Security
    Lecture a
    Permissions Example
    Right-click folder and
    select Properties
    from menu
    Pictures folder is
    shared
    Click Advanced
    Sharing to configure
    sharing permissions
    for this folder

    (2011, PD-US)
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 19
    Introduction to Information and Computer Science
    Security
    Lecture a
    Permissions Example (continued)
    Click Security tab to configure
    NTFS permissions
    Group or user names are listed in
    ACL
    Administrators have Full Control
    over this folder and its contents
    This means that a user who is a
    member of the Windows
    Administrators group can do
    anything to this folder and its
    contents
    Anything means view, add new
    files, delete existing files, change
    existing files, create new sub-
    folders, etc

    (2011, PD-US)
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 20
    Introduction to Information and Computer Science
    Security
    Lecture a
    Security
    Summary Lecture a
    List and describe common security concerns
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 21
    Introduction to Information and Computer Science
    Security
    Lecture a
    Security
    References Lecture a
    References
    Wikipedia. Malware. [Internet]. 2011 Jun [cited 2011 Nov 07]. Available from: http://en.wikipedia.org/wiki/Malware.
    Images
    Slide 19: Screenshot of a shared folder's properties window. Image source: the creator of this presentation. (2011,
    PD-US)
    Slide 20: Screen shot of the folder named Picture properties dialog box. Image source: the creator of this
    presentation. (2011, PD-US)
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012 22
    Introduction to Information and Computer Science
    Security
    Lecture a

    Das könnte Ihnen auch gefallen