[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IT security specification and evaluation support for OMG healthcare DTF
I'm planning on being at this meeting as is Juggy, I believe.
Dave
Konstantin Beznosov writes:
> Mary,
>
> BHS is working on its CPR security architecture. HRAC is a part of the work.
> Another part is the work with various healthcare standard groups in order to
> make sure our architecture is aligned with the upcoming requirements and
> standards in healthcare security. I'll be representing BHS at the meeting
> mentioned below. If CORBAmed is looking for representation at the meeting too,
> I'll be glad to serve as CORBAmed rep at the meeting.
>
> Please let me know.
>
> Konstantin
>
> > Dear Ms. Kratz,
> >
> > Regardless as to whether there may be an opportunity to schedule a NIAP
> > presentation at the upcoming November OMG CORBAmed meetings in Burlingame
> > CA (see attached copy of previous email request), I would like to bring to
> > your attention an upcoming healthcare-related matter that hopefully is of
> > significant interest to some members of the CORBAmed group and that would
> > be covered as part of any NIAP presentation to CORBAmed. In particular, the
> > HOST organization (Healthcare Open Systems and Trials) in Washington DC is
> > looking to organize the many facets of the healthcare community in order to
> > address the security needs of healthcare Information Technology (IT) in a
> > consistent, comprehensive and common way that can benefit, and be re-used
> > and refined as needed across, the entire healthcare community. As I
> > understand it, HOST believes that what is key is
> >
> > - development of a common healthcare IT security
> > architecture,
> >
> > - development and use of Common Criteria (CC)-based
> > specifications of required healthcare IT security
> > functionality as well as required levels of assurance
> > that such functionality is implemented and behaving
> > correctly, and
> >
> > - use of CC-based testing, evaluation and validation of
> > security-enhanced IT products targeted for the
> > healthcare industry.
> >
> > To these ends, HOST and NIAP are co-sponsoring a kick-off meeting on
> > November 18 at the National Institute of Standards and Technology (NIST) to
> > begin catalyzing a healthcare-community-wide effort. Representatives of
> > many different healthcare-related organizations are expected to participate
> > in this meeting. Of course, you and other CORBAmed leaders are welcome to
> > attend. NIST is located in Gaithersburg, MD in the suburban Washington DC
> > area.
> >
> > Some of the matters to be addressed at this meeting include:
> >
> > - developing a better community-wide understanding of the
> > scope of healthcare security problems and concerns
> > pertinent to IT solutions for healthcare business
> > systems and healthcare medical systems,
> >
> > - developing a better understanding of what are the
> > important healthcare domains that have security needs
> > and how the security needs of domains that need to
> > interact are related,
> >
> > - beginning to develop a community-wide understanding of
> > the roles and benefits that CC-based specification,
> > testing, evaluation and validation can provide in
> > helping to solve healthcare IT security problems,
> >
> > - developing an understanding of why a healthcare-
> > community-wide effort may be beneficial and perhaps
> > necessary for providing cost-effective solutions to IT
> > security problems,
> >
> > - examining the feasibility of starting a healthcare-
> > community-wide Forum, convened and sponsored by HOST,
> > that could be the focal point for defining community-
> > wide common security architectures, defining the
> > taxonomy of healthcare IT security problems, and
> > leveraging CC-based technology and services to
> > facilitate the specification, implementation,
> > evaluation, validation, and acquisition of
> > solutions to healthcare IT security problems,
> >
> > - identifying what organizations (e.g., specific vendors,
> > consortia, healthcare organizations, government
> > agencies, standards bodies, the public, etc.) are needed
> > to be the key contributors and collaborators to maximize
> > the success of such a Forum; and, beginning to develop
> > an understanding of what roles each such organization
> > can play,
> >
> > - relative to such a Forum, developing a community-wide
> > consensus of what should be the Forum's mission, goals,
> > activities, organizational structure, relationships to
> > other healthcare organization, etc.,
> >
> > - identifying how to assemble and analyze information
> > about variables may impact the Forum's efforts, such as
> > (a) applicable and pending healthcare policies and
> > recommendations, (b) classes of healthcare systems,
> > environments and data to be safeguarded, (c) applicable
> > and emerging standards, (d) healthcare community-wide
> > and domain-specific threats and corresponding security
> > objectives to counter threats, (e) existing pertinent
> > laws and regulations, as well as the spirit and intent
> > of pending legislation.
> >
> >
> > It is my sense that some of the work of the OMG CORBAmed DTF can be
> > essential components of the healthcare-community-wide efforts that HOST is
> > looking to convene. I can send you details about the time and location of
> > this meeting if you'd like.
> >
> > If you have any questions or comments, please don't hesitate to contact me
> > electronically, or by phone at 978-922-6586. If possible, I look forward to
> > presenting more information at the November, or some subsequent, CORBAmed
> > meeting.
> >
> > Best regards,
> > Paul J. Brusil, Ph.D
> > NIAP Consulting Scientist
>
>
>
>
> ----------------
> Broadcast message to hrac-rfp from Konstantin Beznosov <beznosov@baptisthealth.net>.
> Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.
----------------
Broadcast message to hrac-rfp from David Forslund <dwf@acl.lanl.gov>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.