[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IT security specification and evaluation support for OMG healthcare DTF
yep...i had signed up to attend this meeting...as a pure observer :-)
- regards
- juggy
> -----Original Message-----
> From: owner-hrac-rfp@cs.fiu.edu [mailto:owner-hrac-rfp@cs.fiu.edu]On
> Behalf Of David Forslund
> Sent: Tuesday, November 03, 1998 9:40 AM
> To: Konstantin Beznosov
> Cc: mkratz@umich.edu; hrac-rfp@cs.fiu.edu
> Subject: Re: IT security specification and evaluation support for OMG
> healthcare DTF
>
>
> I'm planning on being at this meeting as is Juggy, I believe.
>
> Dave
> Konstantin Beznosov writes:
> > Mary,
> >
> > BHS is working on its CPR security architecture. HRAC is a
> part of the work.
> > Another part is the work with various healthcare standard
> groups in order to
> > make sure our architecture is aligned with the upcoming
> requirements and
> > standards in healthcare security. I'll be representing BHS at
> the meeting
> > mentioned below. If CORBAmed is looking for representation at
> the meeting too,
> > I'll be glad to serve as CORBAmed rep at the meeting.
> >
> > Please let me know.
> >
> > Konstantin
> >
> > > Dear Ms. Kratz,
> > >
> > > Regardless as to whether there may be an opportunity to
> schedule a NIAP
> > > presentation at the upcoming November OMG CORBAmed meetings
> in Burlingame
> > > CA (see attached copy of previous email request), I would
> like to bring to
> > > your attention an upcoming healthcare-related matter that
> hopefully is of
> > > significant interest to some members of the CORBAmed group
> and that would
> > > be covered as part of any NIAP presentation to CORBAmed. In
> particular, the
> > > HOST organization (Healthcare Open Systems and Trials) in
> Washington DC is
> > > looking to organize the many facets of the healthcare
> community in order to
> > > address the security needs of healthcare Information
> Technology (IT) in a
> > > consistent, comprehensive and common way that can benefit,
> and be re-used
> > > and refined as needed across, the entire healthcare community. As I
> > > understand it, HOST believes that what is key is
> > >
> > > - development of a common healthcare IT security
> > > architecture,
> > >
> > > - development and use of Common Criteria (CC)-based
> > > specifications of required healthcare IT security
> > > functionality as well as required levels of assurance
> > > that such functionality is implemented and behaving
> > > correctly, and
> > >
> > > - use of CC-based testing, evaluation and validation of
> > > security-enhanced IT products targeted for the
> > > healthcare industry.
> > >
> > > To these ends, HOST and NIAP are co-sponsoring a kick-off meeting on
> > > November 18 at the National Institute of Standards and
> Technology (NIST) to
> > > begin catalyzing a healthcare-community-wide effort.
> Representatives of
> > > many different healthcare-related organizations are expected
> to participate
> > > in this meeting. Of course, you and other CORBAmed leaders
> are welcome to
> > > attend. NIST is located in Gaithersburg, MD in the suburban
> Washington DC
> > > area.
> > >
> > > Some of the matters to be addressed at this meeting include:
> > >
> > > - developing a better community-wide understanding of the
> > > scope of healthcare security problems and concerns
> > > pertinent to IT solutions for healthcare business
> > > systems and healthcare medical systems,
> > >
> > > - developing a better understanding of what are the
> > > important healthcare domains that have security needs
> > > and how the security needs of domains that need to
> > > interact are related,
> > >
> > > - beginning to develop a community-wide understanding of
> > > the roles and benefits that CC-based specification,
> > > testing, evaluation and validation can provide in
> > > helping to solve healthcare IT security problems,
> > >
> > > - developing an understanding of why a healthcare-
> > > community-wide effort may be beneficial and perhaps
> > > necessary for providing cost-effective solutions to IT
> > > security problems,
> > >
> > > - examining the feasibility of starting a healthcare-
> > > community-wide Forum, convened and sponsored by HOST,
> > > that could be the focal point for defining community-
> > > wide common security architectures, defining the
> > > taxonomy of healthcare IT security problems, and
> > > leveraging CC-based technology and services to
> > > facilitate the specification, implementation,
> > > evaluation, validation, and acquisition of
> > > solutions to healthcare IT security problems,
> > >
> > > - identifying what organizations (e.g., specific vendors,
> > > consortia, healthcare organizations, government
> > > agencies, standards bodies, the public, etc.) are needed
> > > to be the key contributors and collaborators to maximize
> > > the success of such a Forum; and, beginning to develop
> > > an understanding of what roles each such organization
> > > can play,
> > >
> > > - relative to such a Forum, developing a community-wide
> > > consensus of what should be the Forum's mission, goals,
> > > activities, organizational structure, relationships to
> > > other healthcare organization, etc.,
> > >
> > > - identifying how to assemble and analyze information
> > > about variables may impact the Forum's efforts, such as
> > > (a) applicable and pending healthcare policies and
> > > recommendations, (b) classes of healthcare systems,
> > > environments and data to be safeguarded, (c) applicable
> > > and emerging standards, (d) healthcare community-wide
> > > and domain-specific threats and corresponding security
> > > objectives to counter threats, (e) existing pertinent
> > > laws and regulations, as well as the spirit and intent
> > > of pending legislation.
> > >
> > >
> > > It is my sense that some of the work of the OMG CORBAmed DTF can be
> > > essential components of the healthcare-community-wide
> efforts that HOST is
> > > looking to convene. I can send you details about the time
> and location of
> > > this meeting if you'd like.
> > >
> > > If you have any questions or comments, please don't hesitate
> to contact me
> > > electronically, or by phone at 978-922-6586. If possible, I
> look forward to
> > > presenting more information at the November, or some
> subsequent, CORBAmed
> > > meeting.
> > >
> > > Best regards,
> > > Paul J. Brusil, Ph.D
> > > NIAP Consulting Scientist
> >
> >
> >
> >
> > ----------------
> > Broadcast message to hrac-rfp from Konstantin Beznosov
> <beznosov@baptisthealth.net>.
> > Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail
> list archive.
> ----------------
> Broadcast message to hrac-rfp from David Forslund <dwf@acl.lanl.gov>.
> Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail
> list archive.
>
----------------
Broadcast message to hrac-rfp from "V. Juggy Jagannathan" <juggy@careflow.com>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.