News About SecurityArchitecture.com

Gantz to speak at SALT New Learning Technologies 2012

Stephen Gantz will deliver a presentation entitled, "Leveraging Virtualization to Facilitate Online Delivery of Technical Courses" at the upcoming New Learning Technologies conference in Orlando, Florida, sponsored by the Society for Applied Learning Technology (SALT). This presentation highlights the use of virtual machine technology to facilitate delivery of online courses involving the hands-on use of security tools such as Snort, an approach Gantz adopted to improve the learning experience of students in information assurance courses. Aside from explaining the rationale behind implementing virtualization technology in this context, the presentation will include a demonstration of a virtual machine-based instance of Ubuntu Linux with course-specific security tools and supporting programs preinstalled and configured.

Gantz joins AboutHIPAA.com HIPAA HITECH Blue Ribbon Pannel

AboutHIPAA.com, a site sponsored by Clearwater Compliance dedicated to providing information and education on compliance requirements associated with the HIPAA Privacy Rule, HIPAA Security Rule, HITECH Act, and other health information technology regulations, has launced a series of online panel discussions about relevant news updates and evolving ramifications to covered entities, business associates, and their subcontractors striving to comply with the various, and sometimes nebulous, requirements. Stephen Gantz joins a group of experts with backgrounds in law, government, IT, privacy, security, and healthcare for live discussions and Q&A sessions on current events about the changing HIPAA regulatory landscape.

Gantz joins TechTarget Health IT Exchange Community as Guest Blogger

After a series of blog entries and frequent Twitter posts on various security, privacy, and trust aspects of health information technology in general and health information exchange in particular, SecurityArchitecture.com founder Stephen Gantz was invited to join TechTarget's Health IT Exchange Community and has begun posting articles to the a Health IT Security and Privacy blog hosted by SearchHealthIT, posting under the username "SteveGonHIT".

Gantz Publishes Articles on Security and Privacy Aspects of "Meaningful Use"

When the HHS Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS) published the rules under which health care providers and professionals can qualify for financial incentives to fund adoption of EHR technology by demonstrating "meaningful" use of the technology, they included just one security measure (and a set of security standards and functional criteria EHR systems must support) and nothing on health data privacy. Articles on security and privacy implications of meaningful use were published in the April 2010 issue of the Computer Security Institute's Alert (an issue focused on health IT security) and in the May 2010 issue of the Privacy Advisor and Privacy Tracker, both publications of the International Association of Privacy Professionals. The article was also accepted for publication by the peer-reviewed ISACA Journal. Now available for download is a somewhat expanded version of these articles, including recommendations to health care organizations seeking to qualify for incentive funding under meaningful use.

Gantz Contributes to CSI Alert issue on Claims-Based Identity

The September 2009 issue of the Computer Security Institute's Alert, which focuses on claims-based identity management, includes an article written by Stephen Gantz on identification and authentication challenges related to health information exchange, and some ways in which claims-based approaches could be applied to those challenges. You can read a slightly expanded version the article here on SecurityArchitecture.com.

Stephen Gantz Presents at IDEAlliance XML-in-Practice Conference

Stephen Gantz presented on "Security and Privacy Provisions for Health Information Exchange" on September 30, 2009, at the XML-in-Practice conference in Arlington, VA. His presentation was part of a special conference track devoted to electronic medial records, in a session that highlighted the ways in which security and privacy technical standards such as WS-Security, SAML, XACML, and WS-Trust are being leveraged to enable broader scale information sharing among public and private sector organizations. The presentation slides for the session are available on the Events page.

New Article on Privacy and Electronic Health Records Published

The March 2009 issue of the Privacy Advisor, the monthly newsletter of the International Association of Privacy Professionals (IAPP), features an article written by Stephen Gantz on privacy considerations and the important of establishing a basis of trust among organizations that intend to exchange electronic health records and other sensitive personal information. The newsletter is distributed in hard copy to IAPP members and made available electronically to members as well; you can read a reprint of the article here on SecurityArchitecture.com.

SecurityArchitecture.com Principal Architect Stephen Gantz achieves CIPP/G certification

The International Association of Privacy Professionals (IAPP) has confirmed that Stephen Gantz successfully passed the examination for the Certified Information Privacy Professional/Government (CIPP/G) at the December testing session in Washington, D.C. As described by IAPP, the CIPP/G addresses U.S. government privacy laws, regulations and policies, and also covers U.S. government recommended and standard practices for privacy program development and management, privacy compliance and auditing, records management and agency reporting obligations for privacy.

Washington, D.C. — December 15, 2008 — Stephen Gantz co-presents on Security and Privacy considerations in the Nationwide Health Information Network at the 5^th NHIN Forum.

Stephen Gantz, Principal Architect for SecurityArchitecture.com and a participant on a Privacy and Security Sub-Workgroup of the NHIN Cooperative Technical and Security Core Services Work Group, gave a presentation along with Sub-Workgroup Chair Erik Rolf of Deliberaré summarizing the activities to date and initial analytical focus of the Sub-Workgroup. The hour-long session closed the first day of the two-day 5^th NHIN Forum, held this year at the Grand Hyatt in Washington, D.C. on December 15-16. The focus of the NHIN Forum this year was demonstration of trial implementations of health information exchanges using the core services implementation specifications endorsed by the NHIN Cooperative Technical and Security Core Services Work Group. These trial implementations represent a key step in the move toward limited production implementation of NHIN services planned for 2009. The success of these service implementation efforts – and more broadly of the NHIN – rests in significant part on the ability of the health information exchange participants and NHIN governance bodies to resolve security and privacy challenges related to protecting the confidentiality and integrity of personal data. A link to the presentation slides appears on the Events page.

National Harbor, Maryland — November 18, 2008 — Government Summit session at CSI2008: Security Reconsidered features Stephen Gantz as panelist.

Stephen Gantz, Principal Architect for SecurityArchitecture.com, participated as a panelist in a special two-hour Government Summit during the Computer Security Institute's annual conference and exposition. The event, this year dubbed "Security Reconsidered" and held from November 15-21 at the Gaylord National Resort near Washington, D.C., placed a great emphasis on panel discussions and multi-speaker collaborative sessions in order to give attendees the benefit of a broad range of backgrounds, expertise, and perspectives on topics of interest. Mr. Gantz shared the dais with moderators Jason Kobes and Lynn Hornung-Kobes of Northrop Grumman Information Technology, Bob Batie of Raytheon, Tim Matthews of PGP Corporation, and Lynn McNulty of (ISC)². The Government Summit focused first on challenges to government agency security, and then addressed challenges for the future, including a discussion on several current government-wide initiatives with key implications for security operations and compliance. Mr. Gantz spoke last among the panelists, adapting his accepted abstract, "Redefining Governance to Improve Security" to highlight ways in which information security managers can shift their focus away from security compliance to provide real leadership through governance, effective policy creation and enforcement, and standardization of risk management practices and risk tolerances. A link to the slides presented at the Government Summit appears on the Events page.