Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Size: px
Start display at page:

Download "Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results"

Transcription

1 Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec Bob Chaput, CISSP, HCISPP, CRISC, CIPP/US CEO, Clearwater Compliance February 2017

2 Today s Agenda! In a nutshell...! Research Design & Methodology! Study Results IT Security at Healthcare Organizations IT Security Structure IT Security Drivers & Perspectives! Key Takeaways 2 2

3 In a nutshell...! 2/3s of participating organizations have CISO roles, which most often report to CIO! Increases seen in the average number of workers inside and outside IT dedicated to IT security! Majority of organizations still dedicate 6% or less of IT budget to IT security! Budget and staffing are the biggest barriers to higher levels of confidence in security programs! HIPAA compliance, risk assessments and audits are the main drivers for IT security investments! There is high confidence in preparedness for cyber-attacks but not necessarily belief that there are the resources to protect organizations 3

4 Research Design & Methodology 4 4

5 Research Purpose and Design To understand the perspectives of healthcare administrators regarding HIT security strategies Continuing research through a two-phase approach of blinded web-based quantitative study & qualitative in-depth interviews with key decision makers To produce industry education content for distribution and webinar program 5 5

6 Research Methodology Quantitative! Targeted: Executives, C-Suite, business and IT leaders, clinical leadership Contacts via:! Recruitment: Web survey link ed and open between October 26 and December 2, Respondents Qualitative! In-depth interviews: follow-up and additional insight into topic areas! Participants: gathered from quantitative survey respondents and via client suggestions! Interviews conducted: between November 8 and December 21, Participants 6 6

7 Perspective of healthcare IT, clinical, security and business leaders Of the 100 quantitative study respondents: 47% 21% 20% 12% IT Leadership! CIO! IT Director! VP of IT! CTO Clinical Leadership! CMIO! CMO! CNIO! Quality/! Risk Mgmt Director Security/ Privacy Leadership! CISO! IT Security Officer Business Leadership! CFO! CCO Nearly half C-Suite 7 7

8 Large hospitals and healthcare systems represented Which of the following describes the number of beds in your organization? beds 3% beds 25% beds 25% >500 beds 47% 0% 10% 20% 30% 40% 50% N =

9 Perspective of IT, security, business and clinical leaders Of the 10 qualitative in-depth interviews: Clinical Leaders! CMIO! SVP & Chief Quality Officer! Associate CMO IT Leaders! VP & CIO! CIO & AVP HIT Business Leaders! CFO! Senior VP of Operations Security Leaders! IS Officer! VP, CISO 7.4 Hospitals Average # of Hospitals in Healthcare Systems (N = 7) 3 Academic Medical Centers 9

10 Study Results 10 10

11 IT Security at Healthcare Organizations 11 11

12 Over 1/2 of responding organizations were subject to an external cyber-attack in the last 12 months Has your organization been subject to an external cyber-attack in the last 12 months? 12.0% 31.0% 57.0% Yes No Don't Know 69% of IT and Security respondents report an external cyber-attack in the last 12 months N =

13 Majority address cybersecurity in enterprise risk management strategy or GRC program Is cybersecurity addressed in your organization s enterprise risk management strategy or your organization s Governance, Risk, Compliance (GRC) program? 8.0% 3.0% Yes No Don't Know 89.0% N =

14 Clinicians feel that there is enough security to effectively interact with patients without impeding care Do clinicians at your organization feel like there is enough security to effectively interact with patients and other caregivers without impeding care? 26.0% 4.0% Yes No Don't Know N = % Clinicians may feel there is too much security that can prevent them from adequately performing their jobs

15 IT and security roles are less likely to believe organization has resources to adequately protect from cyber threats Do you believe your organization has the resources (e.g. staff, tools, skillsets) you need to adequately protect itself from cyber threats? Please use a 1 to 7 scale with 1 being not enough resources at all and 7 being adequate resources. Average rating Business Clinical IT Security

16 1/3 of responding organizations have security reports at each board meeting Is there a standing security report presented at each board meeting? 19.0% 34.0% Yes No Don't Know 47.0% N =

17 Presenting on security to the board more often done upon request Upon request of the board or executive management How often is security (plan, metrics, status, incidents) discussed at board meetings? (if not at every board meeting) 38% At every board meeting 34% Never 5% At most board meetings 4% 0% 10% 20% 30% 40% N =

18 IT Security Structure 18 18

19 2/3 of responding organizations have a dedicated CISO role Does your organization have a dedicated/full-time Chief Information Security Officer? 1.0% 32.0% 67.0% Yes No Don't Know N =

20 Security roles report through IT Who does the senior-most security role in your organization report to? CIO 66% CEO 15% COO 7% CFO 6% Other 6% 0% 10% 20% 30% 40% 50% 60% 70% N =

21 IT risk management responsibility varies more than in 2015 survey Who within your organization is responsible for IT Risk Management? IT 52% Compliance 10% 17% Security 16% 13% Risk Management/Legal 7% 13% Other 2% 5% 65% 0% 10% 20% 30% 40% 50% 60% 70% N = (N = 115) 2016 (N = 100) 21 21

22 Less than 5 employees allocated to IT security How many Full Time employees both inside of IT and outside of IT are allocated to IT security? <1 8% Range of Number 51% 1 to 5 55% 6 to to to 30 >30 13% 4% 11% 3% 4% 1% 9% 10% 31% 0% 10% 20% 30% 40% 50% 60% Inside IT (N = 85) Outside IT (N = 71) 22 22

23 IT security budgets have increased since 2015 but still tend to be 6% or less of the IT budget What percent of your total IT budget is allocated to IT security? 0-3% 4-6% 29% 29% 36% 52% 65% dedicate 6% or less of IT budget to IT security 7-10% >10% 10% 10% 11% 24% 0% 10% 20% 30% 40% 50% 60% 2015 (N = 91) 2016 (N = 72) 23 23

24 Operating expense makes up a larger part of IT security budgets What is the approximate breakdown of operational and capital IT security expenses? 1-25% 45% 57% 26-50% 13% 35% 51-75% % 6% 8% 2% 34% 0% 10% 20% 30% 40% 50% 60% 70% OpEx (N = 64) CapEx (N = 63) 24 24

25 IT Security Drivers & Perspectives 25 25

26 HIPAA compliance and risk assessments biggest drivers for IT security investments 80% 70% 60% 50% 40% 30% 20% 10% 0% 75.0% 74.0% 18.0% 19.0% 26.0% 26.0% 31.0% 29.0% 63.0% 27.0% 21.0% 15.0% HIPAA compliance Risk assessment Security/financial audit % ranking in top % 20.0% 8.0% 9.0% 7.0% 5.0% 8.0% 8.0% External incident OCR Audit Internal recent incident 15.0% 14.0% 8.0% 7.0% 4.0% 5.0% 3.0% 2.0% Changes to business strategy What is driving your decisions on where investments are being made in IT security? Please rank the top 3 drivers from 1 to 3 with 1 being the biggest driver Total 26 26

27 Business respondents more likely to cite drivers from risk assessments, clinical and IT HIPAA compliance What is driving your decisions on where investments are being made in IT security? Total % choosing in top % 76.6% 57.4% 71.4% 81.0% 71.4% 91.7% Risk assessment 75.0% 66.7% HIPAA compliance Security/financial audit 29.8% 19.0% 25.0% External incident 19.1% 14.9% 23.4% 4.8% 14.3% 8.3% 8.3% 23.8% 0.0% Internal recent Changes to OCR Audit incident business strategy Business (N = 12) Clinical (N = 21) IT (N = 47) 27 27

28 NIST CSF framework still most in use What risk frameworks has your organization adopted, specific to your HIPAA-based assessments? NIST CSF Please select all that apply 46% 56% HITRUST 27% 30% Developed our own 12% 23% ITIL 22% 27% COBIT 8% 5% Business and clinical Other 3% 1% respondents contribute to Don't know 12% 27% Don t know % 0% 10% 20% 30% 40% 50% 60% 2015 (N = 115) 2016 (N = 100) 28 28

29 IT & security respondents indicate increased use of NIST, HITRUST and ITIL frameworks What risk frameworks has your organization adopted, specific to your HIPAA-based assessments? NIST CSF Please select all that apply 56% 61% HITRUST 27% 36% ITIL 22% 36% Developed our own COBIT Other Don't know 14% 8% 5% 3% 2% 12% 8% 23% 0% 10% 20% 30% 40% 50% 60% 70% 2015 (N = 115) 2016 IT & Security (N = 67) 29 29

30 Frameworks chosen for common approaches to managing cyber risks and industry specificity Common language/approach to managing cyber risks Industry specific 3rd party certification (ex: PCI certification or HITRUST) Ease of implementation Cost Other 7% Why have you chosen these frameworks? Please select all that apply 16% 14% 20% 41% 67% 0% 10% 20% 30% 40% 50% 60% 70% 80% N =

31 IT security currently most addressed for mobile devices Non-IT managed (shadow) Information Technology At what stage is your organization in terms of addressing IT security related to the following items: Mobile Devices Medical Devices 15% 11% 1% 4% 17% 22% 13% 20% 9% 54% 53% 71% 0% 10% 20% 30% 40% 50% 60% 70% 80% Already addressing Beginning to address Planning to address Not addressing at this time 31 31

32 Organizations are beginning to and have the most plans to address medical devices At what stage is your organization in terms of addressing IT security related to the following items: Planning and Beginning to Address Medical Devices 39% 50% Non-IT managed (shadow) Information Technology 33% Mobile Devices 28% 26% 0% 10% 20% 30% 40% 50% 60%

33 All cybersecurity areas have similar ratings of importance with awareness for end-users being the highest 5 How much importance does your organization place on the following? Please use a scale of 1-5 where 1 is no importance and 5 is a high level of importance Cybersecurity awareness for endusers (office posters, screen savers, updates, etc) Cybersecurity training for security professionals Cybersecurity strategy for the organization 2016 Average 2015 Average Cybersecurity training for end-users Cybersecurity education for end-users (lunch & learns, webinars, etc) 33 33

34 Business and clinical respondents tend to give higher importance ratings 5 How much importance does your organization place on the following? Please use a scale of 1-5 where 1 is no importance and 5 is a high level of importance Cybersecurity training for security professionals Cybersecurity awareness for endusers (office posters, screen savers, updates, etc.) Cybersecurity strategy for the organization Cybersecurity training for end-users Business (N = 12) Clinical (N = 21) 2016 Average Cybersecurity education for endusers (lunch & learns, webinars, etc.)

35 Budget and staffing biggest barriers to higher levels of confidence in security programs 80% 70% 60% 50% 40% 30% 20% 10% 0% What barriers are preventing your organization from achieving a higher level of confidence in your security program? Please choose the top 3 barriers with 1 being the biggest barrier. 69.7% 12.1% 15.2% 42.4% % ranking #1 58.6% 16.2% 28.3% % ranking in top % 12.1% 13.1% 14.1% 12.1% Budget Staffing Employee awareness and training 30.3% 29.3% 28.3% 14.1% 9.1% 18.2% 10.1% 12.1% 7.1% 6.1% 4.0% 7.1% Skillset Tools Impact to clinical workflow Total 19.2% 5.1% 13.1% 7.1% 5.1% 5.1% 7.1% 3.0% Organizational commitment Multiple groups in charge of security (IT, clinical, risk management) 35 35

36 Clinical respondents acknowledging barriers around employee awareness and training 68.1% What barriers are preventing your organization from achieving a higher level of confidence in your security program? Total % choosing in top % 76.2% 33.3% 75.0% 66.7% 36.2% 27.7% 57.1% 38.1% 38.3% 36.2% 8.5% 14.3% 23.8% 19.0% 21.3% 33.3% 33.3% 25.0% 16.7% 9.5% 16.7% 8.3% Budget Staffing Employee awareness and training Impact to clinical workflow Skillset Multiple groups in charge of security (IT, clinical, risk management) Business (N = 12) Clinical (N = 21) IT (N = 47) Tools Organizational commitment 36 36

37 Key Takeaways! 2/3s of participating organizations have CISO roles, which most often report to CIO! Since the 2015 study:! Increases in the average number of workers inside and outside IT dedicated to IT security! More respondents reporting IT security budgets of 7-10% of IT budgets but the majority still dedicate 6% or less! Despite increases to security staffs and budgets, those are still the biggest barriers to higher levels of confidence in security programs! HIPAA compliance, risk assessments and audits are the main drivers for IT security investments 37 37

38 Key Takeaways! There is high confidence in preparedness for cyber-attacks yet:! Over 1/3 of organizations are still only complying with key mandates or only implemented basic security controls! Over 1/2 have been subjected to external cyber-attack in the last 12 months! Only 1/3 have standing security presentations at every board meeting! End-user education and training of lower importance to organizations! Only 1/4 of respondents believe they have adequate resources to protect against cyber-attacks 38 38

39 39

40 Thank you! Bob Chaput, CISSP, HCISPP, CRISC, CIPP/US David S. Finn, CISA, CISM,

HOW TO BE AN EFFECTIVE CYBERSECURITY LEADER IN HEALTHCARE

HOW TO BE AN EFFECTIVE CYBERSECURITY LEADER IN HEALTHCARE HOW TO BE AN EFFECTIVE CYBERSECURITY LEADER IN HEALTHCARE Session CYB1, March 5, 2018 Karl J. West, CISO & AVP Intermountain Healthcare Erik Decker, CPSO The University of Chicago Medicine 1 Conflict of

More information

The Deloitte-NASCIO Cybersecurity Study Insights from

The Deloitte-NASCIO Cybersecurity Study Insights from The Deloitte-NASCIO Cybersecurity Study Insights from 2010-2016 August 21, 2018 Srini Subramanian State Government Sector Leader Deloitte Erik Avakian CISO Pennsylvania Michael Roling CISO Missouri Meredith

More information

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification 2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification Presenters Jared Hamilton CISSP CCSK, CCSFP, MCSE:S Healthcare Cybersecurity Leader, Crowe Horwath Erika Del Giudice CISA, CRISC,

More information

Digital Service Management (DSM)

Digital Service Management (DSM) Digital Service Management (DSM) A Proactive, Collaborative and Balanced Approach for Securing, Managing and Improving the Online Services that Drive the Digital Enterprise itsm003 v.3.0 Agenda and Objectives

More information

itsm003 v.3.0 NISTCSF.COM NICE Training Curriculum & Workforce Planning Program

itsm003 v.3.0 NISTCSF.COM NICE Training Curriculum & Workforce Planning Program itsm003 v.3.0 NICE Training Curriculum & Workforce Planning Program Agenda and Objectives NICE Cybersecurity Curriculum Consortium IT & Cybersecurity Frameworks & Methodologies NICE Curriculum Catalog

More information

Digital Service Management (DSM)

Digital Service Management (DSM) Digital Service Management (DSM) A Proactive, Collaborative and Balanced Approach for Managing, Improving and Securing an Enterprise Digital Service Portfolio itsm003 v.3.0 Agenda and Objectives What is

More information

Best Practices & Lesson Learned from 100+ ITGRC Implementations

Best Practices & Lesson Learned from 100+ ITGRC Implementations Best Practices & Lesson Learned from 100+ ITGRC Implementations Presenter: Vivek Shivananda CEO of Rsam Dec 3, 2010 ISACA -NY Chapter Copyright 2002 2010 Relational Security Corp. (dba Rsam) Agenda Overview

More information

Cybersecurity Survey Results

Cybersecurity Survey Results Cybersecurity Survey Results 4 November 2015 DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.

More information

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report. 2019 SIEM REPORT INTRODUCTION Security Information and Event Management (SIEM) is a powerful technology that allows security operations teams to collect, correlate and analyze log data from a variety of

More information

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information

More information

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum Agenda and Objectives The Digital Transformation (Dx) Problem NISTCSF.COM Cybersecurity Curriculum

More information

A Data-Centric Approach to Endpoint Security

A Data-Centric Approach to Endpoint Security A Data-Centric Approach to Endpoint Security September 28, 2017 Eric Ogren Senior Analyst, Security 451 Research Bill Bradley Director of Product Marketing Digital Guardian About Eric Ogren Eric Ogren

More information

BRING EXPERT TRAINING TO YOUR WORKPLACE.

BRING EXPERT TRAINING TO YOUR WORKPLACE. BRING EXPERT TRAINING TO YOUR WORKPLACE. ISACA s globally respected training and certification programs inspire confidence that enables innovation in the workplace. ISACA s On-Site Training brings a unique

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use

More information

HIPAA Compliance is not a Cybersecurity Strategy

HIPAA Compliance is not a Cybersecurity Strategy HIPAA Compliance is not a Cybersecurity Strategy Presented by: Hector Rodriguez, WW Health CISO, Microsoft Jay Trinckes, Director, Coalfire Speaker Introductions Hector Rodriguez, WW Health CISO, Microsoft

More information

Uncovering the Risk of SAP Cyber Breaches

Uncovering the Risk of SAP Cyber Breaches Uncovering the Risk of SAP Cyber Breaches Research sponsored by Onapsis Independently Conducted by Ponemon Institute LLC February 2016 1 Part 1. Introduction Uncovering the Risks of SAP Cyber Breaches

More information

Todd Sander Vice President, Research e.republic Inc.

Todd Sander Vice President, Research e.republic Inc. Todd Sander Vice President, Research e.republic Inc. Tsander@erepublic.com Report Background Respondent Type Breakdown Received responses from 74 state elected and appointed officials and 29 staff members

More information

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY Perspectives from U.S. and ese IT Professionals Executive Summary The use of artificial intelligence (AI) and machine learning (ML) in cybersecurity

More information

State of Cloud Survey GERMANY FINDINGS

State of Cloud Survey GERMANY FINDINGS 2011 State of Cloud Survey GERMANY FINDINGS CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Cloud security is top goal and top concern.................................. 8 Finding 2: IT staff

More information

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,

More information

itsm003 v.3.0 NISTCSF.COM Role-Based IT & NIST Cybersecurity Curriculum Solutions

itsm003 v.3.0 NISTCSF.COM Role-Based IT & NIST Cybersecurity Curriculum Solutions itsm003 v.3.0 NISTCSF.COM Role-Based IT & NIST Cybersecurity Curriculum Solutions Agenda and Objectives NISTCSF.COM Curriculum Consortium IT & NIST Cybersecurity Frameworks & Methodologies NISTCSF.COM

More information

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD December 2014 KEVIN GROOM ISACA Involvement (Middle Tennessee Chapter) Treasurer (2009 2011) Vice President (2011 2013) President (2013 present)

More information

a publication of the health care compliance association MARCH 2018

a publication of the health care compliance association MARCH 2018 hcca-info.org Compliance TODAY a publication of the health care compliance association MARCH 2018 On improv and improving communication an interview with Alan Alda This article, published in Compliance

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

THE POWER OF TECH-SAVVY BOARDS:

THE POWER OF TECH-SAVVY BOARDS: THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES

More information

2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals

2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals 2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals Sponsored by Contents Introduction....3 Key Takeaways from the 2017 Report:....3 Security

More information

PULSE TAKING THE PHYSICIAN S

PULSE TAKING THE PHYSICIAN S TAKING THE PHYSICIAN S PULSE TACKLING CYBER THREATS IN HEALTHCARE Accenture and the American Medical Association (AMA) surveyed U.S. physicians regarding their experiences and attitudes toward cybersecurity.

More information

Healthcare mobility: selecting the right device for better patient care

Healthcare mobility: selecting the right device for better patient care Healthcare mobility: selecting the right device for better patient care How Fujitsu Mobile Solutions help accelerate digital transformation with human-centric innovation* Fujitsu Thought Leadership Report

More information

The Third Annual Study on the Cyber Resilient Organization

The Third Annual Study on the Cyber Resilient Organization The Third Annual Study on the Cyber Resilient Organization Global Independently conducted by the Ponemon Institute Sponsored by IBM Resilient Publication Date: March 2018 Ponemon Institute Research Report

More information

Security and Privacy Governance Program Guidelines

Security and Privacy Governance Program Guidelines Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by

More information

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium Discussion on: Evaluating Cybersecurity Coverage A Maturity Model Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium By: Eric C. Lovell PricewaterhouseCoopers LLP ( PwC ) March 24,

More information

The Cost of Denial-of-Services Attacks

The Cost of Denial-of-Services Attacks The Cost of Denial-of-Services Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report The Cost of Denial-of-Service

More information

HITRUST CSF: One Framework

HITRUST CSF: One Framework HITRUST CSF: One Framework Leveraging the HITRUST CSF to Support ISO, HIPAA, & NIST Implementation and Compliance, and SSAE 16 SOC Reporting Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Senior

More information

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Introduction and Bio CyberSecurity Defined CyberSecurity Risks NIST CyberSecurity Framework References *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Chapter 3. Framework Implementation Relationship

More information

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015 ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO 27001 FRAMEWORK AUGUST 19, 2015 Agenda Coalfire Overview Threat Landscape What is ISO Why ISO ISO Cycle Q&A 2 Presenters

More information

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on

More information

CYBERSECURITY RESILIENCE

CYBERSECURITY RESILIENCE CLOSING THE IN CYBERSECURITY RESILIENCE AT U.S. GOVERNMENT AGENCIES Two-thirds of federal IT executives in a new survey say their agency s ability to withstand a cyber event, and continue to function,

More information

Incident Response Table Tops

Incident Response Table Tops Incident Response Table Tops Agenda Introductions SecureState overview Need for improved incident response capability https://pollev.com/securestate Overview of the exercise: Sample incident response table

More information

State of the Cyber Training Market January 2018

State of the Cyber Training Market January 2018 State of the Cyber Training Market January 2018 2018 by CYBERBIT 2018 by CYBERBIT Proprietary CYBERBIT Proprietary Cybersecurity Market Worth 202.36 Billion USD by 2021 Marketandmarkets analysis, 2017

More information

Best wishes for 2018! Bryan Ware, CEO. Haystax Technology INSIDER THREAT PREDICTIONS FOR

Best wishes for 2018! Bryan Ware, CEO.  Haystax Technology INSIDER THREAT PREDICTIONS FOR See our insider threat predictions for 2018 based on data from nearly 1,500 companies that participated in a multi-year research study on insider attacks. This is the season for predictions, the time when

More information

Security Survey Executive Summary October 2008

Security Survey Executive Summary October 2008 A government technology Executive Survey Summary: HP Security Survey Executive Summary October 2008 Produced by: In Partnership With: Introduction Information is paramount to the survival of government

More information

HEALTHCARE IT NETWORK SURVEY REPORT

HEALTHCARE IT NETWORK SURVEY REPORT HEALTHCARE IT NETWORK SURVEY REPORT FEBRUARY 2019 PAGE 2 Healthcare IT Network Survey Report INTRODUCTION Harnessing digital technologies for patient engagement is essential for healthcare organizations

More information

HCISPP HealthCare Information Security and Privacy Practitioner

HCISPP HealthCare Information Security and Privacy Practitioner HCISPP HealthCare Information Security and Privacy Practitioner William Buddy Gillespie, HCISPP Global Academic Instructor (ISC)² Former Healthcare CIO Chair Advocacy Committee, CPAHIMSS budgill@aol.com

More information

Reducing Cybersecurity Costs & Risk through Automation Technologies

Reducing Cybersecurity Costs & Risk through Automation Technologies Reducing Cybersecurity Costs & Risk through Automation Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: November 2017 Ponemon Institute Research

More information

Cybersecurity Cheat Sheet for the Board of Directors

Cybersecurity Cheat Sheet for the Board of Directors International Global ehealth Executive Council Cybersecurity Cheat Sheet for the Board of Directors What You Need to Know: A Starter Guide to Find and Fulfil Your Role in Cybersecurity Amidst health care

More information

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association

More information

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security

More information

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product

More information

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security Cyber Security in 2016 Timothy Brown Dell Fellow and CTO Dell Security 2016 The middle of a perfect storm Technology Driving Innovation Advanced Adversaries Limited Resources Dell Secureworks Underground

More information

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017 State Governments at Risk: State CIOs and Cybersecurity CSG Cybersecurity and Privacy Policy Academy November 2, 2017 About NASCIO National association representing state chief information officers and

More information

building a security culture to counter emerging cybersecurity threats

building a security culture to counter emerging cybersecurity threats Academic Medical Center Security and Privacy Conference June 2017 building a security culture to counter emerging cybersecurity threats Chuck Kesler, MBA, CISSP, CISM Chief Information Security Officer

More information

SECURING THE DIGITAL ECONOMY. Reinventing the Internet for Trust

SECURING THE DIGITAL ECONOMY. Reinventing the Internet for Trust SECURING THE DIGITAL ECONOMY Reinventing the Internet for Trust The Internet Just Can t Keep Up Companies Are Increasingly Dependent on the Internet for Business Growth 90% 76% 18% 35% to rank business

More information

THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS

THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS SESSION ID: AST3-R02 THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS Jon Oltsik Senior Principal Analyst Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International Board Director ISSA

More information

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee

More information

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE SESSION ID: SBX4W5 SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE Dara Such VP & Publisher, Security Networking and IoT TechTarget @darasuch What we ll cover today State of SecOps:

More information

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION Cloud Computing January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION Purpose and Methodology Survey Sample Field Work December 20, 2011 January 9, 2012 Total Respondents 554 Margin of Error +/- 4.2%

More information

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO

More information

The Role of IT in HIPAA Security & Compliance

The Role of IT in HIPAA Security & Compliance The Role of IT in HIPAA Security & Compliance Mario Cruz OFMQ Chief Information Officer For audio, you must use your phone: Step 1: Call (866) 906-0123. Step 2: Enter code 2071585#. Mario Cruz Mario Cruz

More information

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst Introduction Angela Holzworth, RHIA, CISA, GSEC Sr. IT Infrastructure Analyst Kimberly Gray, Esq., CIPP/US Chief Privacy Officer, Global, IMS Health 1 Incorporating Privacy into the CSF: Approach and Benefits

More information

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment Preparing Your Organization for a HHS OIG Information Security Audit David Holtzman, JD, CIPP/G CynergisTek, Inc. Brian C. Johnson, CPA, CISA HHS OIG Section 1: Models for Risk Assessment Section 2: Preparing

More information

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved. HITRUST CSF Assurance Program HITRUST CSF Assurance Program The Need Organizations facing multiple and varied assurance requirements from a variety of parties Increasing pressure and penalties associated

More information

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Stephanie Poe, DNP, RN-BC CNIO, The Johns Hopkins Hospital and Health System Discussion Topics The Age of Acceleration Cyber

More information

Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative

Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative Helping the C-Suite Define Cyber Risk Appetite The executive Imperative Welcome Steve Schlarman GRC Strategist CISSP, CISM @steveschlarman Executive Priorities Growth is the highest priority. 54 % 25 %

More information

Whip Your Incident Response Program into Shape

Whip Your Incident Response Program into Shape Whip Your Incident Response Program into Shape 1 Agenda Introductions Understand requirements behind an incident response program (IRP). Identify the different components of an effective IRP. Learn how

More information

CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015

CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015 CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015 WELCOME Have a question for the speaker? Text it in using the Ask A Question button! Audio is streamed

More information

GDPR COMPLIANCE REPORT

GDPR COMPLIANCE REPORT 2018 GDPR COMPLIANCE REPORT INTRODUCTION Effective as of May 25, 2018, the European Union General Data Protection Regulation (GDPR) represents the most sweeping change in data privacy regulation in decades.

More information

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services 0 CYBER SECURITY WORKSHOP NOVEMBER 2, 2016 Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services VIDEO: CAN IT HAPPEN TO ME? 1 2 AGENDA CYBERSECURITY WHY SUCH A BIG DEAL? INFORMATION

More information

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18 Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are

More information

A Global Look at IT Audit Best Practices

A Global Look at IT Audit Best Practices A Global Look at IT Audit Best Practices 2015 IT Audit Benchmarking Survey March 2015 Speakers Kevin McCreary is a Senior Manager in Protiviti s IT Risk practice. He has extensive IT audit and regulatory

More information

Defensible Security DefSec 101

Defensible Security DefSec 101 Defensible Security DefSec 101 Security Day November 2017 Information Security Branch Paul Falohun Senior Security Analyst Dan Lathigee Senior Project Manager Content 1 Introduction 2 DefSec for PSO 3

More information

The Twenty- Sixth National HIPAA Summit. HIPAA Summit Day II Morning Plenary Session: HIPAA Security

The Twenty- Sixth National HIPAA Summit. HIPAA Summit Day II Morning Plenary Session: HIPAA Security The Twenty- Sixth National HIPAA Summit HIPAA Summit Day II Morning Plenary Session: HIPAA Security March 30, 2017 John Parmigiani Summit Co-Chair President John C. Parmigiani & Associates, LLC Agenda

More information

ISACA International Perspective

ISACA International Perspective ISACA International Perspective 11 th October 2013 Allan Boardman ISACA International Vice President and Board Director Member of ISACA s Strategic Advisory Council Member of the IT Governance Institute

More information

Healthcare HIPAA and Cybersecurity Update

Healthcare HIPAA and Cybersecurity Update Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity

More information

Hearing Voices: The Cybersecurity Pro s View of the Profession

Hearing Voices: The Cybersecurity Pro s View of the Profession SESSION ID: AST2-W02 Hearing Voices: The Cybersecurity Pro s View of the Profession Jon Oltsik Senior Principal Analyst and ESG Fellow Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International

More information

Cyber, Information Security, and Data Protection

Cyber, Information Security, and Data Protection Cyber, Information Security, and Data Protection The past, the present, and th e future 15th, 16th & 17th October 2018 Muscat - Oman Intellectual Events And Conferences Private Limited For more information

More information

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL Shifting budgets and responsibilities require IT and physical security teams to consider fundamental change in day-to-day

More information

ISACA Greater Kansas City Chapter

ISACA Greater Kansas City Chapter ISACA Greater Kansas City Chapter Measuring the Maturity of your Information Security Program. Impossible? Presented by: Mark Carney, VP of Strategic Services Agenda Definition of Mature Client Approaches

More information

Towards a cyber governance maturity model for boards of directors

Towards a cyber governance maturity model for boards of directors Towards a cyber governance maturity model for boards of directors Professor Basie von Solms Centre for Cyber Security University of Johannesburg Johannesburg, South Africa Keywords Cyber Security, Boards,

More information

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS Good IT governance is a key element of a well-performing enterprise. Enterprises need qualified information

More information

Building a Threat Intelligence Program

Building a Threat Intelligence Program WHITE PAPER Building a Threat Intelligence Program Research findings on best practices and impact www. Building a Threat Intelligence Program 2 Methodology FIELD DATES: March 30th - April 4th 2018 351

More information

2016 Survey: A Pulse on Mobility in Healthcare

2016 Survey: A Pulse on Mobility in Healthcare 2016 Survey: A Pulse on Mobility in Healthcare Introduction Mobile Trends in Healthcare Mobility in Healthcare Top Motivation for Implementing a Mobile Solution Impact of Mobility on Patient Experience

More information

Spotlight Report. Information Security. Presented by. Group Partner

Spotlight Report. Information Security. Presented by. Group Partner Cloud SecuriTY Spotlight Report Group Partner Information Security Presented by OVERVIEW Key FINDINGS Public cloud apps like Office 365 and Salesforce have become a dominant, driving force for change in

More information

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev

More information

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security Government Resolution No. 2443 of February 15, 2015 33 rd Government of Israel Benjamin Netanyahu Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security It is hereby resolved:

More information

Healthcare Security Success Story

Healthcare Security Success Story Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Healthcare Security Success Story

More information

The Future of HITRUST

The Future of HITRUST The Future of HITRUST Henry Vynalek, Director, HIE & IT Operations and Security Officer Mike Wells, Director of Security, Director of Engineering The Ohio Health Information Partnership (CliniSync) Henry

More information

Annual European ehealth Survey

Annual European ehealth Survey Results, 3 rd Quarter 2017 Annual European ehealth Survey www.himss.eu/analytics 1 TABLE OF CONTENT Survey methodology page 3 Survey overview page 4 Results Key Findings page 5 Current ehealth priorities

More information

Creating a Cybersecurity Culture: (ISC)2 Survey Responses

Creating a Cybersecurity Culture: (ISC)2 Survey Responses 10/3/18 Creating a Cybersecurity Culture: (ISC)2 Survey Responses Dr. Keri Pearlson (ISC)2 Conference October 8, 2018 CAMS - (IC)3 https://cams.mit.edu 1 200,000Security events The average company handles

More information

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018 1.0 Executive Summary Birmingham Community Healthcare NHS Foundation Trust 2017/17 Data Security and Protection Requirements March 2018 The Trust has received a request from NHS Improvement (NHSI) to self-assess

More information

Choosing an Information Risk Management Framework: The Case for the NIST Cybersecurity Framework (CSF) in Healthcare Organizations

Choosing an Information Risk Management Framework: The Case for the NIST Cybersecurity Framework (CSF) in Healthcare Organizations Choosing an Information Risk Management Framework: The Case for the NIST Cybersecurity Framework (CSF) in Healthcare Organizations COMPLIANCE The question becomes: Am I going to spend my cybersecurity

More information

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

10 Cybersecurity Questions for Bank CEOs and the Board of Directors 4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors

More information

Update from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013

Update from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013 Update from HIMSS National Privacy & Security Lisa Gallagher, VP Technology Solutions November 14, 2013 Agenda Update on HIMSS new Technology Solutions Department HIPAA Omnibus Rules Meaningful Use 2 P&S

More information

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification COURSE BROCHURE COBIT5 FOUNDATION Training & Certification What is COBIT5? COBIT 5 (Control Objectives for Information and Related Technology) is an international open standard that defines requirements

More information

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice

More information

Career Paths In Cybersecurity

Career Paths In Cybersecurity Career Paths In Cybersecurity Introductions Rob Ashcraft Sr. Technical Advisor 26-yrs in Information Technology 14-yrs in Information Security Held positions as Technician, IT Management, IT Sales Double

More information

Information Security Risk Strategies. By

Information Security Risk Strategies. By Information Security Risk Strategies By Larry.Boettger@Berbee.com Meeting Agenda Challenges Faced By IT Importance of ISO-17799 & NIST The Security Pyramid Benefits of Identifying Risks Dealing or Not

More information

Intro to Capture the Flag

Intro to Capture the Flag Intro to Capture the Flag Talk for General Audience: Why Capture the Flag (CTFs) Matter. Synopsis: CTFs are one example of a gamified learning environment. Gamified ecosystems pose many benefits to professional

More information

Mohammad Shahadat Hossain

Mohammad Shahadat Hossain Mohammad Shahadat Hossain Principal Security Architect at Grameenphone Limited Summary Has extensive knowledge and experience on following:- NIST Cyber Security Framework SANS Top 20 Security Control Network

More information

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP Protect Your Institution with Effective Cybersecurity Governance 1 Your presenter Mike Cullen, Senior Manager, Baker Tilly CISA, CISSP, CIPP/US > Leads the firm s Higher Education Technology Risk Services

More information