Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results
|
|
- Arnold Banks
- 5 years ago
- Views:
Transcription
1 Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec Bob Chaput, CISSP, HCISPP, CRISC, CIPP/US CEO, Clearwater Compliance February 2017
2 Today s Agenda! In a nutshell...! Research Design & Methodology! Study Results IT Security at Healthcare Organizations IT Security Structure IT Security Drivers & Perspectives! Key Takeaways 2 2
3 In a nutshell...! 2/3s of participating organizations have CISO roles, which most often report to CIO! Increases seen in the average number of workers inside and outside IT dedicated to IT security! Majority of organizations still dedicate 6% or less of IT budget to IT security! Budget and staffing are the biggest barriers to higher levels of confidence in security programs! HIPAA compliance, risk assessments and audits are the main drivers for IT security investments! There is high confidence in preparedness for cyber-attacks but not necessarily belief that there are the resources to protect organizations 3
4 Research Design & Methodology 4 4
5 Research Purpose and Design To understand the perspectives of healthcare administrators regarding HIT security strategies Continuing research through a two-phase approach of blinded web-based quantitative study & qualitative in-depth interviews with key decision makers To produce industry education content for distribution and webinar program 5 5
6 Research Methodology Quantitative! Targeted: Executives, C-Suite, business and IT leaders, clinical leadership Contacts via:! Recruitment: Web survey link ed and open between October 26 and December 2, Respondents Qualitative! In-depth interviews: follow-up and additional insight into topic areas! Participants: gathered from quantitative survey respondents and via client suggestions! Interviews conducted: between November 8 and December 21, Participants 6 6
7 Perspective of healthcare IT, clinical, security and business leaders Of the 100 quantitative study respondents: 47% 21% 20% 12% IT Leadership! CIO! IT Director! VP of IT! CTO Clinical Leadership! CMIO! CMO! CNIO! Quality/! Risk Mgmt Director Security/ Privacy Leadership! CISO! IT Security Officer Business Leadership! CFO! CCO Nearly half C-Suite 7 7
8 Large hospitals and healthcare systems represented Which of the following describes the number of beds in your organization? beds 3% beds 25% beds 25% >500 beds 47% 0% 10% 20% 30% 40% 50% N =
9 Perspective of IT, security, business and clinical leaders Of the 10 qualitative in-depth interviews: Clinical Leaders! CMIO! SVP & Chief Quality Officer! Associate CMO IT Leaders! VP & CIO! CIO & AVP HIT Business Leaders! CFO! Senior VP of Operations Security Leaders! IS Officer! VP, CISO 7.4 Hospitals Average # of Hospitals in Healthcare Systems (N = 7) 3 Academic Medical Centers 9
10 Study Results 10 10
11 IT Security at Healthcare Organizations 11 11
12 Over 1/2 of responding organizations were subject to an external cyber-attack in the last 12 months Has your organization been subject to an external cyber-attack in the last 12 months? 12.0% 31.0% 57.0% Yes No Don't Know 69% of IT and Security respondents report an external cyber-attack in the last 12 months N =
13 Majority address cybersecurity in enterprise risk management strategy or GRC program Is cybersecurity addressed in your organization s enterprise risk management strategy or your organization s Governance, Risk, Compliance (GRC) program? 8.0% 3.0% Yes No Don't Know 89.0% N =
14 Clinicians feel that there is enough security to effectively interact with patients without impeding care Do clinicians at your organization feel like there is enough security to effectively interact with patients and other caregivers without impeding care? 26.0% 4.0% Yes No Don't Know N = % Clinicians may feel there is too much security that can prevent them from adequately performing their jobs
15 IT and security roles are less likely to believe organization has resources to adequately protect from cyber threats Do you believe your organization has the resources (e.g. staff, tools, skillsets) you need to adequately protect itself from cyber threats? Please use a 1 to 7 scale with 1 being not enough resources at all and 7 being adequate resources. Average rating Business Clinical IT Security
16 1/3 of responding organizations have security reports at each board meeting Is there a standing security report presented at each board meeting? 19.0% 34.0% Yes No Don't Know 47.0% N =
17 Presenting on security to the board more often done upon request Upon request of the board or executive management How often is security (plan, metrics, status, incidents) discussed at board meetings? (if not at every board meeting) 38% At every board meeting 34% Never 5% At most board meetings 4% 0% 10% 20% 30% 40% N =
18 IT Security Structure 18 18
19 2/3 of responding organizations have a dedicated CISO role Does your organization have a dedicated/full-time Chief Information Security Officer? 1.0% 32.0% 67.0% Yes No Don't Know N =
20 Security roles report through IT Who does the senior-most security role in your organization report to? CIO 66% CEO 15% COO 7% CFO 6% Other 6% 0% 10% 20% 30% 40% 50% 60% 70% N =
21 IT risk management responsibility varies more than in 2015 survey Who within your organization is responsible for IT Risk Management? IT 52% Compliance 10% 17% Security 16% 13% Risk Management/Legal 7% 13% Other 2% 5% 65% 0% 10% 20% 30% 40% 50% 60% 70% N = (N = 115) 2016 (N = 100) 21 21
22 Less than 5 employees allocated to IT security How many Full Time employees both inside of IT and outside of IT are allocated to IT security? <1 8% Range of Number 51% 1 to 5 55% 6 to to to 30 >30 13% 4% 11% 3% 4% 1% 9% 10% 31% 0% 10% 20% 30% 40% 50% 60% Inside IT (N = 85) Outside IT (N = 71) 22 22
23 IT security budgets have increased since 2015 but still tend to be 6% or less of the IT budget What percent of your total IT budget is allocated to IT security? 0-3% 4-6% 29% 29% 36% 52% 65% dedicate 6% or less of IT budget to IT security 7-10% >10% 10% 10% 11% 24% 0% 10% 20% 30% 40% 50% 60% 2015 (N = 91) 2016 (N = 72) 23 23
24 Operating expense makes up a larger part of IT security budgets What is the approximate breakdown of operational and capital IT security expenses? 1-25% 45% 57% 26-50% 13% 35% 51-75% % 6% 8% 2% 34% 0% 10% 20% 30% 40% 50% 60% 70% OpEx (N = 64) CapEx (N = 63) 24 24
25 IT Security Drivers & Perspectives 25 25
26 HIPAA compliance and risk assessments biggest drivers for IT security investments 80% 70% 60% 50% 40% 30% 20% 10% 0% 75.0% 74.0% 18.0% 19.0% 26.0% 26.0% 31.0% 29.0% 63.0% 27.0% 21.0% 15.0% HIPAA compliance Risk assessment Security/financial audit % ranking in top % 20.0% 8.0% 9.0% 7.0% 5.0% 8.0% 8.0% External incident OCR Audit Internal recent incident 15.0% 14.0% 8.0% 7.0% 4.0% 5.0% 3.0% 2.0% Changes to business strategy What is driving your decisions on where investments are being made in IT security? Please rank the top 3 drivers from 1 to 3 with 1 being the biggest driver Total 26 26
27 Business respondents more likely to cite drivers from risk assessments, clinical and IT HIPAA compliance What is driving your decisions on where investments are being made in IT security? Total % choosing in top % 76.6% 57.4% 71.4% 81.0% 71.4% 91.7% Risk assessment 75.0% 66.7% HIPAA compliance Security/financial audit 29.8% 19.0% 25.0% External incident 19.1% 14.9% 23.4% 4.8% 14.3% 8.3% 8.3% 23.8% 0.0% Internal recent Changes to OCR Audit incident business strategy Business (N = 12) Clinical (N = 21) IT (N = 47) 27 27
28 NIST CSF framework still most in use What risk frameworks has your organization adopted, specific to your HIPAA-based assessments? NIST CSF Please select all that apply 46% 56% HITRUST 27% 30% Developed our own 12% 23% ITIL 22% 27% COBIT 8% 5% Business and clinical Other 3% 1% respondents contribute to Don't know 12% 27% Don t know % 0% 10% 20% 30% 40% 50% 60% 2015 (N = 115) 2016 (N = 100) 28 28
29 IT & security respondents indicate increased use of NIST, HITRUST and ITIL frameworks What risk frameworks has your organization adopted, specific to your HIPAA-based assessments? NIST CSF Please select all that apply 56% 61% HITRUST 27% 36% ITIL 22% 36% Developed our own COBIT Other Don't know 14% 8% 5% 3% 2% 12% 8% 23% 0% 10% 20% 30% 40% 50% 60% 70% 2015 (N = 115) 2016 IT & Security (N = 67) 29 29
30 Frameworks chosen for common approaches to managing cyber risks and industry specificity Common language/approach to managing cyber risks Industry specific 3rd party certification (ex: PCI certification or HITRUST) Ease of implementation Cost Other 7% Why have you chosen these frameworks? Please select all that apply 16% 14% 20% 41% 67% 0% 10% 20% 30% 40% 50% 60% 70% 80% N =
31 IT security currently most addressed for mobile devices Non-IT managed (shadow) Information Technology At what stage is your organization in terms of addressing IT security related to the following items: Mobile Devices Medical Devices 15% 11% 1% 4% 17% 22% 13% 20% 9% 54% 53% 71% 0% 10% 20% 30% 40% 50% 60% 70% 80% Already addressing Beginning to address Planning to address Not addressing at this time 31 31
32 Organizations are beginning to and have the most plans to address medical devices At what stage is your organization in terms of addressing IT security related to the following items: Planning and Beginning to Address Medical Devices 39% 50% Non-IT managed (shadow) Information Technology 33% Mobile Devices 28% 26% 0% 10% 20% 30% 40% 50% 60%
33 All cybersecurity areas have similar ratings of importance with awareness for end-users being the highest 5 How much importance does your organization place on the following? Please use a scale of 1-5 where 1 is no importance and 5 is a high level of importance Cybersecurity awareness for endusers (office posters, screen savers, updates, etc) Cybersecurity training for security professionals Cybersecurity strategy for the organization 2016 Average 2015 Average Cybersecurity training for end-users Cybersecurity education for end-users (lunch & learns, webinars, etc) 33 33
34 Business and clinical respondents tend to give higher importance ratings 5 How much importance does your organization place on the following? Please use a scale of 1-5 where 1 is no importance and 5 is a high level of importance Cybersecurity training for security professionals Cybersecurity awareness for endusers (office posters, screen savers, updates, etc.) Cybersecurity strategy for the organization Cybersecurity training for end-users Business (N = 12) Clinical (N = 21) 2016 Average Cybersecurity education for endusers (lunch & learns, webinars, etc.)
35 Budget and staffing biggest barriers to higher levels of confidence in security programs 80% 70% 60% 50% 40% 30% 20% 10% 0% What barriers are preventing your organization from achieving a higher level of confidence in your security program? Please choose the top 3 barriers with 1 being the biggest barrier. 69.7% 12.1% 15.2% 42.4% % ranking #1 58.6% 16.2% 28.3% % ranking in top % 12.1% 13.1% 14.1% 12.1% Budget Staffing Employee awareness and training 30.3% 29.3% 28.3% 14.1% 9.1% 18.2% 10.1% 12.1% 7.1% 6.1% 4.0% 7.1% Skillset Tools Impact to clinical workflow Total 19.2% 5.1% 13.1% 7.1% 5.1% 5.1% 7.1% 3.0% Organizational commitment Multiple groups in charge of security (IT, clinical, risk management) 35 35
36 Clinical respondents acknowledging barriers around employee awareness and training 68.1% What barriers are preventing your organization from achieving a higher level of confidence in your security program? Total % choosing in top % 76.2% 33.3% 75.0% 66.7% 36.2% 27.7% 57.1% 38.1% 38.3% 36.2% 8.5% 14.3% 23.8% 19.0% 21.3% 33.3% 33.3% 25.0% 16.7% 9.5% 16.7% 8.3% Budget Staffing Employee awareness and training Impact to clinical workflow Skillset Multiple groups in charge of security (IT, clinical, risk management) Business (N = 12) Clinical (N = 21) IT (N = 47) Tools Organizational commitment 36 36
37 Key Takeaways! 2/3s of participating organizations have CISO roles, which most often report to CIO! Since the 2015 study:! Increases in the average number of workers inside and outside IT dedicated to IT security! More respondents reporting IT security budgets of 7-10% of IT budgets but the majority still dedicate 6% or less! Despite increases to security staffs and budgets, those are still the biggest barriers to higher levels of confidence in security programs! HIPAA compliance, risk assessments and audits are the main drivers for IT security investments 37 37
38 Key Takeaways! There is high confidence in preparedness for cyber-attacks yet:! Over 1/3 of organizations are still only complying with key mandates or only implemented basic security controls! Over 1/2 have been subjected to external cyber-attack in the last 12 months! Only 1/3 have standing security presentations at every board meeting! End-user education and training of lower importance to organizations! Only 1/4 of respondents believe they have adequate resources to protect against cyber-attacks 38 38
39 39
40 Thank you! Bob Chaput, CISSP, HCISPP, CRISC, CIPP/US David S. Finn, CISA, CISM,
HOW TO BE AN EFFECTIVE CYBERSECURITY LEADER IN HEALTHCARE
HOW TO BE AN EFFECTIVE CYBERSECURITY LEADER IN HEALTHCARE Session CYB1, March 5, 2018 Karl J. West, CISO & AVP Intermountain Healthcare Erik Decker, CPSO The University of Chicago Medicine 1 Conflict of
More informationThe Deloitte-NASCIO Cybersecurity Study Insights from
The Deloitte-NASCIO Cybersecurity Study Insights from 2010-2016 August 21, 2018 Srini Subramanian State Government Sector Leader Deloitte Erik Avakian CISO Pennsylvania Michael Roling CISO Missouri Meredith
More information2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification
2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification Presenters Jared Hamilton CISSP CCSK, CCSFP, MCSE:S Healthcare Cybersecurity Leader, Crowe Horwath Erika Del Giudice CISA, CRISC,
More informationDigital Service Management (DSM)
Digital Service Management (DSM) A Proactive, Collaborative and Balanced Approach for Securing, Managing and Improving the Online Services that Drive the Digital Enterprise itsm003 v.3.0 Agenda and Objectives
More informationitsm003 v.3.0 NISTCSF.COM NICE Training Curriculum & Workforce Planning Program
itsm003 v.3.0 NICE Training Curriculum & Workforce Planning Program Agenda and Objectives NICE Cybersecurity Curriculum Consortium IT & Cybersecurity Frameworks & Methodologies NICE Curriculum Catalog
More informationDigital Service Management (DSM)
Digital Service Management (DSM) A Proactive, Collaborative and Balanced Approach for Managing, Improving and Securing an Enterprise Digital Service Portfolio itsm003 v.3.0 Agenda and Objectives What is
More informationBest Practices & Lesson Learned from 100+ ITGRC Implementations
Best Practices & Lesson Learned from 100+ ITGRC Implementations Presenter: Vivek Shivananda CEO of Rsam Dec 3, 2010 ISACA -NY Chapter Copyright 2002 2010 Relational Security Corp. (dba Rsam) Agenda Overview
More informationCybersecurity Survey Results
Cybersecurity Survey Results 4 November 2015 DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
More informationINTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.
2019 SIEM REPORT INTRODUCTION Security Information and Event Management (SIEM) is a powerful technology that allows security operations teams to collect, correlate and analyze log data from a variety of
More informationA New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO
A New Cyber Defense Management Regulation Ophir Zilbiger, CRISC, CISSP SECOZ CEO Personal Background IT and Internet professional (since 1992) PwC (1999-2003) Global SME for Network Director Information
More informationitsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum
itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum Agenda and Objectives The Digital Transformation (Dx) Problem NISTCSF.COM Cybersecurity Curriculum
More informationA Data-Centric Approach to Endpoint Security
A Data-Centric Approach to Endpoint Security September 28, 2017 Eric Ogren Senior Analyst, Security 451 Research Bill Bradley Director of Product Marketing Digital Guardian About Eric Ogren Eric Ogren
More informationBRING EXPERT TRAINING TO YOUR WORKPLACE.
BRING EXPERT TRAINING TO YOUR WORKPLACE. ISACA s globally respected training and certification programs inspire confidence that enables innovation in the workplace. ISACA s On-Site Training brings a unique
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationMOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner
MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use
More informationHIPAA Compliance is not a Cybersecurity Strategy
HIPAA Compliance is not a Cybersecurity Strategy Presented by: Hector Rodriguez, WW Health CISO, Microsoft Jay Trinckes, Director, Coalfire Speaker Introductions Hector Rodriguez, WW Health CISO, Microsoft
More informationUncovering the Risk of SAP Cyber Breaches
Uncovering the Risk of SAP Cyber Breaches Research sponsored by Onapsis Independently Conducted by Ponemon Institute LLC February 2016 1 Part 1. Introduction Uncovering the Risks of SAP Cyber Breaches
More informationTodd Sander Vice President, Research e.republic Inc.
Todd Sander Vice President, Research e.republic Inc. Tsander@erepublic.com Report Background Respondent Type Breakdown Received responses from 74 state elected and appointed officials and 29 staff members
More informationKNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals
KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY Perspectives from U.S. and ese IT Professionals Executive Summary The use of artificial intelligence (AI) and machine learning (ML) in cybersecurity
More informationState of Cloud Survey GERMANY FINDINGS
2011 State of Cloud Survey GERMANY FINDINGS CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Cloud security is top goal and top concern.................................. 8 Finding 2: IT staff
More informationThe HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information
The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,
More informationitsm003 v.3.0 NISTCSF.COM Role-Based IT & NIST Cybersecurity Curriculum Solutions
itsm003 v.3.0 NISTCSF.COM Role-Based IT & NIST Cybersecurity Curriculum Solutions Agenda and Objectives NISTCSF.COM Curriculum Consortium IT & NIST Cybersecurity Frameworks & Methodologies NISTCSF.COM
More informationCYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD
CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD December 2014 KEVIN GROOM ISACA Involvement (Middle Tennessee Chapter) Treasurer (2009 2011) Vice President (2011 2013) President (2013 present)
More informationa publication of the health care compliance association MARCH 2018
hcca-info.org Compliance TODAY a publication of the health care compliance association MARCH 2018 On improv and improving communication an interview with Alan Alda This article, published in Compliance
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More information2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals
2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals Sponsored by Contents Introduction....3 Key Takeaways from the 2017 Report:....3 Security
More informationPULSE TAKING THE PHYSICIAN S
TAKING THE PHYSICIAN S PULSE TACKLING CYBER THREATS IN HEALTHCARE Accenture and the American Medical Association (AMA) surveyed U.S. physicians regarding their experiences and attitudes toward cybersecurity.
More informationHealthcare mobility: selecting the right device for better patient care
Healthcare mobility: selecting the right device for better patient care How Fujitsu Mobile Solutions help accelerate digital transformation with human-centric innovation* Fujitsu Thought Leadership Report
More informationThe Third Annual Study on the Cyber Resilient Organization
The Third Annual Study on the Cyber Resilient Organization Global Independently conducted by the Ponemon Institute Sponsored by IBM Resilient Publication Date: March 2018 Ponemon Institute Research Report
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationEvaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium
Discussion on: Evaluating Cybersecurity Coverage A Maturity Model Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium By: Eric C. Lovell PricewaterhouseCoopers LLP ( PwC ) March 24,
More informationThe Cost of Denial-of-Services Attacks
The Cost of Denial-of-Services Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report The Cost of Denial-of-Service
More informationHITRUST CSF: One Framework
HITRUST CSF: One Framework Leveraging the HITRUST CSF to Support ISO, HIPAA, & NIST Implementation and Compliance, and SSAE 16 SOC Reporting Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Senior
More information*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
Introduction and Bio CyberSecurity Defined CyberSecurity Risks NIST CyberSecurity Framework References *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Chapter 3. Framework Implementation Relationship
More informationISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015
ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO 27001 FRAMEWORK AUGUST 19, 2015 Agenda Coalfire Overview Threat Landscape What is ISO Why ISO ISO Cycle Q&A 2 Presenters
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationCYBERSECURITY RESILIENCE
CLOSING THE IN CYBERSECURITY RESILIENCE AT U.S. GOVERNMENT AGENCIES Two-thirds of federal IT executives in a new survey say their agency s ability to withstand a cyber event, and continue to function,
More informationIncident Response Table Tops
Incident Response Table Tops Agenda Introductions SecureState overview Need for improved incident response capability https://pollev.com/securestate Overview of the exercise: Sample incident response table
More informationState of the Cyber Training Market January 2018
State of the Cyber Training Market January 2018 2018 by CYBERBIT 2018 by CYBERBIT Proprietary CYBERBIT Proprietary Cybersecurity Market Worth 202.36 Billion USD by 2021 Marketandmarkets analysis, 2017
More informationBest wishes for 2018! Bryan Ware, CEO. Haystax Technology INSIDER THREAT PREDICTIONS FOR
See our insider threat predictions for 2018 based on data from nearly 1,500 companies that participated in a multi-year research study on insider attacks. This is the season for predictions, the time when
More informationSecurity Survey Executive Summary October 2008
A government technology Executive Survey Summary: HP Security Survey Executive Summary October 2008 Produced by: In Partnership With: Introduction Information is paramount to the survival of government
More informationHEALTHCARE IT NETWORK SURVEY REPORT
HEALTHCARE IT NETWORK SURVEY REPORT FEBRUARY 2019 PAGE 2 Healthcare IT Network Survey Report INTRODUCTION Harnessing digital technologies for patient engagement is essential for healthcare organizations
More informationHCISPP HealthCare Information Security and Privacy Practitioner
HCISPP HealthCare Information Security and Privacy Practitioner William Buddy Gillespie, HCISPP Global Academic Instructor (ISC)² Former Healthcare CIO Chair Advocacy Committee, CPAHIMSS budgill@aol.com
More informationReducing Cybersecurity Costs & Risk through Automation Technologies
Reducing Cybersecurity Costs & Risk through Automation Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: November 2017 Ponemon Institute Research
More informationCybersecurity Cheat Sheet for the Board of Directors
International Global ehealth Executive Council Cybersecurity Cheat Sheet for the Board of Directors What You Need to Know: A Starter Guide to Find and Fulfil Your Role in Cybersecurity Amidst health care
More informationAchieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)
Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association
More informationMitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment
Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security
More informationEU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS
EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product
More informationCyber Security in Timothy Brown Dell Fellow and CTO Dell Security
Cyber Security in 2016 Timothy Brown Dell Fellow and CTO Dell Security 2016 The middle of a perfect storm Technology Driving Innovation Advanced Adversaries Limited Resources Dell Secureworks Underground
More informationState Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017
State Governments at Risk: State CIOs and Cybersecurity CSG Cybersecurity and Privacy Policy Academy November 2, 2017 About NASCIO National association representing state chief information officers and
More informationbuilding a security culture to counter emerging cybersecurity threats
Academic Medical Center Security and Privacy Conference June 2017 building a security culture to counter emerging cybersecurity threats Chuck Kesler, MBA, CISSP, CISM Chief Information Security Officer
More informationSECURING THE DIGITAL ECONOMY. Reinventing the Internet for Trust
SECURING THE DIGITAL ECONOMY Reinventing the Internet for Trust The Internet Just Can t Keep Up Companies Are Increasingly Dependent on the Internet for Business Growth 90% 76% 18% 35% to rank business
More informationTHE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS
SESSION ID: AST3-R02 THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS Jon Oltsik Senior Principal Analyst Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International Board Director ISSA
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationSECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE
SESSION ID: SBX4W5 SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE Dara Such VP & Publisher, Security Networking and IoT TechTarget @darasuch What we ll cover today State of SecOps:
More informationCloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION
Cloud Computing January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION Purpose and Methodology Survey Sample Field Work December 20, 2011 January 9, 2012 Total Respondents 554 Margin of Error +/- 4.2%
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationThe Role of IT in HIPAA Security & Compliance
The Role of IT in HIPAA Security & Compliance Mario Cruz OFMQ Chief Information Officer For audio, you must use your phone: Step 1: Call (866) 906-0123. Step 2: Enter code 2071585#. Mario Cruz Mario Cruz
More informationIntroduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst
Introduction Angela Holzworth, RHIA, CISA, GSEC Sr. IT Infrastructure Analyst Kimberly Gray, Esq., CIPP/US Chief Privacy Officer, Global, IMS Health 1 Incorporating Privacy into the CSF: Approach and Benefits
More information10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment
Preparing Your Organization for a HHS OIG Information Security Audit David Holtzman, JD, CIPP/G CynergisTek, Inc. Brian C. Johnson, CPA, CISA HHS OIG Section 1: Models for Risk Assessment Section 2: Preparing
More informationHITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.
HITRUST CSF Assurance Program HITRUST CSF Assurance Program The Need Organizations facing multiple and varied assurance requirements from a variety of parties Increasing pressure and penalties associated
More informationMission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS
Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Stephanie Poe, DNP, RN-BC CNIO, The Johns Hopkins Hospital and Health System Discussion Topics The Age of Acceleration Cyber
More informationHelping the C-Suite Define Cyber Risk Appetite. The executive Imperative
Helping the C-Suite Define Cyber Risk Appetite The executive Imperative Welcome Steve Schlarman GRC Strategist CISSP, CISM @steveschlarman Executive Priorities Growth is the highest priority. 54 % 25 %
More informationWhip Your Incident Response Program into Shape
Whip Your Incident Response Program into Shape 1 Agenda Introductions Understand requirements behind an incident response program (IRP). Identify the different components of an effective IRP. Learn how
More informationCYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015
CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015 WELCOME Have a question for the speaker? Text it in using the Ask A Question button! Audio is streamed
More informationGDPR COMPLIANCE REPORT
2018 GDPR COMPLIANCE REPORT INTRODUCTION Effective as of May 25, 2018, the European Union General Data Protection Regulation (GDPR) represents the most sweeping change in data privacy regulation in decades.
More informationCYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services
0 CYBER SECURITY WORKSHOP NOVEMBER 2, 2016 Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services VIDEO: CAN IT HAPPEN TO ME? 1 2 AGENDA CYBERSECURITY WHY SUCH A BIG DEAL? INFORMATION
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationA Global Look at IT Audit Best Practices
A Global Look at IT Audit Best Practices 2015 IT Audit Benchmarking Survey March 2015 Speakers Kevin McCreary is a Senior Manager in Protiviti s IT Risk practice. He has extensive IT audit and regulatory
More informationDefensible Security DefSec 101
Defensible Security DefSec 101 Security Day November 2017 Information Security Branch Paul Falohun Senior Security Analyst Dan Lathigee Senior Project Manager Content 1 Introduction 2 DefSec for PSO 3
More informationThe Twenty- Sixth National HIPAA Summit. HIPAA Summit Day II Morning Plenary Session: HIPAA Security
The Twenty- Sixth National HIPAA Summit HIPAA Summit Day II Morning Plenary Session: HIPAA Security March 30, 2017 John Parmigiani Summit Co-Chair President John C. Parmigiani & Associates, LLC Agenda
More informationISACA International Perspective
ISACA International Perspective 11 th October 2013 Allan Boardman ISACA International Vice President and Board Director Member of ISACA s Strategic Advisory Council Member of the IT Governance Institute
More informationHealthcare HIPAA and Cybersecurity Update
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity
More informationHearing Voices: The Cybersecurity Pro s View of the Profession
SESSION ID: AST2-W02 Hearing Voices: The Cybersecurity Pro s View of the Profession Jon Oltsik Senior Principal Analyst and ESG Fellow Enterprise Strategy Group @joltsik Candy Alexander, CISSP CISM International
More informationCyber, Information Security, and Data Protection
Cyber, Information Security, and Data Protection The past, the present, and th e future 15th, 16th & 17th October 2018 Muscat - Oman Intellectual Events And Conferences Private Limited For more information
More informationFundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL
Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL Shifting budgets and responsibilities require IT and physical security teams to consider fundamental change in day-to-day
More informationISACA Greater Kansas City Chapter
ISACA Greater Kansas City Chapter Measuring the Maturity of your Information Security Program. Impossible? Presented by: Mark Carney, VP of Strategic Services Agenda Definition of Mature Client Approaches
More informationTowards a cyber governance maturity model for boards of directors
Towards a cyber governance maturity model for boards of directors Professor Basie von Solms Centre for Cyber Security University of Johannesburg Johannesburg, South Africa Keywords Cyber Security, Boards,
More informationCERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS
CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS Good IT governance is a key element of a well-performing enterprise. Enterprises need qualified information
More informationBuilding a Threat Intelligence Program
WHITE PAPER Building a Threat Intelligence Program Research findings on best practices and impact www. Building a Threat Intelligence Program 2 Methodology FIELD DATES: March 30th - April 4th 2018 351
More information2016 Survey: A Pulse on Mobility in Healthcare
2016 Survey: A Pulse on Mobility in Healthcare Introduction Mobile Trends in Healthcare Mobility in Healthcare Top Motivation for Implementing a Mobile Solution Impact of Mobility on Patient Experience
More informationSpotlight Report. Information Security. Presented by. Group Partner
Cloud SecuriTY Spotlight Report Group Partner Information Security Presented by OVERVIEW Key FINDINGS Public cloud apps like Office 365 and Salesforce have become a dominant, driving force for change in
More informationEngaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,
Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev
More informationGovernment Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security
Government Resolution No. 2443 of February 15, 2015 33 rd Government of Israel Benjamin Netanyahu Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security It is hereby resolved:
More informationHealthcare Security Success Story
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Healthcare Security Success Story
More informationThe Future of HITRUST
The Future of HITRUST Henry Vynalek, Director, HIE & IT Operations and Security Officer Mike Wells, Director of Security, Director of Engineering The Ohio Health Information Partnership (CliniSync) Henry
More informationAnnual European ehealth Survey
Results, 3 rd Quarter 2017 Annual European ehealth Survey www.himss.eu/analytics 1 TABLE OF CONTENT Survey methodology page 3 Survey overview page 4 Results Key Findings page 5 Current ehealth priorities
More informationCreating a Cybersecurity Culture: (ISC)2 Survey Responses
10/3/18 Creating a Cybersecurity Culture: (ISC)2 Survey Responses Dr. Keri Pearlson (ISC)2 Conference October 8, 2018 CAMS - (IC)3 https://cams.mit.edu 1 200,000Security events The average company handles
More informationBirmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018
1.0 Executive Summary Birmingham Community Healthcare NHS Foundation Trust 2017/17 Data Security and Protection Requirements March 2018 The Trust has received a request from NHS Improvement (NHSI) to self-assess
More informationChoosing an Information Risk Management Framework: The Case for the NIST Cybersecurity Framework (CSF) in Healthcare Organizations
Choosing an Information Risk Management Framework: The Case for the NIST Cybersecurity Framework (CSF) in Healthcare Organizations COMPLIANCE The question becomes: Am I going to spend my cybersecurity
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationUpdate from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013
Update from HIMSS National Privacy & Security Lisa Gallagher, VP Technology Solutions November 14, 2013 Agenda Update on HIMSS new Technology Solutions Department HIPAA Omnibus Rules Meaningful Use 2 P&S
More informationCOURSE BROCHURE. COBIT5 FOUNDATION Training & Certification
COURSE BROCHURE COBIT5 FOUNDATION Training & Certification What is COBIT5? COBIT 5 (Control Objectives for Information and Related Technology) is an international open standard that defines requirements
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationCareer Paths In Cybersecurity
Career Paths In Cybersecurity Introductions Rob Ashcraft Sr. Technical Advisor 26-yrs in Information Technology 14-yrs in Information Security Held positions as Technician, IT Management, IT Sales Double
More informationInformation Security Risk Strategies. By
Information Security Risk Strategies By Larry.Boettger@Berbee.com Meeting Agenda Challenges Faced By IT Importance of ISO-17799 & NIST The Security Pyramid Benefits of Identifying Risks Dealing or Not
More informationIntro to Capture the Flag
Intro to Capture the Flag Talk for General Audience: Why Capture the Flag (CTFs) Matter. Synopsis: CTFs are one example of a gamified learning environment. Gamified ecosystems pose many benefits to professional
More informationMohammad Shahadat Hossain
Mohammad Shahadat Hossain Principal Security Architect at Grameenphone Limited Summary Has extensive knowledge and experience on following:- NIST Cyber Security Framework SANS Top 20 Security Control Network
More informationProtect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP
Protect Your Institution with Effective Cybersecurity Governance 1 Your presenter Mike Cullen, Senior Manager, Baker Tilly CISA, CISSP, CIPP/US > Leads the firm s Higher Education Technology Risk Services
More information