Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Similar documents
Cyber Resilience. Think18. Felicity March IBM Corporation

Security and Privacy Governance Program Guidelines

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Commonwealth Cyber Declaration

Cybersecurity for Health Care Providers

THE POWER OF TECH-SAVVY BOARDS:

STRATEGIC PLAN. USF Emergency Management

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

The Cyber War on Small Business

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Business continuity management and cyber resiliency

Cyber Security in Europe

Incident Response Table Tops

Defensible and Beyond

Cybersecurity in Higher Ed

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

TAN Jenny Partner PwC Singapore

What Does the Future Look Like for Business Continuity Professionals?

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Make your people your most effective defence against cyber-attacks. Brought to you in partnership with

Cybersecurity Risk Management:

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

The NIST Cybersecurity Framework

Bradford J. Willke. 19 September 2007

The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes

Cyber Risk in the Marine Transportation System

June 5, 2018 Independence, Ohio

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

falanx Cyber Falanx Phishing: Measure your resilience

Homeland Security Perspectives: Oregon Fire District Directors Association October 25, 2018

Information Governance, the Next Evolution of Privacy and Security

PULSE TAKING THE PHYSICIAN S

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Sage Data Security Services Directory

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

How to be cyber secure A practical guide for Australia s mid-size business

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

Cyber security tips and self-assessment for business

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Why you should adopt the NIST Cybersecurity Framework

Continuity of Operations During Disasters: Electronic Systems and Medical Records

Building a Resilient Security Posture for Effective Breach Prevention

The GenCyber Program. By Chris Ralph

Cyber Security & Homeland Security:

CYBER SECURITY FOR WATER AND WASTEWATER UTILITIES PRESENTED BY: DAVID A. CHANDA, PE

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

HIPAA Compliance is not a Cybersecurity Strategy

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

U.S. Customs and Border Protection Cybersecurity Strategy

National Cybersecurity Center of Excellence

FDA & Medical Device Cybersecurity

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

European Union Agency for Network and Information Security

The NIS Directive and Cybersecurity in

Developing a Model for Cyber Security Maturity Assessment

POSITION DESCRIPTION

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Addressing the elephant in the operating room: a look at medical device security programs

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

Information Security Controls Policy

Florida State University

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

Defending Our Digital Density.

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

AUSTRALIA Building Digital Trust with Australian Healthcare Consumers

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Medical Device Cybersecurity: FDA Perspective

Securing the User: Winning Hearts & Minds to Drive Secure Behavior

Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Tracy Hackshaw, Chair, Internet Society Trinidad & Tobago Chapter 2 October 2018 Commonwealth ICT Forum 2018 Port of Spain, Trinidad & Tobago

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

Table of Contents. Sample

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

MANAGING CYBER RISK: THE HUMAN ELEMENTS OF CYBERSECURITY

DHS Election Task Force Updates. Geoff Hale, Elections Task Force

Emerging Issues: Cybersecurity. Directors College 2015

GDPR: The Day After. Pierre-Luc REFALO

Cybersecurity Today Avoid Becoming a News Headline

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

CISO as Change Agent: Getting to Yes

Transcription:

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Stephanie Poe, DNP, RN-BC CNIO, The Johns Hopkins Hospital and Health System

Discussion Topics The Age of Acceleration Cyber Risk and Cyber Resilience Cybersecurity Infrastructure and Nursing Informatics Building Cyber Resilience Resilience Training Content 2

The Age of Acceleration SETTING THE CONTEXT 3

The Age of Acceleration Exponential Growth of Computing Power (Technology) Compelling Evidence of Climate Change Massive Globalization 4

Cyber Risk as defined by the Institute of Risk Management Any risk of financial loss, service disruption, or reputational damage to an organization from some sort of failure of its information technology systems. Not a question of if, but when 5

An Emerging Lexicon Cyberattack Cyber Crime Cyber Ecosystem Cyber Event Cyber Exercise Cyber Health/Safety Cyber Hygiene Cyber Incident Cyber Infrastructure Cyber Literacy Cyber Operations Cyber Ops Planning Cyber Risk Cybersecurity Cyber Threat Cyber Resilience 6

Data Breach Hacktivism Phishing Ransomware Social Engineering Massive Security Flaws 7

Cyber Risk Threatens HIPAA security Personal security Business continuity Service excellence Patient safety Financial stability 8

Cyber Resilience CRITICAL CYBERSECURITY INFRASTRUCTURE AND THE ROLE OF NURSING INFORMATICS SPECIALISTS 9

Given the inevitability of cyber incidents, how can we best prepare? Risk Resilience 10

Cybersecurity Systemic challenge Affects digital economy & society Risk is loss of networks, data, services Risk is reputational and existential Urgency is now World Economic Forum (2017). System Initiative on the Digital Economy and Society: Advancing Cyber Resilience: Principles and tools for Boards. 11

NIST Definitions Cybersecurity: process of protecting information by preventing, detecting, and responding to attacks Cyber Event: change that may have an impact on organizational operations Cyber Incident: event that has been determined to have an impact on the organization prompting the need for response and recovery 12

Critical Infrastructure Components Identify Asset management Business environment Governance Risk assessment Risk mitigation Supply chain risk management NIST Framework for Improving Critical Infrastructure Cybersecurity, 2018 13

Partnership for Identify Function Emergency Management Clinical Informatics Information Technology 14

Critical Infrastructure Components Protect Identity management Authentication Access control Cybersecurity awareness and training Data security Information protection processes Maintenance and repairs Protective technology NIST Framework for Improving Critical Infrastructure Cybersecurity, 2018 15

Partnership for Protect Function Access Security Academic Trainees Cybersecurity Training 16

Critical Infrastructure Components Detect Anomalies and events Security continuum monitoring Detection processes NIST Framework for Improving Critical Infrastructure Cybersecurity, 2018 17

Partnership for Detect Function High Reliability Situational Awareness Vigilance Training 18

Critical Infrastructure Components Respond Response planning Communication Analysis Mitigation Improvements NIST Framework for Improving Critical Infrastructure Cybersecurity, 2018 19

Partnership for Respond Function Communication Downtime Forms Downtime Reports 20

Critical Infrastructure Components Recover Recovery planning Communication NIST Framework for Improving Critical Infrastructure Cybersecurity, 2018 21

Partnership for Recovery Function Recovery Procedures Short-term Recovery Long-term Recovery 22

Building Cyber Resilience STOP THINK - CONNECT 23

Cyber-Resilience A public good Information stewardship Strategy & culture versus tactics Accountability: Board and Executive Team Responsibility: All World Economic Forum (2017). System Initiative on the Digital Economy and Society: Advancing Cyber Resilience: Principles and tools for Boards. 24

Cybersecurity Triad Stop Think Connect Processes People Technology National Cybersecurity Awareness Month every October: collaborative effort between government and industry 25

Staff Awareness Password Safety? Phishing? Reporting suspicious activity? Social media? BYOD? Connected medical devices? Removable data? Personal information? Information handling? Remote and mobile working? Web plug-ins? Shadow IT or free software? 26

Developing Cyber Resilience in Faculty and Employees Engage Extend Educate Endure Execute Evaluate Johns Hopkins Research & Quality Group Translation Model, Pronovost et. al., 2008 27

Developing Resilience Engage Who are your stakeholders? Know where they stand their knowledge, their skills Make personal connections with real world application Promote interest and curiosity 28

Developing Resilience Educate Where are the knowledge gaps? Raise awareness Provide information and make it personal Encourage inquiry and exploration 29

Developing Resilience Execute Assign personal responsibility Teach cyber hygiene best practices Test cyber hygiene competency Practice IT emergency management 30

Developing Resilience Evaluate Monitor behaviors Review incident reports related to security breaches Debrief unplanned technology outages 31

Developing Resilience Extend Share best practices across job roles Share lessons learned during unplanned outages Design for high reliability 32

Developing Resilience Endure Plan for sustaining resilience over time Conduct refreshers Hold cyber hygiene campaigns Reward/recognize resilience behaviors 33

Sample Educational Content HARDWIRING CYBER HYGIENE PRACTICES TO BUILD RESILIENCE 34

Teaching Principles of Good Cyber Hygiene Password management Situational awareness Phishing detection 35

Cyber Hygiene Best Practices for end users Use $trong3r passwords (use numbers, symbols, upper & lower case letters) 36

Cyber Hygiene Best Practices for end users Change passwords regularly (every 45-90 days) 37

Cyber Hygiene Best Practices for end users Don t change your passwords or enter personal credentials over public Wi-Fi 38

Cyber Hygiene Best Practices for end users Don t share usernames, passwords, or access codes with anyone 39

Cyber Hygiene Best Practices for end users Don t open emails, links, or attachments from strangers 40

Cyber Hygiene Best Practices for end users Disable Auto connect Wi- Fi or enable Ask to Join Networks 41

Cyber Hygiene Best Practices for end users Use your cell network when security is important (4G, 5G, LTE) 42

Cyber Hygiene Best Practices for end users Limit personally identifiable information on social media 43

Cyber Hygiene Best Practices for end users Limit how often you like a status, follow a page, or allow an app to access your social media profile 44

Cyber Hygiene Best Practices for end users Be wary of unsolicited calls asking you to break normal security features, 45

Cyber Hygiene Best Practices for end users Update apps and computers within 24 hours of notification 46

Cyber Hygiene Best Practices for end users Use the latest browsers; they have improved security 47

Cyber Hygiene Best Practices for end users Enable privacy settings, increase default security settings, set up alerts 48

Cyber Hygiene Best Practices for end users Before clicking on anything, stop, think, and check if it is expected, valid & trusted. 49

Managing The Age of Acceleration Exponential Growth of Computing Power (Technology) Compelling Evidence of Climate Change Massive Globalization Nursing Informatics Leadership is Critical to Developing Cyber Resilience 50

Questions? Contact information: spoe@jhmi.edu 51

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback