Developing a Comprehensive Security Program and Creating a "Culture of Security"
Typically the traditional Healthcare Information "culture" has not been managed or even significantly influenced by centralized IT or InfoSec personnel. The current environment can be heavily fragmented into various functional and geographic groups, each with very different governance programs and priorities which often seem to be at odds with each other, especially where security and compliance is concerned. There is a critical need for common security policies and enforcement that extend across all these factions which in turn will produce significant benefits in the overall security and compliance posture of any organization.
We also need to decide upon which people, process and technologies will achieve the biggest immediate reduction in risk. Even though many traditional defense mechanisms can be circumvented, it is essential that a proactive, layered, defensive security baseline be established and continuously managed.
We're going to review the current best practices and thinking associated with the most impactful defensive weapons such as:
- Establishing an effective GRC program- Define what policies are you Governed by, how to apply them in a Risk based manner and how do you show Compliance with them?
- Continuous compliance - compliance does not equal security if it is only achieved as a brief moment in time "ceiling"
- User Training and Phishing Protection
- Integrated Risk Based Layered Defense, Information location and classification
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.