What can HITRUST do for me?
|
|
- Regina Barnett
- 8 years ago
- Views:
Transcription
1 What can HITRUST do for me? Dr. Bryan Cline CISO & VP, CSF Development & Implementation Jason Taule Chief Security & Privacy Officer
2 Introduction 2 Purpose Discuss HITRUST support for information protection in the healthcare industry and utility for CMS & CMS contractor organizations Learning Objectives Attendees will: Understand regulatory and business drivers for an industrywide information protection and assurance framework Understand resultant issues and outstanding pain points for healthcare entities, including CMS contractor organizations Understand the role of HITRUST in promoting the adoption of sound risk management practices by healthcare organizations HITRUST RMF (CSF, CSF Assurance Program, Tools such as MyCSF) Other industry support (HITRUST C3, HITRUST Academy, professional certifications)
3 Outline 3 Introduction Background Health Information Trust Alliance (HITRUST) Overview HITRUST Risk Management Framework (RMF) Common Security Framework (CSF) CSF Assurance Tool Support (HITRUST Central / MyCSF) Healthcare Industry Support Cyber Threat Intelligence & Incident Coordination Center (C3) HITRUST Academy Professional Certification Summary/Conclusion Q&A
4 Background Regulatory Drivers 4 Requires a fundamental and holis2c change in the way healthcare manages informa2on security and privacy- related risk HIPAA Established RA requirement for covered entities HITECH Expanded scope to BAs Incentives and penalties Meaningful Use & data breach notification ( harm provision) Increased penalties & enforcement Omnibus Rule Expanded definition of BA Strengthened harm provision Other regulatory drivers PCI, FTC Red Flag, FDA, etc.
5 Background Business Drivers (1) 5 Evolving business relationships and increased complexity Increasingly more data shared with business partners Data dispersed through a complicated web of relationships Multiple/varied assurance requirements from a variety of parties Inordinate level of effort being spent on assurance Negotiation of requirements, data collection, assessment and reporting
6 Background Business Drivers (2) 6 Covered Entities Increasingly more data shared with business partners Complex contracting process due to unique security requirements Low response rate of questionnaires Inaccurate and incomplete responses Inadequate due diligence of questionnaires Costly and time-intensive data collection, assessment and reporting processes Inability to proactively identify and track risk exposures at BA Lack of visibility into downstream risks related to BA (i.e., BAs own business partners and sub-contractors) Lack of consistent reporting to management on BA risks
7 Background Business Drivers (2) 7 Business Associates Complex contracting process due to unique security requirements Broad range / inconsistent expectations for questionnaires Cannot effectively leverage responses between organizations Complexity with: Maintaining broad range of reporting requirements Expensive and time-intensive audits by organizations Lack of focus on high risk issues and actual remediation Inability to consistently and effectively report to and communicate with organizations
8 Pain Points & Value Statements 8 Common Pain Points: Change, Change, Change Customer Demands Audit Fatigue Third Party / Partner Risk Exposure HITRUST Value Proposition: Increased Customer Engagement Ease Lower Cost to Partner Assurance HIPAA Police Defense Tipping Point Insight Ecosystem Entrance Criteria Threat Intelligence Information Sharing
9 HITRUST Overview 9 Health Information Trust Alliance Born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges Led by a seasoned management team and governed by a Board of Directors made up of leaders from across the healthcare industry and its supporters Driving adoption and widespread confidence in sound risk management practices through education, advocacy and other outreach activities
10 HITRUST RMF (1) 10 Multitude of challenges Significant Oversight Evolving requirements Complex business relationships Uncertain standard of care Reasonable & appropriate? Adequate protection? HITRUST Risk Management Framework (RMF) Provides healthcare industry standard of due care and diligence Components include: Common Security Framework (CSF) CSF Assurance Program Related methodologies, services and tools
11 HITRUST RMF (2) 11 Healthcare-centric RMF Rationalizes healthcare-specific requirements Leverages international & U.S. RMFs Single industry approach Current, prescriptive & relevant Free to qualified healthcare organizations Risk-based vs. compliance-oriented Baselines tailored based on multiple risk factors Managed alternate control process Consumable by organizations with limited resources Provides industry standard of due diligence and due care Specifies reasonable and appropriate controls Defines adequate protection
12 HITRUST RMF CSF 12 Rationalized framework ISO provides the foundation NIST provides additional prescription Three risk-based control baselines Organizational, system & regulatory factors Managed tailoring via alternate controls One-time or general use
13 HITRUST RMF CSF Assurance (1) 13 CSF Assurance Program Cost-effective risk assessment High-risk controls (based on breach data analysis) & HIPAA implementation requirements Certified assessor organizations provide consistency / repeatability Risk Exposure HIGH MEDIUM CSF Compliance Assurance with (Self) HIPAA CSF Assurance (3rd Party) Compliance with ISO The CSF Assurance Program balances the cost of assurance with the risk exposure. The program is designed to cost effec?vely gather the informa?on about security controls that is required to appropriately understand and mi?gate risk. Compliance with PCI Compliance with NIST LOW Cost of Assurance
14 HITRUST RMF CSF Assurance (2) 14 CSF Assurance Program Standardized reporting Supports third-party assurance for entities, BAs and regulators Maturity /risk scores support internal baselines / external benchmarking
15 HITRUST RMF CSF Assurance (3) 15 Degrees of Assurance Self-assessments conducted by low risk BA or other partner Third-party assessments provide independent assurances Certified report issued when minimal compliance is demonstrated Validated report results when certification requirements aren t met
16 HITRUST RMF CSF Assurance (4) 16 Significant risks from sharing health data Smaller practices (1 to 100 physicians) accounted for >60% of reported breaches As of mid-2012, BA s were implicated in only 21% of breaches but accounted for 58% of the records breached Many breaches may be under reported or remain undiscovered HITRUST report, A Look Back: U.S. Healthcare Data Breach Trends ( Addressing shared risk thru the CSF Assurance Program Many healthcare entities accept CSF validated and certified reports Six (6) major institutions now require CSF validated or certified reports HITRUST news (
17 HITRUST RMF Tool Support 17 HITRUST Central User portal HITRUST RMF content News / updates Blogs / chats MyCSF GRC-based platform CSF controls Illustrative procedures Assessment scoping Workflow management for assessments and remediation Documentation repository for test plans, CAPs, and supporting documentation Dashboards and reporting Automated submission of assessments for HITRUST validation & certification
18 HITRUST Industry Support C3 18 Cyber Threat Information and Incident Response Coordination Center (C3) Created to protect the U.S. healthcare industry from cyber attacks Relies upon a community defense approach Enables industry s preparedness and response to cyber threats Facilitates knowledge sharing and enhanced preparedness Early identification, coordinated response and incident tracking Works with the U.S. Department of Health and Human Services Shares incident-related information and participates in the Critical Infrastructure Information Sharing and Collaboration Program Provides integrated Cyber Threat Analysis Service (C-TAS) General and sector-specific cyber intelligence Real-time collaborative platform for healthcare cyber defense
19 HITRUST Industry Support Academy 19 Educate healthcare professionals on the concepts and principles of information protection and the utilization of the HITRUST CSF to manage risk ( Practical Applications for Health Information Protection Overview of the healthcare including analysis of industry trends Regulatory landscape for healthcare organizations Market dynamics & challenges facing healthcare Introduction to HITRUST and the CSF Discussion of risk management and the CSF Review of the CSF Assurance Program Practical Applications for the CSF & CSF Assurance Program Introduction to the tools and methodology for utilizing the CSF Thorough review of the CSF structure and detailed explanation of MyCSF Includes discussion of components with case studies illustrating each component Overview of the CSF Assurance Program Program review, including specific requirements for CSF Certification Review of CSF Validated and Certified Reports and their value to relying organizations
20 HITRUST Industry Support Certification 20 HITRUST Certified CSF Practitioner (CCSFP) Certifies assessor personnel to conduct independent, thirdparty HITRUST CSF assessments for validation/certification Requires successful completion of both HITRUST Academy courses with a minimal passing score (ISC)2 Healthcare Information Security & Privacy Professional (HCISPP) Certifies minimum requirements for entry-level information protection professionals in the healthcare industry HITRUST began work on initiative with (ISC)2 in Jan 2012 (ISC)2 Board approved development in Sep 2012 Anticipated delivery to market in late Fall, early Winter 2013 HITRUST will provide training and education materials
21 Summary / Conclusion 21 Healthcare security & privacy Constant change in the threat & regulatory landscape Complex business and clinical relationships increase risk Lack of funding and skilled resources for custom programs Organizations can use targeted risk assessments, in which the scope is narrowly defined, to produce answers to specific questions or to inform specific decisions[,] have maximum flexibility on how risk assessments are conducted, [and] are encouraged to use [NIST] guidance in a manner that most effectively and cost- effectively provides the information necessary to senior leaders/executives to facilitate informed decisions. HITRUST Risk Management Framework CSF provides harmonized set of tailorable safeguards CSF Assurance provides: Standardized, cost-effective assessment Risk-based vs. compliance check-the-box approach Tools support healthcare information protection community HITRUST Central supports information sharing MyCSF supports automated risk assessment & management
22 Questions? Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, ASEP, CAP-II, MCIATT, NSA-IAM/IEM ( (469) * Bryan.Cline@HITRUSTalliance.net Jason Taule, CMC, CPCM, C CISO, CISM, CGEIT, CRISC, CHSIII, CDPS, NSA-IAM ( (443) * Jason.Taule@FIEsystems.com The CSF, CSF Assurance Program and related methodologies and tools that make up the HITRUST RMF are needed more now than ever before. Dan Nutkis, CEO, HITRUST
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationHITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview
More informationManaging Business Risk with HITRUST Leveraging Healthcare s Risk Management Framework
Managing Business Risk with HITRUST Leveraging Healthcare s Risk Management Framework Introduction This presentation is intended to address how an organization can implement the HITRUST Risk Management
More informationHITRUST Risk Management Framework and the Texas Certification Program A Model for the Healthcare Industry
HITRUST Risk Management Framework and the Texas Certification Program A Model for the Healthcare Industry Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP CISO & VP, CSF Development & Implementation
More informationMU Security & Privacy Risk Assessments: What It Is & How to Approach It
MU Security & Privacy Risk Assessments: What It Is & How to Approach It Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Advisor, Health Information Trust Alliance 2011-2014 HITRUST LLC, Frisco,
More informationPerspectives on Navigating the Challenges of Cybersecurity in Healthcare
Perspectives on Navigating the Challenges of Cybersecurity in Healthcare May 2015 1 Agenda 1. Why the Healthcare Industry Established HITRUST 2. What We Are and What We Do 3. How We Can Help Health Plans
More informationCSF Support for HIPAA and NIST Implementation and Compliance
CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST Why does HITRUST exist? Multitude of challenges Significant government oversight Evolving
More informationMU Security & Privacy Risk Assessments: What It Is & How to Approach It
MU Security & Privacy Risk Assessments: What It Is & How to Approach It Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, ASEP, CCSFP CISO & VP, CSF Development & Implementation Health Information Trust Alliance
More informationUnderstanding HITRUST s Approach to Risk vs. Compliance-based Information Protection
Understanding Compliance vs. Risk-based Information Protection 1 Understanding HITRUST s Approach to Risk vs. Compliance-based Information Protection Why risk analysis is crucial to HIPAA compliance and
More informationBIOS Steven Penn, Senior Director CSF Development And Educa9on Programs Bryan Cline, PhD Senior Advisor
1 CSF Roadmap 2015 BIOS Steven Penn, Senior Director CSF Development And Educa9on Programs Steve Penn is an experienced security professional with 15+ years of informa;on security experience. He currently
More informationHIPAA and HITRUST - FAQ
A COALFIRE WHITE PAPER HIPAA and HITRUST - FAQ by Andrew Hicks, MBA, CISA, CCM, CRISC, HITRUST CSF Practitioner Director, Healthcare Practice Lead Coalfire February 2013 Introduction Organizations are
More informationManaging Cybersecurity Risk in a HIPAA-Compliant World
1 P a g e AN EXECUTIVE REVIEW Managing Cybersecurity Risk in a HIPAA-Compliant World by Andrew Hicks, MBA, CISA, CCM, CRISC, HITRUST CSF Practitioner Director, Healthcare Practice Lead, Coalfire Dr. Bryan
More informationSecurity & IT Governance: Strategies to Building a Sustainable Model for Your Organization
Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements
More informationHITRUST. Risk Management Frameworks
Risk Management Frameworks How provides an efficient and effective approach to the selection, implementation, assessment and reporting of information security and privacy controls to manage risk in a healthcare
More informationTestimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology
Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber
More informationHITRUST Risk Management Framework and the Texas Certification Program A Model for the Healthcare Industry
HITRUST Risk Management Framework and the Texas Certification Program A Model for the Healthcare Industry Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP CISO & VP, CSF Development & Implementation
More informationCompliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire
Compliance, Security and Risk Management Relationship Advice Andrew Hicks, Director Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control panel on
More informationAssessment Process. 2013 HITRUST, Frisco, TX. All Rights Reserved.
Assessment Process Assessment Process Define Scope The assessment scope gives context to the security controls and those organizations and individuals relying on the results Organization scope defines
More informationFrequently Asked Questions about the HITRUST Risk Management Framework
Frequently Asked Questions about the HITRUST Risk Management Framework Addressing common questions and misconceptions about the HITRUST CSF, CSF Assurance Program and supporting methods and tools, and
More informationSensitive Data Management: Current Trends in HIPAA and HITRUST
Sensitive Data Management: Current Trends in HIPAA and HITRUST Presented by, Cal Slemp Managing Director, New York, NY June 12, 2012 Speaker Presenter Topic Objective Cal Slemp Managing Director, New York
More informationHITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the Meaningful Use Privacy and Security Risk Assessment September 2010 Table of Contents Regulatory Background CSF Assurance Program Simplifying the Risk Assessment
More informationHealth Industry Implementation of the NIST Cybersecurity Framework
Health Industry Implementation of the NIST Cybersecurity Framework A Collaborative Presentation by HHS, NIST, HITRUST, Deloitte and Seattle Children s Hospital 1 Your presenters HHS Steve Curren, Acting
More informationObtaining CSF Certification Lessons Learned and Why Do It
Obtaining CSF Certification Lessons Learned and Why Do It Aaron Miri, Chief Technology Officer, Children s medical Center of Dallas Ryan Sawyer, Director, Technology Risk and Identity Governance, WellPoint
More informationHITRUST. Assessment Methodology. Version 2.0
HITRUST Assessment Methodology Version 2.0 Table of Contents 1 Introduction... 4 1.1 Assessment Process Flow... 5 2 Project Startup (Step 1)... 7 2.1 Identify Project Coordinator... 7 2.2 Define Project
More informationSecuring Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use
Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing
More informationStrategies for Integra.ng the HIPAA Security Rule
Strategies for Integra.ng the HIPAA Rule Kaiser Permanente: Charles Kreling, Execu.ve Director Sherrie Osborne, Director Paulina Fraser, Director Professional Strategies S21 2013 Fall Conference Sail to
More informationThe HIPAA Omnibus Final Rule
WHITE PAPER The HIPAA Omnibus Final Rule Four risk exposure events that can uncover compliance issues leading to investigations, potential fines, and damage to your organization s reputation. By Virginia
More informationSECURETexas Health Information Privacy & Security Certification Program FAQs
What is the relationship between the Texas Health Services Authority (THSA) and the Health Information Trust Alliance (HITRUST)? The THSA and HITRUST have partnered to help improve the protection of healthcare
More informationIIA Conference. September 18, 2015. Paige Needling Director, Global Information Security Recall, Inc.
IIA Conference September 18, 2015 Paige Needling Director, Global Information Security Recall, Inc. IT SECURITY UMBRELLA Compliance for IT Data Privacy Protection Privacy Risk Assessment Vulnerability
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationIntelligent Vendor Risk Management
Intelligent Vendor Risk Management Cliff Baker, Managing Partner, Meditology Services LeeAnn Foltz, JD Compliance Resource Consultant, WoltersKluwer Law & Business Agenda Why it s Needed Regulatory Breach
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationCORL Dodging Breaches from Dodgy Vendors
CORL Dodging Breaches from Dodgy Vendors Tackling Vendor Security Risk Management in Healthcare Introductions Cliff Baker 20 Years of Healthcare Security experience PricewaterhouseCoopers, HITRUST, Meditology
More informationSecuring Patient Portals
Securing Patient Portals What you need to know to comply with HIPAA Omnibus and Meaningful Use Brian Selfridge, Partner, Meditology Services, LLC Blake Sutherland, VP Enterprise Business, Trend Micro Brian
More informationRe: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )
10 October 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Experience with the Framework for Improving Critical Infrastructure
More information2013 Healthcare Compliance Benchmark Study
2013 Healthcare Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December of 2012, Compliance 360 (now part of SAI Global), conducted a survey among compliance professionals
More informationDashboards as an Effective Tool for HIPAA Security and Privacy Compliance
Dashboards as an Effective Tool for HIPAA Security and Privacy Compliance Bikram Bakshi President & CEO 1 Objectives The problem Key causes for data breaches Comparing these causes with CMS findings on
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationHIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com
HIT Audit Workshop Jeffrey W. Short jshort@hallrender.com 1 Audits and Investigations to be Discussed Meaningful Use Audits HIPAA Audits Data Breach Investigations Software Vendor Audits FTC Investigations
More informationCarl Abramson Gerry Blass Susan A Miller
Introductions 0 Carl Abramson has over 35 years of experience in management consulting, IT management, HIPAA compliance, Critical Infrastructure Cyber Security and business process analysis. Carl is President
More informationGreenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013
Greenway Marketplace Hear from GSG Compliance & White Plume November 14, 2013 Marketplace Mission Statement To enhance the Greenway customer user experience by offering innovative, forwardthinking technologies
More informationCompliance Management, made easy
Compliance Management, made easy LOGPOINT SECURING BUSINESS ASSETS SECURING BUSINESS ASSETS LogPoint 5.1: Protecting your data, intellectual property and your company Log and Compliance Management in one
More informationVendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire
Vendor Management Challenges and Solutions for HIPAA Compliance Jim Sandford Vice President, Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationBusiness Associate Management Methodology
Methodology auxilioinc.com 844.874.0684 Table of Contents Methodology Overview 3 Use Case 1: Upstream of s I manage business associates 4 System 5 Use Case 2: Eco System of s I manage business associates
More informationHIPAA Compliance and Reporting Requirements
Healthcare IT Assurance Peace of Mind Through Privacy and Security Risk Management By Dan Schroeder, CPA, MBA, CISA, CIA, PCI QSA, CISM, CIPP/US Dan.schroeder@hawcpa.com BRIEF CONTENTS HCIT IMPROVES THE
More informationHow To Manage Cybersecurity In Healthcare
Healthcare s Model Approach to Critical Infrastructure Cybersecurity How the Industry is Leading the Way with its Information Security Risk Management Framework June 2014 Healthcare s Model Approach to
More informationHealthcare s Model Approach to Critical Infrastructure Cybersecurity
Healthcare s Model Approach to Critical Infrastructure Cybersecurity How the Industry is Leading the Way with its Information Security Risk Management Framework June 2014 Healthcare s Model Approach to
More informationHITRUST Common Security Framework
HITRUST Common Security Framework 2014 Version 6.1 Page 1 of 470 Summary of Changes Version Description of Change Author Date Published 1.0 Final Version of Initial Release HITRUST September 11, 2009 2.0
More informationDodging Breaches from Dodgy Vendors: Tackling Vendor Risk Management in Healthcare
Dodging Breaches from Dodgy Vendors: Tackling Vendor Risk Management in Healthcare Strengthening Cybersecurity Defenders #ISC2Congress Healthcare and Security "Information Security is simply a personal
More informationUsing the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6
to Assess Cybersecurity Preparedness 1 of 6 Introduction Long before the signing in February 2013 of the White House Executive Order Improving Critical Infrastructure Cybersecurity, HITRUST recognized
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationWhite Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA
White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial
More informationSecurityMetrics Business Associate HIPAA compliance program
SecurityMetrics Business Associate HIPAA compliance program IS YOUR PHI SAFE? Business associates help your business succeed, but are they a liability? When your BAs are not HIPAA compliant, your business
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationArchitecting Security to Address Compliance for Healthcare Providers
Architecting Security to Address Compliance for Healthcare Providers What You Need to Know to Help Comply with HIPAA Omnibus, PCI DSS 3.0 and Meaningful Use November, 2014 Table of Contents Background...
More information2009 HIMSS Security Survey
2009 HIMSS Security Survey Statement to the HIT Standards Committee Privacy and Security Workgroup Lisa Gallagher, BSEE, CISM, CPHIMS Healthcare Information and Management Systems Society Secretary Chopra,
More informationIT Security & Compliance Risk Assessment Capabilities
ATIBA Governance, Risk and Compliance ATIBA provides information security and risk management consulting services for the Banking, Financial Services, Insurance, Healthcare, Manufacturing, Government,
More informationPCI DSS READINESS AND RESPONSE
PCI DSS READINESS AND RESPONSE EMC Consulting Services offers a lifecycle approach to holistic, proactive PCI program management ESSENTIALS Partner with EMC Consulting for your PCI program management and
More informationKLC Consulting, Inc. All Rights Reserved. 1 THIRD PARTY (VENDOR) SECURITY RISK MANAGEMENT
1 THIRD PARTY (VENDOR) SECURITY RISK MANAGEMENT About Kyle Lai 2 Kyle Lai, CIPP/G/US, CISSP, CISA, CSSLP, BSI Cert. ISO 27001 LA President of KLC Consulting, Inc. Over 20 years in IT and Security Security
More information2015 Minnesota e-health Summit Data Privacy and Security Prevailing Federal Laws for Local Public Health
2015 Minnesota e-health Summit Data Privacy and Security Prevailing Federal Laws for Local Public Health Adam Stone, MBA, CISSP, CIPP/US, ISSMP, HCISPP, CHPS Secure Digital Solutions, LLC 952-544-0234
More informationSecure Cloud Hosting for Healthcare Organizations
Secure Cloud Hosting for Healthcare Organizations OUR MISSION FIREHOST MISSION Our core is an unshakable, no compromise commitment to protect our customer's digital assets with integrity and innovation
More informationEthics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015
Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More information11/27/2015. Cyber Risk as a Component of Business Risk: Communicating with the C-Suite. Conflict of interest. Learning Objectives
Cyber Risk as a Component of Business Risk: Communicating with the C-Suite Jigar Kadakia DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily
More informationHIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services
HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability
More informationBusiness Associates and HIPAA
Business Associates and HIPAA What BAs need to know to comply with HIPAA privacy and security rules by Dom Nicastro White paper The lax days of complying with privacy and security laws are over for business
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More informationCloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015
Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationIT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014
IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system
More informationStrategies for. Proactively Auditing. Compliance to Mitigate. Matt Jackson, Director Kevin Dunnahoo, Manager
Strategies for 1 Proactively Auditing HIPAA Security Compliance to Mitigate Risk Matt Jackson, Director Kevin Dunnahoo, Manager AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois www.ahia.org
More informationIMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE
IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business
More informationData Privacy & Security in the Cloud: Legal Basics and New Developments
Data Privacy & Security in the Cloud: Legal Basics and New Developments Lawrence R. Freedman Partner, Edwards Wildman Palmer LLP lfreedman@edwardswildman.com (202) 939-7923 1 The Basics Two basic data
More informationGuided HIPAA Compliance
Guided HIPAA Compliance HIPAA Solutions for Office Managers and Practitioners SecurityMetrics We protect business Since its founding in 2000, privately-held SecurityMetrics has grown from a small security
More informationDissecting New HIPAA Rules and What Compliance Means For You
Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the
More informationDon t Get Left in the Dust: How to Evolve from CISO to CIRO
SESSION ID: CXO-W04 Don t Get Left in the Dust: How to Evolve from CISO to CIRO JC-JC James Christiansen VP Information Risk Management Accuvant jchristiansen@accuvant.com Bradley J. Schaufenbuel, CISSP
More informationHIPAA/HITECH Privacy and Security for Long Term Care. Association of Jewish Aging Services 1
HIPAA/HITECH Privacy and Security for Long Term Care 1 John DiMaggio Chief Executive Officer, Blue Orange Compliance Cliff Mull Partner, Benesch, Healthcare Practice Group About the Presenters John DiMaggio,
More informationIs Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationHow To Protect Yourself From A Hacker Attack
Cybersecurity Demystified: Information Technology Security Trends Joe Oleksak, Plante Moran Agenda Data Security Trends Example Attacks Industry Examples An Answer 1 Who Are The Victims? Targets - victims
More informationVendor Compliance Management Series: Performing an Effective Risk Assessment
Vendor Compliance Management Series: Performing an Effective Risk Assessment Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must
More informationBringing Box into HIPAA Alignment. Bob Flynn & Anurag Shankar University Information Technology Services Indiana University
Bringing Box into HIPAA Alignment Bob Flynn & Anurag Shankar University Information Technology Services Indiana University Outline 1. Introduction 2. Service Partnership 3. Legal Requirements 4. Risk Management
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
More informationAnalysing the US HIPAA legacy and future changes on the horizon
Volume: 10 Issue: 2 Analysing the US HIPAA legacy and future changes on the horizon The US Department of Health and Human Services issued the long-awaited final omnibus rule under the Health Insurance
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationIDENTIFYING VENDOR RISK THE CRITICAL FIRST STEP IN CREATING AN EFFECTIVE VENDOR RISK MANAGEMENT PROGRAM
IDENTIFYING VENDOR RISK THE CRITICAL FIRST STEP IN CREATING AN EFFECTIVE VENDOR RISK MANAGEMENT PROGRAM HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655 THE CRITICAL FIRST STEP IN
More informationCybersecurity in the States 2012: Priorities, Issues and Trends
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
More informationWell-Documented Controls Reduce Risk and Support Compliance Initiatives
White Paper Risks Associated with Missing Documentation for Health Care Providers Well-Documented Controls Reduce Risk and Support Compliance Initiatives www.solutionary.com (866) 333-2133 Many Health
More informationSecure360. Measuring the Maturity of your Information Security Program Impossible? Presented by: Mark Carney, VP of Strategic Services
Secure360 Measuring the Maturity of your Information Security Program Impossible? Presented by: Mark Carney, VP of Strategic Services Question about Life HOW DO YOU KNOW IF YOU ARE GETTING THE MOST OUT
More informationDeveloping HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant
Developing HIPAA Security Compliance Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Learning Objectives Identify elements of a HIPAA Security compliance program Learn the HIPAA Security Rule basics
More informationCyber Security Risks for Banking Institutions.
Cyber Security Risks for Banking Institutions. September 8, 2014 1 Administrative CPE regulations require that online participants take part in online questions Must respond to a minimum of four questions
More informationInformation Protection Framework: Data Security Compliance and Today s Healthcare Industry
Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationCORE Security and GLBA
CORE Security and GLBA Addressing the Graham-Leach-Bliley Act with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com
More informationReport Book: Retina Network Security Scanner Unlimited
REPORT BOOK Report Book: Retina Network Security Scanner Unlimited Version 5.20 January 2015 1 Table of Contents Retina Network Security Scanner Unlimited... 3 Report Title: Remediation Report... 3 Report
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationHealthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council
Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Presented by Doug Copley, Chairman Michigan Healthcare Cybersecurity Council Mr. Chairman and Committee Members,
More information