Perspectives on Navigating the Challenges of Cybersecurity in Healthcare
|
|
- Candice Patrick
- 8 years ago
- Views:
Transcription
1 Perspectives on Navigating the Challenges of Cybersecurity in Healthcare May
2 Agenda 1. Why the Healthcare Industry Established HITRUST 2. What We Are and What We Do 3. How We Can Help Health Plans Manage Cyber Risk 4. What Are Common Questions and Misconceptions 5. How To Get Engaged and Locate Resources 2
3 WHY THE HEALTHCARE INDUSTRY ESTABLISHED HITRUST 3
4 Industry Challenges as Catalyst for HITRUST In 2006, healthcare organizations faced multiple challenges with regards to information security: Costs and complexities of redundant and inconsistent requirements and standards Confusion around implementation and acceptable baseline controls Information security audits subject to different interpretations of control objectives and safeguards Increasing scrutiny and similar queries from regulators, auditors, underwriters, customers and business partners Growing risk and liability associated with information protection Lack of educational resources available to health information security professionals 4
5 Confusion with Existing Standards (Circa 2007) The multitude of standards and regulations in the healthcare industry introduces ambiguity, inefficiencies, cost and distraction from the complicated business of protecting healthcare organizations The corresponding table denotes how a variety of standards address Access Control. Standard CPA Firm (SAS 70, SysTrust, SoX) PCI CCHIT ISO Access Control Variations The logical access to and use of IT computing resources should be restricted by the implementation of adequate identification, authentication and authorization mechanisms, linking users and resources with access rules. Such mechanisms should prevent unauthorized personnel, dial-up connections and other system (network) entry ports from accessing computer resources and minimize the need for authorized users to use multiple sign-ons. Procedures should also be in place to keep authentication and access mechanisms effective (e.g., regular password changes.) Limit access to computing resources and cardholder information to only those individuals whose job requires such access. Identify all users with a unique username before allowing them to access system components or cardholder data. The system shall enforce the most restrictive set of rights/privileges or accesses needed by users/groups (e.g. System administration, Clerical, Nurse, Doctor, etc.), or processes acting on behalf of users, for the performance of specified tasks. There shall be a formal user registration and de-registration procedure in place for granting and revoking access to all information systems and services. The allocation and use of privileges shall be restricted and controlled. Example Implementation Standards Access Control Human Resources Security Risk Assessment Security Policy Organization of Information Security Compliance Asset Management Physical and Environmental Communications and Operations Management Information Systems Acquisition, Development, and Maintenance Incident Management Business Continuity URAC HITSP NIST COBIT ITIL HIPAA Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights. Access Control is managed (created, modified, deleted, suspended, or restored, and provisioned based on defined rules and attributes). Data access policy is enforced. User data are located by an entity with the ability (privileges) to search across systems. Protected data are accessed based on access control decisions information attributes for data access. Select protected data are blocked from users otherwise authorized to access the information resource. A subject can execute a transaction only if the subject has selected or been assigned a role. The identification and authentication process (e.g. login) is not considered a transaction. All other user activities on the system are conducted through transactions. Thus all active users are required to have some active role. A subject s active role must be authorized for the subject. With (1) above, this rule ensures that users can take on only roles for which they are authorized. A subject can execute a transaction only if the transaction is authorized through the subject s role memberships, and subject to any constraints that may be applied across users, roles, and permissions. This rule ensures that users can execute only transactions for which they are authorized. The logical access to and use of IT computing resources should be restricted by the implementation of adequate identification, authentication and authorization mechanisms, linking users and resources with access rules. Such mechanisms should prevent unauthorized personnel, dial-up connections and other system (network) entry ports from accessing computer resources and minimize the need for authorized users to use multiple sign-ons. Procedures should also be in place to keep authentication and access mechanisms effective (e.g., regular password changes). Access Management is effectively the execution of both Availability and Information Security Management, in that it enables the organization to manage the confidentiality, availability and integrity of the organization s data and intellectual property. Access Management ensures that users are given the right to use a service, but it does not ensure that this access is available at all agreed times - this is provided by Availability Management. Implement policies and procedures for granting access to electronic PHI through access to a workstation, transaction, program, process or other mechanism. Implement policies and procedures that based upon the entity s access authorization policies, establish, document, review, and modify a user right of access to a workstation, transaction, program or process. 5
6 HITRUST Mission and Objectives In 2007, the Health Information Trust Alliance or HITRUST was formed by a group of concerned healthcare organizations out of the belief improvements in the state of information security and privacy in the industry are critical to the broad adoption, utilization and confidence in health information systems, medical technologies and electronic exchanges of health information, all of which are necessary to improve the quality of patient care while lowering the cost of healthcare delivery. Key focus: Increase the protection of protected health and other sensitive information Mitigate and aid in the management of risk associated with health information Contain and manage costs associated with appropriately protecting sensitive information Increase consumer and governments confidence in the industry's ability to safeguard health information Address increasing concerns associated with business associate and 3rd party privacy, security and compliance Work with federal and state governments and agencies and other oversight bodies to collaborate with industry on information protection Facilitate sharing and collaboration relating to information protection amongst and between healthcare organizations of varying types and sizes Enhance and mature the knowledge and competency of health information protection professionals 6
7 WHAT WE ARE AND WHAT WE DO 7
8 HITRUST in a Snapshot Best known for: Developing HITRUST CSF-- in 7th major release Annual health information breach and loss analysis report Cyber preparedness and response exercises CyberRX Adoption of CSF By 83% of hospitals 1 (most widely adopted) By 82% of health plans 2 (most widely adopted) Adoption of CSF Assurance Over 23,000 CSF assessments in last three years (10,000 in 2014) Most widely utilized approach by healthcare organizations and 3rd party risk assessments Supports State of Texas Privacy and Security Certification SecureTexas Supporting Cyber Threat Intelligence Sharing and Incident Preparedness and Response Operates Cyber Threat Exchange (CTX) as industry cyber threat early warning system and to automate indicator of compromise distribution Federally recognized Information Sharing and Analysis Organization (ISAO) Information sharing agreement with Department of Health and Human Services (HHS) Information sharing agreement with the Department of Homeland Security as part of critical infrastructure program Partnership with HHS for monthly industry cyber threat briefings Partnership with HHS for industry cyber threat preparedness and response exercises CyberRX Information Protection Education and Training Over 1500 professionals obtained Certified Common Security Framework Practitioner (CCSFP) designation CSF specific Partnered with International Information System Security Certification Consortium, Inc., (ISC)² to develop broader healthcare certified information security professional credential HealthCare Information Security and Privacy Practitioner (HCISPP) Annual conference: In 2012 HITRUST began holding health information protection professional annual conference 1 Based on facilities in the 2011 AHA hospital and health system data as of Dec Based on health plans with over 500,000 members as of Dec
9 HITRUST Primary Focus Areas in 2015 Risk Management and Compliance CSF CSF Assurance Other Programs Third-party Assurance MyCSF SecureTexas Standards Scorecards Combined Program Reporting Cybersecurity Threat Intelligence and Incident Coordination Center (C3) Cyber Threat XChange CyberVision CyberRX Cyber Threat Briefings Cyber Discovery Study Education and Research HITRUST Academy Leadership Roundtable White papers and guidance documents Information protection-related studies 9
10 Risk Management and Compliance HITRUST CSF Prescriptive, Scalable and Certifiable Risk Framework Built for Healthcare HITRUST CSF, a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information Incorporates both information security and privacy ISO being used as the foundation upon which the CSF controls were built. ISO/IEC provides an international standard for the implementation and maintenance of an information security management system (ISMS) Harmonizes multiple healthcare specific regulations and standards Now includes 25 major authoritative sources including federal and state regulations, globally recognized standards, and industry best practices Addresses industry challenges by leveraging and enhancing existing standards and regulations to provide organizations of varying sizes and risk profiles with prescriptive implementation requirements Implementation requirements based on specific risk factors allows organizations to focus on implementing the requirements and measuring excessive residual risk by the maturity of their implementation Resulting in a risk- rather than compliance-based information protection approach Standards Incorporated Into the CSF 16 CFR Part 681 Identity Theft Red Flags 201 CMR State of Massachusetts Data Protection Act Cloud Security Alliance (CSA) Cloud Controls Matrix v1.1 CMS IS ARS 2012 v2 COBIT 4.1 and 5 Encryption and Destruction Guidance Federal Register 45 CFR Parts 160 and 164 Federal Register 21 CFR Part 11 HIPAA Federal Register 45 CFR Part 164 (Omnibus) ISO/IEC 27001/2:2005 & 2011 ISO/IEC 27799:2008 Joint Commission NIST Cybersecurity Framework (CsF) NIST Special Publication r4 NIST Special Publication NRS: Chapter 603A State of Nevada PCI Data Standard v3 Texas Health and Safety Code 181 State of Texas Texas Administrative Code State of Texas 10
11 Risk Management and Compliance HITRUST CSF HITRUST maintains, supports and ensures the relevancy and applicability Updates authoritative sources and incorporated frameworks, standards and regulations Performs analysis on breach incidents to determine impact on CSF guidance and risk factors Updated no less frequently than annually and is available for comment by the healthcare industry and professional services firms Adds addition sources based on industry input and CSF Advisory Committee Public comment period for each release Mapping and analysis provided for review Recent updates Release v6.1 in Apr 2014 integrated the NIST cybersecurity framework Release v7 in Jan 2015 incorporated Mars-E and HIPAA-based privacy requirements Upcoming Release v8 in Dec 2015 will incorporate PCI updates and streamlined assessment requirements for privacy and small organizations such as physician practices Meaningful Use Meaningful Use COBIT COBIT HIPAA Omnibus Final Rule ISO 27001/2 Texas Health & Safety Code NIST ISO 27001/2 HIPAA Omnibus Final Rule HITRUST CSF Texas Health & Safety Code NIST FTC Red Flag s PCI FTC Red Flag s PCI 11
12 Risk Management and Compliance HITRUST CSF Comparison With Other Frameworks Requirement CSF COBIT PCI ISO NIST HIPAA Comprehensive general security Yes Yes Yes Yes Yes Partial Comprehensive regulatory, statutory, and business requirements Yes No No No No No Prescriptive Yes No Yes Partial Yes No Practical and scalable Yes Yes No No No Yes Audit or assessment guidelines Yes Yes Yes Yes Yes No Certifiable Yes Yes Yes Yes No No Support for third-party assurance Yes Yes Yes Yes No No Open and transparent update process Yes No Yes Yes Yes Yes Cost Free Free Free Subsc. Free Free Ongoing enhancements and maintenance reduce organizations from the complexity and expense of integrating and tailoring these multiple requirements and best practices into a custom framework The HITRUST CSF is supported by a broader risk management framework (RMF), which includes the CSF Assurance Program and supporting methodologies and tools 12
13 Risk Management and Compliance CSF Assurance Organizations face multiple and varied assurance requirements from a variety of parties, including increased pressure and penalties associated with HHS enforcement efforts and an inordinate level of effort on negotiation of requirements, data collection, assessment and reporting. Healthcare Organization Healthcare Organization Healthcare Organization Analyze Results and Mitigate HITRUST CSF Assurance Program Assess and Report Status with Corrective Actions Business Associate Business Associate Business Associate The HITRUST CSF Assurance Program provides: A risk-based approach to selecting controls for assessment and formal certification A common, standardized methodology to effectively and consistently measure compliance and risk Simplified information collection and reporting Consistent testing procedures and scoring Demonstrable efficiencies and cost-containment Assessments performed by qualified professional services firms CSF Assessors 13
14 Risk Management and Compliance CSF Assurance Combined CSF and SOC2 Reports HITRUST and the American Institute of CPAs (AICPA) have partnered to enable organizations to utilize the HITRUST CSF as the controls for their SSAE16 SOC2 A converged HITRUST and AICPA reporting model helps organizations leverage the work invested in a CSF implementation to meet their Service Organization Control (SOC2) reporting requirements Final guidance should be available in June
15 Risk Management and Compliance Other Programs Third-party Assurance Streamlines the business associate assurance process Utilizes the tools and methodologies of the CSF Assurance Program Allows healthcare organizations to efficiently and effectively assess their business partners and manage risk Allows assessed organizations to undergo one assessment and report to multiple entities Many healthcare entities accept a CSF validated and certified reports for evaluating 3rd party information protection and some require We have seen the list requiring it growing in the last three months Many business associates are CSF Certified recent additions: Microsoft Office365 Amazon AWS 15
16 Risk Management and Compliance Other Programs MyCSF: Provides a cost-effective, comprehensive tool to perform assessments and manage compliance. Full or customized views of the CSF Multiple questionnaires with increasing levels of granularity Industry benchmarking data Supports reporting and remediation 16
17 Risk Management and Compliance Other Programs SecureTexas Texas Health Services Authority awarded HITRUST to provide the first state-sponsored covered entity privacy and security certification in the United States Allows THSA to provide certification specified in Texas House Bill 300 Certification offers penalty reduction and risk mitigation Current bill in Texas Senate to provide safe harbor Model that other states are reviewing 17
18 Risk Management and Compliance Alignment with NIST CsF NIST Cybersecurity Framework provides a high-level incident response-oriented framework by which critical infrastructure industries can develop and implement industry, sector, or organizational-level risk management programs that are holistic, based upon a common set of principles, and can be communicated with stakeholders regardless of organization, sector or industry. HITRUST provides an RMF that is consistent with the NIST Cybersecurity Framework for the healthcare industry and either meets or exceeds the requirements and also addresses non-cyber threats and incorporates a robust assurance program More specifically: NIST Cybersecurity Framework categorizes cybersecurity controls according to an incident response process (functions and sub-functions) as opposed to a traditional RMF NIST Cybersecurity Framework incorporates 80% of the NIST SP r4 security controls for the moderate level baseline by reference, whereas the CSF fully incorporates the NIST security and privacy controls HITRUST CSF provides an integrated, harmonized set of requirements specific to healthcare as compared to individual references to controls in NIST and other frameworks HITRUST CSF Assurance Program provides an integrated set of tailorable requirements, which are fully supported by an integrated maturity model HITRUST CSF Assurance Program provides a pool of vetted assessor organizations and centralized quality assurance processes to ensure consistent and repeatable assessments 18
19 Risk Management and Compliance Alignment with NIST CsF NIST Cybersecurity Scorecard HITRUST mapped the HITRUST CSF to the NIST Cybersecurity Framework to provide organizations with a healthcare-centric cybersecurity scorecard based on the NIST Framework s subcategories The ability for organizations to use the HITRUST CSF and NIST Cyber Security Framework reporting model helps organizations leverage the work invested in a CSF implementation to assess once and report on their various requirements 19
20 Cybersecurity HITRUST Cyber Threat Xchange (CTX) HITRUST Cyber Threat XChange (CTX) automates the process of collecting and analyzing cyber threats and distributing actionable indicators in electronically consumable formats that organizations of varying sizes and cyber security maturity can utilize to improve their cyber defenses Designed to optimize the way organizations defend against cyber-attacks, complementing traditional signature and anomaly based technologies, CTX delivers a data driven security approach that enables your existing security investments to function more effectively. HITRUST CTX is available in multiple subscription levels; the basic subscription (available free) includes the following features: Advanced intelligence specific to the healthcare industry Intelligence from DHS,US CERT, DHHS and many healthcare organizations Tracking of top threat actors observed targeting the healthcare sector Suspicious domain registrations Key word alerting for compromised credentials Indicators of compromise specific to healthcare industry Integrated sandboxing for malware analysis SIEM Integration and automated alerting Additional features are available in the premium subscription levels Added 500 organizations in last 8 weeks with many health plans IOC sharing circle specific to health plans 20
21 Cybersecurity CyberRX HITRUST CyberRX is a series of no cost, industry-wide exercises coordinated by HITRUST in conjunction with the U.S. Department of Health and Human Services, with the mission to mobilize healthcare organizations and explore innovative ways of improving preparedness and response against cyber attacks intended to disrupt the nation s healthcare operations Driven by lessons learned and recommendations from the Spring 2014 event, the expanded CyberRX 2.0 program features progressive local-, regional- and national-level exercises that will allow more participants at all levels of maturity to join based on their type of organization, size and experience with cyber prevention and simulations HITRUST has added a CyberRX Health Plan exercise for the Summer of 2015 with 20 health plans, HITRUST, CMS and HHS participating 21
22 Cybersecurity HITRUST Cybervision HITRUST CyberVision is the first real-time situational awareness and threat assessment tool tailored to the healthcare industry It can automatically notify healthcare organizations and information security vendors of the emerging cyber threats for which a counter measure is not available, and before the exploit has been weaponized 22
23 Cybersecurity Monthly Cyber Threat Briefings As the number of cyber-attacks targeted at the healthcare industry rises, HITRUST and the Departments of Health and Human Services and Homeland Security have partnered to provide a monthly cyber threat briefing to aid organizations in better understanding current and probable cyber threats relevant to the healthcare industry and to share best practices for cyber threat defense and response 23
24 Cybersecurity Cyber Discovery Study HITRUST Cyber Discovery Study was undertaken to enable a better understanding Actual Magnitude Complexity Relations of Cyberattacks Commonalities of Target Organizations and Data Degree of Cyber Threats Persisting Within Organizations The goal is to accurately identify attack patterns and persistence, as well as the magnitude and sophistication of specific threats across enterprises. Participants will benefit from having access to highly sophisticated collection and analysis tools and resources to provide detailed information regarding cyber events and threats within their environment free of charge. 24
25 Education and Research HITRUST Academy: HITRUST Academy offers the only training courses designed to educate healthcare security professionals about information protection in the healthcare industry and the utilization of the HITRUST CSF to manage risk. The courses are intended to prepare security professionals for assessing against the evolving compliance landscape shaped by Omnibus, HIPAA, CMS and various other federal, state and business requirements. Leadership Roundtable: This program is intended exclusively for executives responsible for the protection of healthcare information and for the purpose of exploring, discussing, learning, collaborating and, where appropriate, agreeing upon a variety of topics relating to information security in the healthcare industry. Educational White Paper and Webinar Series: Best Practices & Lessons Learned Implementing the CSF Webinar and white paper series that features detailed information and analysis on relevant and timely topics and real world examples from organizations using the HITRUST CSF and CSF Assurance Program to manage their information security programs. Hear from a diverse group of presenters covering best practices, lessons learned and practical information that can be leveraged by other organizations facing the same requirements and challenges. Annual HITRUST Conference: The HITRUST Conference is the only event dedicated to exploring all aspects of healthcare information protection and utilization of the HITRUST CSF and CSF Assurance Program; with the goal of enabling attendees to more effectively meet compliance requirements and improve information protection. 25
26 HOW CAN WE HELP HEALTHCARE ORGS MANAGE CYBER RISK? 26
27 Things to Do Leverage and adopt the HITRUST CSF Incorporates key controls and guidance related to cyber risk Incorporates and harmonizes the NIST Cybersecurity Framework In addition to the other controls relating to regulatory and business requirements Leverage CSF Assurance program Assess against cyber and other controls to understand current level of control maturity, gaps and risks Participate in Cyber Threat Exchange Access to threat indicators and other intel Engage in active sharing not just consuming Health plan and BCBS trust circle for additional sharing Leverage SIEM integration to make more actionable and consumable Participate in the CyberRX program Great resource for developing and testing response plans Specific exercise this summer 2015 for health plans Crisis and incident response plan best practices session for health plans on May 21,
28 Things to Consider Evaluate CyberVision Provides situational awareness Cyber Discovery study There are some significant benefits that organizations will derive from participating in the study Access to best in class and state of the art cyber threat detection technology1 to identify cyber threats, attack and events for the duration of the study, or approximately 90 days Access to highly skilled resources to help you understand more about cyber-attacks and incidents Better understanding of cyber forensics and use of analytical tools as part of an organizations cyber risk management program Detailed analysis and understanding of cyber threats and events directly affecting your organization Utilize MyCSF to create a NIST Cybersecurity Scorecard Leverages the CSF Control guidance to provide industry context for a NIST Cybersecurity Framework assessment 28
29 WHAT ARE SOME COMMON QUESTIONS AND MISCONCEPTIONS? 29
30 Common Questions and Misconceptions Should a healthcare entity choose the HITRUST CSF, NIST Cybersecurity Framework, or the NIST or ISO control frameworks? With adoption of the HITRUST CSF a healthcare organization can leverage and benefit from them all The HITRUST RMF, which consists of the CSF, CSF Assurance Program and supporting tools, methods and services, is actually a model implementation of the NIST Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) for the healthcare industry. The HITRUST RMF provides the necessary context for a healthcare-specific implementation of the NIST Cybersecurity Framework by integrating multiple healthcare-relevant legislative, regulatory and best practice guidelines and frameworks such as the HIPAA Security Rule and NIST SP 800-series and ISO series guidance. These integrated controls are then tailored further by allowing organizations to select a reasonable and appropriate subset of these controls based on their specific organizational, system and regulatory risk factors. 30
31 Common Questions and Misconceptions Is the HITRUST CSF a replacement standard for HIPAA or NIST ? No, the HITRUST CSF integrates NIST SP and other relevant information protection standards to provide the prescription necessary to fully implement the requirements specified in the HIPAA Security Rule. Why is the HITRUST CSF needed? Why can t we use HIPAA or NIST? As risk analysis can be difficult for many healthcare organizations, HITRUST leverages frameworks like NIST to provide a common baseline of protection against reasonably anticipated threats to ephi. HITRUST then tailors all the controls in the CSF to provide a healthcare-specific context and support the selection of multiple framework overlays essentially new control baselines for a common type or class of healthcare entity based on defined organizational, system and regulatory risk factors. Although additional tailoring by an organization is necessary, this common set of baselines supplemented by a common assessment and certification methodology provides for the standardized reporting of risk and sharing of assurances with internal and external stakeholders (e.g., management, business partners and regulators) around the efficient and effective implementation of those standards by healthcare organizations. 31
32 HOW TO LOCATE RESOURCES AND GET ENGAGED 32
33 Engage with HITRUST Download or signup for access to these no-cost resources and subscriptions: HITRUST CSF HITRUST Cyber Threat XChange CyberRX Playbook and Exercise Participation Cyber Discovery Study Monthly Cyber Threat Briefings MyCSF HITRUST CyberVision 33
34 Engage with HITRUST Download these Whitepapers and Presentations: Leveraging Healthcare s Risk Management Framework to Manage Business Risk How to Approach/Simplify Meaningful Use and Privacy Risk Assessments Webinar_Final.pdf Streamlining and Enhancing the NIST Framework to Achieve HIPAA Compliance Guidance for Healthcare Organizations to Assess Cybersecurity Preparedness 34
35 Engage with HITRUST More Whitepapers and Presentations: Implementing the NIST Cybersecurity Framework in Healthcare Risk vs. Compliance-based Information Protection Risk Analysis Guidance Why your HIPAA Risk Analysis May Not Actually Be HIPAA-compliant 35
HITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview
More informationHIPAA and HITRUST - FAQ
A COALFIRE WHITE PAPER HIPAA and HITRUST - FAQ by Andrew Hicks, MBA, CISA, CCM, CRISC, HITRUST CSF Practitioner Director, Healthcare Practice Lead Coalfire February 2013 Introduction Organizations are
More informationWhat can HITRUST do for me?
What can HITRUST do for me? Dr. Bryan Cline CISO & VP, CSF Development & Implementation Bryan.Cline@HITRUSTalliance.net Jason Taule Chief Security & Privacy Officer Jason.Taule@FEIsystems.com Introduction
More informationFrequently Asked Questions about the HITRUST Risk Management Framework
Frequently Asked Questions about the HITRUST Risk Management Framework Addressing common questions and misconceptions about the HITRUST CSF, CSF Assurance Program and supporting methods and tools, and
More informationTestimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology
Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber
More informationManaging Cybersecurity Risk in a HIPAA-Compliant World
1 P a g e AN EXECUTIVE REVIEW Managing Cybersecurity Risk in a HIPAA-Compliant World by Andrew Hicks, MBA, CISA, CCM, CRISC, HITRUST CSF Practitioner Director, Healthcare Practice Lead, Coalfire Dr. Bryan
More informationBIOS Steven Penn, Senior Director CSF Development And Educa9on Programs Bryan Cline, PhD Senior Advisor
1 CSF Roadmap 2015 BIOS Steven Penn, Senior Director CSF Development And Educa9on Programs Steve Penn is an experienced security professional with 15+ years of informa;on security experience. He currently
More informationManaging Business Risk with HITRUST Leveraging Healthcare s Risk Management Framework
Managing Business Risk with HITRUST Leveraging Healthcare s Risk Management Framework Introduction This presentation is intended to address how an organization can implement the HITRUST Risk Management
More informationUnderstanding HITRUST s Approach to Risk vs. Compliance-based Information Protection
Understanding Compliance vs. Risk-based Information Protection 1 Understanding HITRUST s Approach to Risk vs. Compliance-based Information Protection Why risk analysis is crucial to HIPAA compliance and
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationSecurity & IT Governance: Strategies to Building a Sustainable Model for Your Organization
Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements
More informationCSF Support for HIPAA and NIST Implementation and Compliance
CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST Why does HITRUST exist? Multitude of challenges Significant government oversight Evolving
More informationHITRUST Common Security Framework
HITRUST Common Security Framework 2014 Version 6.1 Page 1 of 470 Summary of Changes Version Description of Change Author Date Published 1.0 Final Version of Initial Release HITRUST September 11, 2009 2.0
More informationHITRUST Risk Management Framework and the Texas Certification Program A Model for the Healthcare Industry
HITRUST Risk Management Framework and the Texas Certification Program A Model for the Healthcare Industry Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP CISO & VP, CSF Development & Implementation
More informationHITRUST. Risk Management Frameworks
Risk Management Frameworks How provides an efficient and effective approach to the selection, implementation, assessment and reporting of information security and privacy controls to manage risk in a healthcare
More informationHealth Industry Implementation of the NIST Cybersecurity Framework
Health Industry Implementation of the NIST Cybersecurity Framework A Collaborative Presentation by HHS, NIST, HITRUST, Deloitte and Seattle Children s Hospital 1 Your presenters HHS Steve Curren, Acting
More informationHow To Manage Cybersecurity In Healthcare
Healthcare s Model Approach to Critical Infrastructure Cybersecurity How the Industry is Leading the Way with its Information Security Risk Management Framework June 2014 Healthcare s Model Approach to
More informationHealthcare s Model Approach to Critical Infrastructure Cybersecurity
Healthcare s Model Approach to Critical Infrastructure Cybersecurity How the Industry is Leading the Way with its Information Security Risk Management Framework June 2014 Healthcare s Model Approach to
More informationHealth Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper
Regulatory Compliance Solutions for Microsoft Windows IT Security Controls Supporting DHS HIPAA Final Security Rules Health Insurance Portability and Accountability Act Enterprise Compliance Auditing &
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationUsing the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6
to Assess Cybersecurity Preparedness 1 of 6 Introduction Long before the signing in February 2013 of the White House Executive Order Improving Critical Infrastructure Cybersecurity, HITRUST recognized
More informationSensitive Data Management: Current Trends in HIPAA and HITRUST
Sensitive Data Management: Current Trends in HIPAA and HITRUST Presented by, Cal Slemp Managing Director, New York, NY June 12, 2012 Speaker Presenter Topic Objective Cal Slemp Managing Director, New York
More informationMU Security & Privacy Risk Assessments: What It Is & How to Approach It
MU Security & Privacy Risk Assessments: What It Is & How to Approach It Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Advisor, Health Information Trust Alliance 2011-2014 HITRUST LLC, Frisco,
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationSecuring the Cloud Infrastructure
EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationObtaining CSF Certification Lessons Learned and Why Do It
Obtaining CSF Certification Lessons Learned and Why Do It Aaron Miri, Chief Technology Officer, Children s medical Center of Dallas Ryan Sawyer, Director, Technology Risk and Identity Governance, WellPoint
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationSECURETexas Health Information Privacy & Security Certification Program FAQs
What is the relationship between the Texas Health Services Authority (THSA) and the Health Information Trust Alliance (HITRUST)? The THSA and HITRUST have partnered to help improve the protection of healthcare
More informationEXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources
EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust
More informationInformation Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationTHE WHITE HOUSE Office of the Press Secretary
FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationCyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks
Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationCompliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire
Compliance, Security and Risk Management Relationship Advice Andrew Hicks, Director Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control panel on
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationArchitecting Security to Address Compliance for Healthcare Providers
Architecting Security to Address Compliance for Healthcare Providers What You Need to Know to Help Comply with HIPAA Omnibus, PCI DSS 3.0 and Meaningful Use November, 2014 Table of Contents Background...
More informationVENDOR MANAGEMENT. General Overview
VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationThe HIPAA Omnibus Final Rule
WHITE PAPER The HIPAA Omnibus Final Rule Four risk exposure events that can uncover compliance issues leading to investigations, potential fines, and damage to your organization s reputation. By Virginia
More informationCYBERSECURITY: ISSUES AND ISACA S RESPONSE
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services
More informationNIST Cybersecurity Initiatives. ARC World Industry Forum 2014
NIST Cybersecurity Initiatives Keith Stouffer and Vicky Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL National Institute of Standards and Technology (NIST) NIST s mission
More informationKEY TRENDS AND DRIVERS OF SECURITY
CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures
More informationGuidance on Risk Analysis Requirements under the HIPAA Security Rule
Guidance on Risk Analysis Requirements under the HIPAA Security Rule Introduction The Office for Civil Rights (OCR) is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule.
More informationACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector
ACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationNetwork Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201
Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...
More informationAssessment Process. 2013 HITRUST, Frisco, TX. All Rights Reserved.
Assessment Process Assessment Process Define Scope The assessment scope gives context to the security controls and those organizations and individuals relying on the results Organization scope defines
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationOver 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationDepartment of Management Services. Request for Information
Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationCertified Identity and Access Manager (CIAM) Overview & Curriculum
Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management
More informationMU Security & Privacy Risk Assessments: What It Is & How to Approach It
MU Security & Privacy Risk Assessments: What It Is & How to Approach It Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, ASEP, CCSFP CISO & VP, CSF Development & Implementation Health Information Trust Alliance
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationCYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES
CYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES How can you better prepare and respond to cyber risks? ACE developed Loss Mitigation Services to help policyholders understand and gauge various areas
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationThe silver lining: Getting value and mitigating risk in cloud computing
The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations
More informationInformation Protection Framework: Data Security Compliance and Today s Healthcare Industry
Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement
More informationGreenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013
Greenway Marketplace Hear from GSG Compliance & White Plume November 14, 2013 Marketplace Mission Statement To enhance the Greenway customer user experience by offering innovative, forwardthinking technologies
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationCloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015
Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix
More informationThe NIST Cybersecurity Framework
View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the
More informationCORL Dodging Breaches from Dodgy Vendors
CORL Dodging Breaches from Dodgy Vendors Tackling Vendor Security Risk Management in Healthcare Introductions Cliff Baker 20 Years of Healthcare Security experience PricewaterhouseCoopers, HITRUST, Meditology
More informationNine Network Considerations in the New HIPAA Landscape
Guide Nine Network Considerations in the New HIPAA Landscape The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant
More informationCYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015
CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 TODAY S PRESENTER Viviana Campanaro, CISSP Director, Security and
More informationA Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014
A Wake-Up Call? Fight Back Against Cybercrime Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014 1 Coalfire Background Leading Information Security Consulting Firm Offices: Atlanta,
More informationRisky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015
Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationNIST Cybersecurity Framework & A Tale of Two Criticalities
NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented
More informationAlienVault for Regulatory Compliance
AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More informationCASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link
CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link Peter Milla CASRO Technical Consultant/CIRQ Technical Advisor peter@petermilla.com Background CASRO and Standards CASRO takes
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationHITRUST Common Security Framework Summary of Changes
HITRUST Common Security Framework Summary of Changes Apr-14 CSF 2014 V6.1 Incorporates changes in PCI-DSS v3 and updates stemming from the HIPAA Omnibus Final Rule. Includes mappings to the v1. Fundamental
More informationUncheck Yourself. by Karen Scarfone. Build a Security-First Approach to Avoid Checkbox Compliance. Principal Consultant Scarfone Cybersecurity
Uncheck Yourself Build a Security-First Approach to Avoid Checkbox Compliance by Karen Scarfone Principal Consultant Scarfone Cybersecurity Sponsored by www.firehost.com (US) +1 844 682 2859 (UK) +44 800
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More information