2015 Atlanta CHIME Lead Forum
•
1 recomendación•345 vistas
Creating an Effective Cyber Security Strategy - Steve Sarros, Patty Lavely, David Finn
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (9)
Similar a 2015 Atlanta CHIME Lead Forum
Similar a 2015 Atlanta CHIME Lead Forum (20)
Más de Health IT Conference – iHT2
Más de Health IT Conference – iHT2 (20)
Último
Último (20)
2015 Atlanta CHIME Lead Forum
- 1. A CHIME Leadership Education and Development Forum in collaboration with iHT2 Top Cyber Risk Mitigation Strategies ________ ● Steven Sarros, Chief Information Officer Baptist Health Care Pensacola FL● #LEAD15
- 2. A CHIME Leadership Education and Development Forum in collaboration with iHT2 • Department of Homeland Security Daily Open Source Infrastructure Report (DOSIR) – 16 Critical Infrastructures • Healthcare and Public Health • Information Technology • Defense Industrial Base • United States Computer Emergency Readiness Team (US-CERT) • Weekly Briefs and Situational Alerts • FBI InfraGuard Program Top Cybersecurity Risk Mitigation Strategies Gathering Threat Intelligence to Establish Situational Awareness
- 3. A CHIME Leadership Education and Development Forum in collaboration with iHT2 • Awareness training • Vetting (Team Members and Non-Team Members) • User lifecycle management and granting access • Monitoring • FairWarning • Web, Email and Chat Activity • Workstation monitoring • More awareness training Top Cybersecurity Risk Mitigation Strategies The “People Factor” Creating the Human Firewall
- 4. Q & A Speaker(s) Contact Information A CHIME Leadership Education and Development Forum in collaboration with iHT2 Insert Twitter handle(s) here
- 5. A CHIME Leadership Education and Development Forum in collaboration with iHT2 Overall Words of Wisdom ________ Stuff I learned the hard way ● David Finn, Health IT Officer, Symantec ● #LEAD15
- 6. A CHIME Leadership Education and Development Forum in collaboration with iHT2 You are here. Privacy and Security today in Healthcare (foot of the hill) The Changes You Need to Make (the summit)
- 7. A CHIME Leadership Education and Development Forum in collaboration with iHT2 • Security and usability are often inversely proportional. (Security is not convenient) • Security is an investment, not an expense. • "Good enough" security now, is better than "perfect" security . . . never. • There is no such thing as “complete security” in a usable system. • A false sense of security is worse than a true sense of insecurity. • Your absolute security is only as strong as your weakest link. • Concentrate on known, probable threats. • Security is not a static end state, it is an iterative process. • Security is directly related to the education and ethics of your users. • There are few forces in the universe stronger than the desire of an individual to get his or her job accomplished. • Security is a people problem. Corollary: People cause security problems, they don't just happen. • You only get to pick two: fast, secure, cheap. • In the absence of other factors, always use the most secure options available. (You are either serious about security, or you're just fooling around). Security Dogma . . . (after 30 years of doing this)
- 8. • Roles & Responsibilities • Risk Framework • Reporting • Build, Deploy & Maintain • Patch Management • Log & Event Mgmt. 8 Copyright © 2015 Symantec Corporation BusinessStrategy andGovernance On-GoingCompliance andSecurityOperations • Policies & Procedures • Risk Mgmt. Process • Establish Controls • On-going Risk Analysis • Impact Assessment • Remediation & Mitigation • Access Management Principles & Policy • Org. Mapping • Roles & Responsibilities • Accountability • Digital Trust • Identity Management • Authentication • Activity Review • Document Lifecycle • Data Criticality • Communications Plan • Training & Education • Utilization Mgmt. • Data Classification • Encryption • Mobile Security • Email Security • Lifecycle & Change Management • Maintenance Policies • Inventory & Classification • Digital Media Mgmt. • Contract & BA Mgmt. Informa tion Protection Infrastruct ure Managem ent • Threat Intelligence • Contingency Planning • Executive Reporting • Security Management • Incident Response • Anomaly Detection • Malware Protection • Audit Support • Incident Response Infrastruct ure Protection Secure Info Access A Mature Compliance and Security Model Business Strategy and Governance driving Security Operations Governance (security, privacy, compliance)
- 9. Q & A A CHIME Leadership Education and Development Forum in collaboration with iHT2 #LEAD15 • David_Finn@Symantec.com • @DavidSFinn • 832.816.2206