Comments
10 Ways To Strengthen Healthcare Security
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
progman2000
50%
50%
progman2000,
User Rank: Moderator
8/28/2014 | 7:51:20 PM
Re: CSO?
Eh, I don't know, still sounds like CIO to me.  Although I will concede that certain industries probably warrant it (thinking Banking and Healthcare), although even then I still think it's someone who reports to the CIO.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 2:57:15 PM
Re: So easy even a CEO can see it
Oh, absolutely, Henrisha! We've all made silly mistakes, I'd bet. It's one reason automation and rules are so important. Forcing users to change their passwords every X months, for example, and forcing them to use eight characters, including at least one capital, one number, and one symbol could well eliminate the potential of duplicating another site's password. That's just one example of using technology to override our natural inclination to take the easy way out and use the same Password123 for every single site we visit!
Henrisha
50%
50%
Henrisha,
User Rank: Strategist
8/27/2014 | 2:00:28 PM
Re: So easy even a CEO can see it
Regardless how many trainings and workshops you let people attend, some will still commit errors and mistakes nonetheless. It's part of being human but sometimes that can just throw the system.
Henrisha
50%
50%
Henrisha,
User Rank: Strategist
8/27/2014 | 1:38:55 PM
Re: Healthcare security
True. Employees' inadvertent mistakes can often cause so much damage and problems. It's unfortunate but sometimes you have to remove and just take out the human factor, and you can see the number of errors go down with automation as well.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:38:19 PM
Re: Healthcare security
Absolutely! It's one reason a CSO is so important. They should either be strong in governance or, depending on the organization, work with lead counsel on these efforts to ensure data policies and guidance are strong -- and followed.
Alison_Diana
100%
0%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:37:03 PM
Re: CSO?
I can see why the thought of another c-level might appear unnecessary but who is responsible for security if not a CSO? The CIO? Well, the CIO already oversees everything IT -- and security isn't only tech-related. The CFO? Security should not be ruled by finance, otherwise money talks and security measures walk. The CEO? They have enough responsiblities already? And we know what happens when anything is ruled by committee! The problem with having a lower-level person rule security is it doesn't get enough visibility or leverage, and requests flounder. So I stick by that recommendation, a recommendation I picked up from many security professionals. And it's a great goal for security execs who aspire to the c-suite.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:34:25 PM
Re: So easy even a CEO can see it
Exactly! Surely you'd want a chief SECURITY officer to be expert in security. Healthcare experience will come. This exec certainly is motivated to learn the ins and outs of the business -- and even if someone knows one hospital, each facility has its own nuances and workflows anyway!
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
8/27/2014 | 9:42:42 AM
Re: Healthcare security
Let's not forget the staggering 68% of incidents caused by outsiders!  That's quite a staggering statistic! This means there are lax controls around identity and access management.  Between this risk and Data Loss Prevention from loss/theft, it's easy to see that there are a lot of gaps in policies relating to how data is used, accessed and stored.
progman2000
50%
50%
progman2000,
User Rank: Moderator
8/27/2014 | 7:19:57 AM
CSO?
Just what the business world needs, another C-level position that will make more money than me.  I can kind of see the logic but so many organizations are top heavy as it is, is concocting another high level position really the answer to this problem?  Most hospitals are spread razor thin as far as budget to begin with...
pcharles09
50%
50%
pcharles09,
User Rank: Moderator
8/27/2014 | 12:17:51 AM
Re: Healthcare security
@Alison,

More importatnly, automation prevents users from screwing things up or being too 'creative' with tasks.
Page 1 / 2   >   >>


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.