(And How to Improve It) A Complimentary Webinar From - - PowerPoint PPT Presentation

and how to improve it
SMART_READER_LITE
LIVE PREVIEW

(And How to Improve It) A Complimentary Webinar From - - PowerPoint PPT Presentation

Feb 14, 2024 333 likes •560 views

Understanding Your Security Posture (And How to Improve It) A Complimentary Webinar From healthsystemCIO.com Your Line Will Be Silent Until Our Event Begins at 12:00 ET Thank You! Slide Deck: http://goo.gl/700LIu Webex Support

slide-1
SLIDE 1

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

“Understanding Your Security Posture (And How to Improve It)”

A Complimentary Webinar From healthsystemCIO.com Your Line Will Be Silent Until Our Event Begins at 12:00 ET Thank You!

slide-2
SLIDE 2

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Housekeeping

  • Moderator – Anthony Guerra, editor-in-chief, healthsystemCIO.com
  • Ask A Question
  • We will be holding a Q&A session after the formal presentations.
  • You may submit your questions at any time by clicking on the QA panel

located in the lower right corner of your screen, type in your questions in the text field and hit send. Please keep the send to default as “All Panelists.”

  • Download the Deck
  • Go to Download today's deck at:

http://healthsystemcio.com/presentation/security-posture-webinar.pdf

  • Shortened URL at bottom of all slides
  • View the Archive
  • You will receive an email when the archive recording has been posted to our

YouTube channel.

slide-3
SLIDE 3

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Agenda — Approximately 40 Minutes

  • 30 minutes: Sarah Richardson, CIO; Andrew Cooper, Director of

Information Security Assurance; NCH Healthcare System

  • 10 minutes: Q&A w/Sarah Richardson & Andrew Cooper
slide-4
SLIDE 4

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

“Understanding Your Security Posture (And How to Improve It)”

slide-5
SLIDE 5

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Agenda

  • Build a Baseline
  • Example Maturity Matrix
  • Technology
  • Policies and Procedures
  • Risk Management
  • Access and Identity Management
  • Education and Awareness
  • Questions
slide-6
SLIDE 6

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Build a Baseline

  • Evaluate your current security posture by looking at:
  • Technology (Security Specific)
  • Policies and Procedures
  • Risk Management
  • Access and Identity Management
  • Education and Awareness
  • Use a Maturity Matrix as a score card and routine reporting tool.
  • Security is not a “once and done” initiative.
slide-7
SLIDE 7

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Maturity Matrix

slide-8
SLIDE 8

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Technology

  • What controls do you already have in place?
  • Firewalls
  • Malware Defenses
  • Intrusion Detection and Intrusion Prevention
  • Security Information and Event Management
  • Privileged Access Management
  • SANS Critical Security Controls – Version 5
  • Lists the top 20 controls all organizations should consider when evaluating

and building their security program.

  • Find a strategic partner if resources are limited
slide-9
SLIDE 9

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Technology

  • Example of how the matrix would look if you had a firewall, IDS/IPS

and Malware Defenses

slide-10
SLIDE 10

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Policies and Procedures

  • The Office of Civil Rights – HIPAA Audit Protocol is a great place to
  • start. Use this document to map out your Policy and Procedure

manual.

  • Policies should be generic enough to allow the organization to adapt

and change.

  • Supplement Policies with Standards, Guidelines and Procedures.
  • In most cases, you are performing informal procedures now –

document them and ensure they are sufficient.

  • Think ahead and build a compliance program while constructing your

Policy and Procedure manual.

  • Checklists
  • Calendars
  • Documentation
slide-11
SLIDE 11

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Policies and Procedures

  • Example of how your matrix might look if you:
  • Built a policy and procedure set based on the HIPAA Audit Protocol
  • Built a compliance program around your policy and procedure manual
  • Reviewed and approved policies on a routine basis – recommended annually
slide-12
SLIDE 12

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Risk Management

  • Risk Assessment is one of the main tools in any CIO and CISO’s tool

belt.

  • Great for developing strategic and tactical plans.
  • Start with a qualitative approach move to quantitative
  • Be conservative.
  • Update on a routine basis.
  • Don’t remove risks from the assessment – mitigate them!
  • Can be done internally or externally
  • NIST SP 800-30 is a great tool for creating your own risk assessment.
  • Remember, this is a framework scale up or down depending on the size and

complexity of your organization.

slide-13
SLIDE 13

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Risk Management

  • Develop mitigation plans based on Assessment
  • Track progress
  • Report to the appropriate individual
  • Risk Acceptance
  • Establish a process for ensuring that risks are accepted if they cannot be

mitigated at the current time.

  • Have a senior level administrator sign off
slide-14
SLIDE 14

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Risk Management

  • Example of how your matrix might look if you:
  • Built a risk management framework using a risk assessment, mitigation plans

and risk acceptance.

slide-15
SLIDE 15

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Access and Identity Management

  • One of the hardest areas for most organizations.
  • Questions to ask:
  • How are employees provisioned?
  • Who is granting their access?
  • Are users assigned to roles that are standardized for their position?
  • How is additional access requested?
  • How is access adjusted when an employee transfers to a new position?
  • How is access terminated?
  • How often is access reviewed?
  • How are users authenticated when calling in for support?
  • How is support authenticated when calling an end user?
slide-16
SLIDE 16

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Access and Identity Management

  • Whiteboard or Visio out the answers to your questions.
  • Develop a strategy for improving the process based on the size and

complexity of your organization.

  • Not all organizations need an Access and Identity Management platform.
  • Paper processes work too, as long as they are standardized, user friendly and

consistently followed.

  • Adjust the Matrix based on your organization.
  • Develop a routine compliance and auditing plan.
slide-17
SLIDE 17

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Access and Identity Management

  • Example of how your matrix might look if you:
  • Don’t need an Access and Identity Management platform.
  • Have adjusted the matrix for your specific organization.
  • Fully standardized and centralized your access and identity management.
slide-18
SLIDE 18

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Education and Awareness

  • Step one - establish a routine program:
  • Annual training requirement
  • Security reminders
  • Events and open houses
  • Banners, posters, etc.
  • Mix it up
  • Step two – gear training to specific areas and departments
  • Step three – end users become a proactive security tool
slide-19
SLIDE 19

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Education and Awareness

  • Example of how your matrix might look if you:
  • Develop an Education and Awareness plan just around step one.
slide-20
SLIDE 20

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Q&A

Click on the Q&A panel located in the lower right corner of your screen, type in your questions in the text field and hit send. Please keep the send to default as “All Panelists.”

Andrew Cooper. Director

  • f Information Security

Assurance, NCH Healthcare System

slide-21
SLIDE 21

Slide Deck: http://goo.gl/700LIu Webex Support 1-866-229-3239 Event #669 169 434

Thank You!

  • Thanks to our featured speakers: Sarah Richardson and Andrew Cooper!
  • You will receive an email when our archive recording has been posted to
  • ur YouTube channel
  • CHIME CHCIO Credits – Attending our Webinars = 1 CEU
  • Sponsorship opportunities: Nancy Wilcox nwilcox@healthsystemCIO.com
  • Questions/Comments: Anthony Guerra aguerra@healthsystemCIO.com

Go to www.healthsystemCIO.com/webinars to view our upcoming schedule.