SlideShare a Scribd company logo

2015 Atlanta CHIME Lead Forum

C
Carolyn Slade, MS-HIM

Creating an Effective Cyber Security Strategy - Sarros, Lavely, and Finn

Healthcare
1 of 9
Download to read offline
A CHIME Leadership Education and Development Forum in collaboration with iHT2 Top Cyber Risk Mitigation Strategies ________ ● Steven Sarros, Chief Information Officer Baptist Health Care Pensacola FL● #LEAD15
A CHIME Leadership Education and Development Forum in collaboration with iHT2 • Department of Homeland Security Daily Open Source Infrastructure Report (DOSIR) – 16 Critical Infrastructures • Healthcare and Public Health • Information Technology • Defense Industrial Base • United States Computer Emergency Readiness Team (US-CERT) • Weekly Briefs and Situational Alerts • FBI InfraGuard Program Top Cybersecurity Risk Mitigation Strategies Gathering Threat Intelligence to Establish Situational Awareness
A CHIME Leadership Education and Development Forum in collaboration with iHT2 • Awareness training • Vetting (Team Members and Non-Team Members) • User lifecycle management and granting access • Monitoring • FairWarning • Web, Email and Chat Activity • Workstation monitoring • More awareness training Top Cybersecurity Risk Mitigation Strategies The “People Factor” Creating the Human Firewall
Q & A Speaker(s) Contact Information A CHIME Leadership Education and Development Forum in collaboration with iHT2 Insert Twitter handle(s) here
A CHIME Leadership Education and Development Forum in collaboration with iHT2 Overall Words of Wisdom ________ Stuff I learned the hard way ● David Finn, Health IT Officer, Symantec ● #LEAD15
A CHIME Leadership Education and Development Forum in collaboration with iHT2 You are here. Privacy and Security today in Healthcare (foot of the hill) The Changes You Need to Make (the summit)
A CHIME Leadership Education and Development Forum in collaboration with iHT2 • Security and usability are often inversely proportional. (Security is not convenient) • Security is an investment, not an expense. • "Good enough" security now, is better than "perfect" security . . . never. • There is no such thing as “complete security” in a usable system. • A false sense of security is worse than a true sense of insecurity. • Your absolute security is only as strong as your weakest link. • Concentrate on known, probable threats. • Security is not a static end state, it is an iterative process. • Security is directly related to the education and ethics of your users. • There are few forces in the universe stronger than the desire of an individual to get his or her job accomplished. • Security is a people problem. Corollary: People cause security problems, they don't just happen. • You only get to pick two: fast, secure, cheap. • In the absence of other factors, always use the most secure options available. (You are either serious about security, or you're just fooling around). Security Dogma . . . (after 30 years of doing this)
• Roles & Responsibilities • Risk Framework • Reporting • Build, Deploy & Maintain • Patch Management • Log & Event Mgmt. 8 Copyright © 2015 Symantec Corporation BusinessStrategy andGovernance On-GoingCompliance andSecurityOperations • Policies & Procedures • Risk Mgmt. Process • Establish Controls • On-going Risk Analysis • Impact Assessment • Remediation & Mitigation • Access Management Principles & Policy • Org. Mapping • Roles & Responsibilities • Accountability • Digital Trust • Identity Management • Authentication • Activity Review • Document Lifecycle • Data Criticality • Communications Plan • Training & Education • Utilization Mgmt. • Data Classification • Encryption • Mobile Security • Email Security • Lifecycle & Change Management • Maintenance Policies • Inventory & Classification • Digital Media Mgmt. • Contract & BA Mgmt. Informa tion Protection Infrastruct ure Managem ent • Threat Intelligence • Contingency Planning • Executive Reporting • Security Management • Incident Response • Anomaly Detection • Malware Protection • Audit Support • Incident Response Infrastruct ure Protection Secure Info Access A Mature Compliance and Security Model Business Strategy and Governance driving Security Operations Governance (security, privacy, compliance)
Q & A A CHIME Leadership Education and Development Forum in collaboration with iHT2 #LEAD15 • David_Finn@Symantec.com • @DavidSFinn • 832.816.2206

Recommended

Security analysis
Security analysisSecurity analysis
Security analysisYulisa Rosliana S.Kom
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Grc w22
Grc w22Grc w22
Grc w22SelectedPresentations
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Insider threats
Insider threatsInsider threats
Insider threatsizoologic
 

Recommended

Security analysis
Security analysisSecurity analysis
Security analysisYulisa Rosliana S.Kom
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Grc w22
Grc w22Grc w22
Grc w22SelectedPresentations
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Insider threats
Insider threatsInsider threats
Insider threatsizoologic
 
PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd Parties
PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd PartiesPACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd Parties
PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd PartiesPace IT at Edmonds Community College
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
 
Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Peter ODell
 
Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Michele Marius
 
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013Adrian Wright
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber SecurityJohn Gilligan
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksPhil Huggins FBCS CITP
 
Managing Insider Risk
Managing Insider RiskManaging Insider Risk
Managing Insider RiskPhil Huggins FBCS CITP
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarResilient Systems
 
Blue Ocean IT Security
Blue Ocean IT SecurityBlue Ocean IT Security
Blue Ocean IT SecurityJonathan Sinclair
 
Top Level Cyber Security Strategy
Top Level Cyber Security Strategy Top Level Cyber Security Strategy
Top Level Cyber Security Strategy John Gilligan
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsWynyard Group
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolantimnolan1961
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickDelivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickMAXfocus
 
Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...
Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...
Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...EC-Council
 
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...Levi Shapiro
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
 

More Related Content

What's hot

PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd Parties
PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd PartiesPACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd Parties
PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd PartiesPace IT at Edmonds Community College
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
 
Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Peter ODell
 
Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Michele Marius
 
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013Adrian Wright
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber SecurityJohn Gilligan
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksPhil Huggins FBCS CITP
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarResilient Systems
 
Top Level Cyber Security Strategy
Top Level Cyber Security Strategy Top Level Cyber Security Strategy
Top Level Cyber Security Strategy John Gilligan
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsWynyard Group
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickDelivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickMAXfocus
 
Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...
Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...
Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...EC-Council
 

What's hot (20)

PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd Parties
PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd PartiesPACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd Parties
PACE-IT, Security+ 2.2: Integrating Data and Systems with 3rd Parties
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve Howse
 
Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014
 
Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)Jamaica: victim or perpetrator of cyber crime and intrusions (final)
Jamaica: victim or perpetrator of cyber crime and intrusions (final)
 
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
 
Managing Insider Risk
Managing Insider RiskManaging Insider Risk
Managing Insider Risk
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions Webinar
 
Blue Ocean IT Security
Blue Ocean IT SecurityBlue Ocean IT Security
Blue Ocean IT Security
 
Top Level Cyber Security Strategy
Top Level Cyber Security Strategy Top Level Cyber Security Strategy
Top Level Cyber Security Strategy
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teams
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolan
 
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
ISMS-Information Security Management System-Σύστημα Διαχείρισης Πληροφοριακής...
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber Security
 
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickDelivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
 
Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...
Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...
Breach Fixation: How Breaches Distort Reality And How We Should Respond- John...
 

Similar to 2015 Atlanta CHIME Lead Forum

mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...Levi Shapiro
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessArt Ocain
 
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...Health IT Conference – iHT2
 
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...Health IT Conference – iHT2
 
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...Health IT Conference – iHT2
 
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...Health IT Conference – iHT2
 
Threat intelligence life cycle steps by steps
Threat intelligence life cycle steps by stepsThreat intelligence life cycle steps by steps
Threat intelligence life cycle steps by stepsJayeshGadhave1
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
 
Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011Atlantic Security Conference
 
ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureCraig McGill
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 

Similar to 2015 Atlanta CHIME Lead Forum (20)

mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum 2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
 
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is i...
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
 
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Cr...
 
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
 
Threat intelligence life cycle steps by steps
Threat intelligence life cycle steps by stepsThreat intelligence life cycle steps by steps
Threat intelligence life cycle steps by steps
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response Program
 
Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011Robert beggs incident response teams - atlseccon2011
Robert beggs incident response teams - atlseccon2011
 
Security, Audit and Compliance: course overview
Security, Audit and Compliance: course overviewSecurity, Audit and Compliance: course overview
Security, Audit and Compliance: course overview
 
ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security culture
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 

Recently uploaded

indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsiindian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana TulsiHigh Profile Call Girls Chandigarh Aarushi
 
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...High Profile Call Girls Chandigarh Aarushi
 
Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...soniya singh
 
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...delhimodelshub1
 
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...Call Girls Noida
 
Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7
Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7
Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7Miss joya
 
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking ModelsDehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking Modelsindiancallgirl4rent
 
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591adityaroy0215
 
Call Girl Raipur 9873940964 Book Hot And Sexy Girls
Call Girl Raipur 9873940964 Book Hot And Sexy GirlsCall Girl Raipur 9873940964 Book Hot And Sexy Girls
Call Girl Raipur 9873940964 Book Hot And Sexy Girlsddev2574
 
Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...
Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...
Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...High Profile Call Girls Chandigarh Aarushi
 
VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171Call Girls Service Gurgaon
 
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591adityaroy0215
 
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service HyderabadVIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service HyderabadCall Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 

Recently uploaded (20)

College Call Girls Dehradun Kavya 🔝 7001305949 🔝 📍 Independent Escort Service...
College Call Girls Dehradun Kavya 🔝 7001305949 🔝 📍 Independent Escort Service...College Call Girls Dehradun Kavya 🔝 7001305949 🔝 📍 Independent Escort Service...
College Call Girls Dehradun Kavya 🔝 7001305949 🔝 📍 Independent Escort Service...
 
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsiindian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
 
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
 
Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
Gurgaon iffco chowk 🔝 Call Girls Service 🔝 ( 8264348440 ) unlimited hard sex ...
 
Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...
Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...
Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...
 
Russian Call Girls South Delhi 9711199171 discount on your booking
Russian Call Girls South Delhi 9711199171 discount on your bookingRussian Call Girls South Delhi 9711199171 discount on your booking
Russian Call Girls South Delhi 9711199171 discount on your booking
 
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
 
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
 
Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7
Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7
Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7
 
Call Girl Guwahati Aashi 👉 7001305949 👈 🔝 Independent Escort Service Guwahati
Call Girl Guwahati Aashi 👉 7001305949 👈 🔝 Independent Escort Service GuwahatiCall Girl Guwahati Aashi 👉 7001305949 👈 🔝 Independent Escort Service Guwahati
Call Girl Guwahati Aashi 👉 7001305949 👈 🔝 Independent Escort Service Guwahati
 
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking ModelsDehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
 
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
 
Call Girl Raipur 9873940964 Book Hot And Sexy Girls
Call Girl Raipur 9873940964 Book Hot And Sexy GirlsCall Girl Raipur 9873940964 Book Hot And Sexy Girls
Call Girl Raipur 9873940964 Book Hot And Sexy Girls
 
Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...
Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...
Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...
 
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service LucknowVIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
 
VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171VIP Call Girl Sector 32 Noida Just Book Me 9711199171
VIP Call Girl Sector 32 Noida Just Book Me 9711199171
 
Call Girl Lucknow Gauri 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
Call Girl Lucknow Gauri 🔝 8923113531 🔝 🎶 Independent Escort Service LucknowCall Girl Lucknow Gauri 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
Call Girl Lucknow Gauri 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
 
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
 
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service HyderabadVIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
 
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service HyderabadCall Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
 

2015 Atlanta CHIME Lead Forum

  • 1. A CHIME Leadership Education and Development Forum in collaboration with iHT2 Top Cyber Risk Mitigation Strategies ________ ● Steven Sarros, Chief Information Officer Baptist Health Care Pensacola FL● #LEAD15
  • 2. A CHIME Leadership Education and Development Forum in collaboration with iHT2 • Department of Homeland Security Daily Open Source Infrastructure Report (DOSIR) – 16 Critical Infrastructures • Healthcare and Public Health • Information Technology • Defense Industrial Base • United States Computer Emergency Readiness Team (US-CERT) • Weekly Briefs and Situational Alerts • FBI InfraGuard Program Top Cybersecurity Risk Mitigation Strategies Gathering Threat Intelligence to Establish Situational Awareness
  • 3. A CHIME Leadership Education and Development Forum in collaboration with iHT2 • Awareness training • Vetting (Team Members and Non-Team Members) • User lifecycle management and granting access • Monitoring • FairWarning • Web, Email and Chat Activity • Workstation monitoring • More awareness training Top Cybersecurity Risk Mitigation Strategies The “People Factor” Creating the Human Firewall
  • 4. Q & A Speaker(s) Contact Information A CHIME Leadership Education and Development Forum in collaboration with iHT2 Insert Twitter handle(s) here
  • 5. A CHIME Leadership Education and Development Forum in collaboration with iHT2 Overall Words of Wisdom ________ Stuff I learned the hard way ● David Finn, Health IT Officer, Symantec ● #LEAD15
  • 6. A CHIME Leadership Education and Development Forum in collaboration with iHT2 You are here. Privacy and Security today in Healthcare (foot of the hill) The Changes You Need to Make (the summit)
  • 7. A CHIME Leadership Education and Development Forum in collaboration with iHT2 • Security and usability are often inversely proportional. (Security is not convenient) • Security is an investment, not an expense. • "Good enough" security now, is better than "perfect" security . . . never. • There is no such thing as “complete security” in a usable system. • A false sense of security is worse than a true sense of insecurity. • Your absolute security is only as strong as your weakest link. • Concentrate on known, probable threats. • Security is not a static end state, it is an iterative process. • Security is directly related to the education and ethics of your users. • There are few forces in the universe stronger than the desire of an individual to get his or her job accomplished. • Security is a people problem. Corollary: People cause security problems, they don't just happen. • You only get to pick two: fast, secure, cheap. • In the absence of other factors, always use the most secure options available. (You are either serious about security, or you're just fooling around). Security Dogma . . . (after 30 years of doing this)
  • 8. • Roles & Responsibilities • Risk Framework • Reporting • Build, Deploy & Maintain • Patch Management • Log & Event Mgmt. 8 Copyright © 2015 Symantec Corporation BusinessStrategy andGovernance On-GoingCompliance andSecurityOperations • Policies & Procedures • Risk Mgmt. Process • Establish Controls • On-going Risk Analysis • Impact Assessment • Remediation & Mitigation • Access Management Principles & Policy • Org. Mapping • Roles & Responsibilities • Accountability • Digital Trust • Identity Management • Authentication • Activity Review • Document Lifecycle • Data Criticality • Communications Plan • Training & Education • Utilization Mgmt. • Data Classification • Encryption • Mobile Security • Email Security • Lifecycle & Change Management • Maintenance Policies • Inventory & Classification • Digital Media Mgmt. • Contract & BA Mgmt. Informa tion Protection Infrastruct ure Managem ent • Threat Intelligence • Contingency Planning • Executive Reporting • Security Management • Incident Response • Anomaly Detection • Malware Protection • Audit Support • Incident Response Infrastruct ure Protection Secure Info Access A Mature Compliance and Security Model Business Strategy and Governance driving Security Operations Governance (security, privacy, compliance)
  • 9. Q & A A CHIME Leadership Education and Development Forum in collaboration with iHT2 #LEAD15 • David_Finn@Symantec.com • @DavidSFinn • 832.816.2206