The document discusses the information security strategy of Presbyterian Healthcare Services, focusing on addressing challenges such as negative perceptions and resource constraints while promoting cloud solutions and mobile device usage. It emphasizes the importance of a positive communication strategy and governance in overcoming obstacles and fostering innovation within the organization. The key takeaway is to adopt a 'yes, if' mindset to support security and innovation in a collaborative manner.

1. Minimally
Invasive
Information
Security
Kim Sassaman, CISSP
Information Security Officer
Presbyterian Healthcare
Services

2. Factoids
 Presbyterian healthcare services is a not-
for-profit system of hospitals, a health plan
and a growing medical group located in
New Mexico.
 For more than 100 years we have been
committed to a single purpose
 Improving the health of the patients,
members and communities we serve
 15,000 employees, 3B+ revenue
 More @ http://www.phs.org/PHS/about/

5. What challenges exist
 Negative perception
 Desire to utilize cloud solution
 Social media
 Broader use of mobile devices
 Information anywhere, anytime from
anything
 Innovation center
 Reduction in resources, human and
capital

6. What changed
 Created focused department
 Multi-year vision (36 month sliding
window)
 Education of executives and peers
 Communication and Strategy

7. How?
 Governance and Policy
 Implementing technologies
 Communication
Actually a change in perception was
needed

8. Perception

9. The real challenge?

10. The detrimental effects of no!
 „If I were to put you into an fMRI scanner—a huge
donut-shaped magnet that can take a video of
the neural changes happening in your brain—and
flash the word “NO” for less than one second,
you‟d see a sudden release of dozens of stress-
producing hormones and neurotransmitters. These
chemicals immediately interrupt the normal
functioning of your brain, impairing logic, reason,
language processing, and communication.‟
 An article from Psychology Today by Andrew
Newberk, M.D. and Mark Robert Waldman
“Neuroscience of communication”

11. Principal adopted
YES, IF!

12.  The optimist sees the donut, the pessimist
sees the hole.”
― Oscar Wilde

13. Audience participation
 Each table, discuss a challenge you have
 Quickly elect a spokesperson
 5 minutes
 What would the conversation sound like, if
you utilized yes if?

14. Bring Your Own Plastic Stuff
(BYOPS)
 Business driver
 I want to use my plastic toys while at work
 I love my plastic toy
 IT response
 We like our plastic stuff too
 We can do this!
 IT security response
 Yes we can, IF
 Log(A+b/C^30+360days delay)

15. How did you secure mobile
devices?
With no budget
Hey wait!
What?
Lofty expectations, strained resources and a
short time frame, sounds like a typical IT
project
Yep!

16. Simple
 Business made the configuration decision
 Governance works!
 Transparency on all changes
 Utilized current investments
 No MDM

18. Security and Innovation
 Drive to improve quality
 Data sharing
 Big Data / Value Data
 Where do we go next?
 Security/Compliance is built in

20. How we do it
 Department focused on innovation
 Innovation Lab
 Segregated and walled from organization
 Calculated approach for pilots
 Security has a seat at the innovation table
Yes, communication again

21. Audience participation
 Last one!
 What innovative approach are you
challenged with?
 Discuss at your table ( 5 minutes)
 How can security help enable?

22. Parting thoughts
 Become the Yes, If man
 Security can enable and innovate
 Get involved early
 Be open minded
 Problem solve vs create
 Communicate, Communicate
 Be aware of perceptions!

24. Thank you
 ksassaman@phs.org
 www.linkedin.com/in/kimsassaman
 505-923-7748
 I share knowledge, documents, ideas,
etc…