The Cybersecurity Risk Management Framework Applied to Enterprise Risk Management
1:30pm - 2:30pmTuesday, March 6
Las Vegas - Venetian Convention Center
The Health Care Industry Cybersecurity Task Force in its June 2017 Final Report recommended a “holistic strategy” that supports both business AND clinical objectives within the healthcare industry. The problem most healthcare enterprises face in acting holistically is that cybersecurity is kept in its own silo, using a unique framework to analyze risk that does not easily translate into return in investment for the technology spend, while the rest of the risk management decisions almost exclusively use dollars saved or financial measurements of risk avoided. This session will apply the Risk Management Framework as articulated in NIST Special Publication 800-53 to the healthcare system as a whole, utilizing people and processes (not just technology) to address both cybersecurity risk as well as other healthcare business and clinical risks – in effect, using the Framework to apply to all risk management analyses and mitigation strategies.