Session ID: 
43

The Cybersecurity Risk Management Framework Applied to Enterprise Risk Management

1:30pm - 2:30pm Tuesday, March 6
Las Vegas - Venetian Convention Center
Marcello 4401

Description

The Health Care Industry Cybersecurity Task Force in its June 2017 Final Report recommended a “holistic strategy” that supports both business AND clinical objectives within the healthcare industry. The problem most healthcare enterprises face in acting holistically is that cybersecurity is kept in its own silo, using a unique framework to analyze risk that does not easily translate into return in investment for the technology spend, while the rest of the risk management decisions almost exclusively use dollars saved or financial measurements of risk avoided. This session will apply the Risk Management Framework as articulated in NIST Special Publication 800-53 to the healthcare system as a whole, utilizing people and processes (not just technology) to address both cybersecurity risk as well as other healthcare business and clinical risks – in effect, using the Framework to apply to all risk management analyses and mitigation strategies.

Learning Objectives: 

  • Show how to use a typical cybersecurity risk analysis to address privacy and other healthcare risks in the enterprise
  • Describe the re-focus on people and processes to address cybersecurity risks within the healthcare enterprise typically dealt with by technology spending
  • Apply how to re-orient thinking about healthcare enterprise risk management using the NIST Cybersecurity Framework

Speaker(s): 

Founder,
Herrin Health Law, PC
Continuing Education Credits: 
ABPM
1.00
ACHE
1.00
CAHIMS
1.00
CME
1.00
CNE
1.00
CPHIMS
1.00
IAPP
1.00

Audience: 

CIO, CTO
C-Suite
Security Professional

Level: 

Advanced

WHERE THE WORLD
CONNECTS FOR HEALTH