Session ID: 
12

Leveraging Metrics to Tell Your Security Risk Story

10:30am - 11:30am Tuesday, March 10
Orlando - Orange County Convention Center
W308A

Description

Health systems assess risk in numerous ways as part of their ongoing security, privacy and compliance programs, which provide detailed data and insights on the vulnerabilities and risks facing the organization. However, organizations struggle to interpret and leverage the data to effectively communicate risk in contextual and understandable terms for senior leaders. This session will outline how to make risk assessment data actionable by highlighting key metrics and processes that will effectively illustrate health system’s risk and tell a “risk story” that will make understanding security risk accessible and in-context for leadership and non-technical teams. Presenters will also elaborate on the best practices for educating the C-suite on setting organizational risk tolerance, share which metrics resonate most with different audiences within a health system, and demonstrate how to build a customized dashboard/program to tell the risk story of the organization.

Learning Objectives

  • Translate security, privacy and compliance risks into business risks to engage with the C-suite on identifying organizational risk tolerance and priorities for risk mitigation
  • Develop a strategy to track risks across business lines in an organization for holistic risk management
  • Assess the data and metrics required to develop customized risk dashboards and profiles for organizations to improve the identification, prioritization and mitigation of various security and privacy risks
  • Outline how to tell a “risk story” that puts risk data in perspective for various internal audiences, allowing them to better understand the different types of risk and determine which risk to act on
  • Describe how to build a risk management program to include the right operational steps; i.e., risk stratification, vendor tiering, quantitative vs. qualitative, formal exception management, etc.

Speaker(s)

Enterprise Chief Information Security Officer,
Denver Health
Director of Security Services,
CynergisTek

Continuing Education Credits

ABPM
1.00
AHIMA
1.00
CAHIMS
1.00
CME
1.00
CNE
1.00
CPHIMS
1.00
IAPP
1.00

Audience

CIO/CTO/CTIO/Senior IT
CISO/CSO
Information Management Professional

Level

Intermediate