There are the highly regulated industries and then there’s everybody else. Cyber Security Hub’s first Financial Services Summit was a great success gleaning lessons learned from some of the best and brightest in the sector for a cross-industry audience. We replicate that structure featuring best of breed cyber security leaders in Life Sciences & Healthcare April 13-14; please join us.
While there are industry-specific focus areas particularly for healthcare and life sciences cyber security executives, all cyber security executives will benefit from attendance. This is the industry after all, where decisions made truly take life and death outcomes into account.
KEY TOPICS INCLUDE:
- Healthcare & Lifesciences Specific Cyber Security
- ZTNA In Highly Regulated Industry
- IoT/OT Cyber Security In Healthcare & Life Sciences
- Vanquishing Insider Threats Through Data Context
- Outpacing Compliance
- Risk Management 2021
- Achieving Forward Posture Cyber Security
The ‘Human Factors Framework’ of Healthcare & Life Sciences Cyber Security
Dennis Leber, CISO, University of Tennessee HSC
The Human Factors Framework is currently being used in healthcare. Dennis shares how executives can utilize the framework to prevent errors in cyber security:
- Looking at the opportunities where the human failed
- Understanding ‘why did they click that’
- Constructing insights from human-based analysis
- Gaining better understanding of the risk landscape
- Further understanding enterprise vulnerabilities
- Identifying substandard controls or a lack of controls
- Conceiving of best practice to ensure prevention in those areas moving forward
Real-Time Zero Trust Network Access For Highly Regulated Industry
Real-time Zero Trust Network Access is an enterprise goal worth scoring. But there is a ton of work and expense that goes into actualizing a real-time zero trust access network. As recently as Q4 2020, 75% of the Cyber Security community utilized VPN for myriad reasons. But the principle logic is that the total timeline and cost for implementation of a ZTNA (outside of the technology itself) is remarkably high.
- Realizing the limitations of your VPN
- Understanding the scope of work that precedes a single-pane-of-glass reality
- Forecasting a realistic timeline for user access upgrades as well as back-end interoperability restructuring
- Ultimately enabling the correct data for the correct user at the correct time in the correct context
The Infinite Perimeter Securing Human Users and IoT Simultaneously
The dovetailing of IT and OT continues as we march towards a 5G enabled IoT informed near future. Network infrastructure and architecture must allow for the interoperability and security of all users- both human and IoT endpoints in real time.
- Realizing the new perimeter is the user or endpoint
- Transforming that identity-first mindset to encompass all users and endpoints
- Engaging change management across the enterprise to ensure all stakeholders are onboard and contributing to the stewardship on a new and truly connected reality
- Enabling SASE to seamlessly gauge the identity entity of all endpoints
Vanquishing Insider Threats By Determining Data Context
It’s been said that the user is the new perimeter. The theory is that if everything is known about the user, the details of how the user is manipulating data can be understood. It has also been said that the new perimeter is data itself. The theory is that if the focus is data-first, privilege can be granted more appropriately.
- Grappling with the fact that the most difficult aspect of SASE adoption will be the understanding of data context
- Securing each identity entity with appropriate context
- Dovetailing the understanding of the user, endpoint and data for true context realization
- Continually assessing the risk associated with and trust granted through privileged data use
Outpacing Compliance, Realizing Risk Management & Achieving Forward Posture Cyber Security in Healthcare & Life Sciences
Randall Frietzsche, Enterprise Chief Information Security Officer (CISO), Denver Health
One of the benefits of being in a highly regulated environment is that there is familiarity with how and when legislation tends to change and when and where subsequent regulatory changes occur. It is precisely in this environment that the outpacing of compliance can happen. When outpacing compliance, getting ahead on risk management becomes more straightforward. That’s how to gain a forward facing cyber security posture.
- Honestly assessing the current state of your cyber security organization, talent, tools and technology
- Thinking beyond privacy and management of PII to ensure readiness for a next layer of regulations
- Conceiving of the next phase associated with current risks to your enterprise to ensure continued management, mitigation and remediation of inevitable incidents
- Engaging in threat modelling based on custom threat intelligence
Leveraging Risk Management Principles To Support IoT Functions: A Panel Discussion
Fred Kwong, CISO, Delta Dental
IoT and OT cyber security is truly here. That fact became all the more apparent when a water treatment plant in Oldsmar, Florida was hacked to attempt to poison the water source. While that hack was unsophisticated, the US has a power grid backdoor which a nation state walked through. It is time for cyber security executives to sound the alarm around IoT security.
- Realizing the scope of change and how you treat the solution
- Scanning for the complete network traffic and segmenting network infrastructure accordingly
- Engaging nuanced controls in the face of the changing landscape
- Examining the new and ever-changing reality of TPRM
- Understanding that risk changes, but your control for risk should remain the same
Countering A Cavalcade Of Threats From Pandemic Response, To Vaccine Distribution To Nation State Activity To The Regular Day Job
Healthcare organizations continue to be overwhelmed in working COVID-19 patients through their systems and services. Life Sciences organizations are now answering the global call and distributing a vaccine, miraculously beginning less than a year after the onset of the disease. Now the SolarWinds breach has brought nation states to the front and center focus of global corporate enterprise. Once those newer issues are worked through, the traditional demands of securing the company still have to be answered.
- Compartmentalizing the cornucopia of threats
- Iteratively managing vulnerabilities
- Anticipating future needs based on the irrational amount of disruption that is occurring
- Advancing the case for 2022 budget to the board throughout 2021
Gaining Advanced Intelligence From Automated Response & Remediation
With limited talent available to cyber security teams, optimizing time spent on the threats that matter is of paramount importance. But simply sifting through threats doesn’t truly optimize time. Time is optimized when the team is working on exceptions offered by automated responses.
- Uncovering the ability to automate response
- Realizing the goal of automated remediation
- Procuring insights from automated remediation
- Making forward-facing decisions based on proven automated remediation lessons learned
Attracting The Talent Needed For Healthcare & Life Sciences Cyber Security
All is naught if the talent is not embedded in the enterprise. Evaluating internal talent to ensure the right mindset is working on organizational threat intelligence is important. Some suggest that each cyber security operation would benefit from having a veteran of the armed services with an intelligence background. With limited cyber security expertise available, alternative sources of talent are necessary.
- Taking stock of the talent in house
- Realizing inherent skill sets currently not being utilized
- Sourcing for additional talent to fit criteria
- Continually refreshing the team as technology advances
Examining The Future Of Cyber Security In Healthcare: A Panel Discussion
Michael Gregory, Information Security Officer, Community Foundation of NW Indiana Inc.
We wrap up the summit by looking forward. We determine what needs to be done in the moment and balance that effort with a plan for the future.
- Cleaning Up Cyber Security Hygiene
- Enabling Business With Cyber Technology
- Realizing vulnerabilities around mergers and acquisitions
- Discovering next steps of cloud security
- Outpacing the narrative on incident response
- Unpacking the Privacy Maturity Model