After nearly eight years as chief information security officer at Temple Health University Health System, Mitch Parker last September joined Indiana University Health. There, he told executives what he had told his team at Temple cyber threats are not an information technology department problem but a security problem. CISOs who are new to an organization need to stress the challenges that cyber threats represent and the adequacy, or lack thereof, of current security procedures, Parker said Sunday during a presentation at HIMSS17. That starts with educating other executives about breaches why they occur in the first place, the importance of discussing the technology behind breaches, but most importantly, the processes and failures that cause breaches.
CISOs should talk about the cyber environment using non-biased sources from firms such as Gartner, Ponemon and health insurers to report to colleagues on trends and emerging threats. And they need to insist that the organization join cyber threat sharing initiatives across their region and the industry.
Information security must be tied to two enterprise levels information systems and the organization strategy, Parker stressed. Metrics need to focus on augmenting and supporting the overall strategy, he adds. Parker suggested adopting the Lean methodology for improving security performance, as the program is all about process improvements and asking why less than optimal processes continue to exist. And employees responsible for information security, regardless of where in the organization, should be told that they need to understand Lean. Further, Lean should be used to design and maintain systems covering business customers, enterprise architecture, legal contracting, compliance, supply chain and enterprise risk scoring, making sure that various teams are on the same page with security.
This is grunt work, Parker warned: You can t buy your way into this.
If an organization decides to purchase cyber insurance, it must understand the need to complete a comprehensive risk assessment that includes pointed questions to determine the strength of the security program. Not only are insurers looking for that assessment, but so also is the HHS Office for Civil Rights, which enforces the HIPAA privacy, security and breach notification rules. Good information security, Parker said, has its hooks in clinical risk management, insurance, emergency preparedness, privacy, corporate compliance, supply chain, revenue cycle, information management and Joint Commission requirements, among others. To be successful with this laundry list, an organization must embrace change management in an overall enterprise model, Parker advised. If one player says, I do my own change management, it won t work. Either there s one change management program or there s none.
- ^ 4 reasons to prioritize cloud security this year (www.healthdatamanagement.com)
- ^ 10 lessons learned from 2016 s biggest data breaches (www.healthdatamanagement.com)
Surveillance footage obtained and released by Japan s Fuji TV purportedly shows a woman attacking and killing Kim Jong-nam. The elder half-brother of Korean dictator Kim Jong-un was murdered in Kuala Lumpur International Airport on Feb. 13. The video, which has not been independently verified, shows a bald man in a tan suit walking around the airport while carrying a backpack. In the following clip, at two angles, footage shows a woman entering a line of people, grabbing the man by the head, and walking away (fast forward to 1:09 and 3:55 for the clearest footage of the incident).
Police have detained four suspects for alleged involvement in the attack, including 28-year-old Doan Thi Hoang, from Vietnam, and 26-year-old Siti Aisyah, from Indonesia. The woman that attacks the person believed to be Kim dons a white shirt and neck-length hair not unlike a suspected female assailant wearing an LOL t-shirt in a photo widely shared last week. Kim s death has caused a breakdown in the once-cozy relations between Malaysia and North Korea. Pyongyang s ambassador accused Malaysia s government of colluding with hostile forces and denounced it for carrying out an autopsy without its cooperation. Malaysia, meanwhile, has withdrawn its diplomatic envoy from Pyongyang.
Yet the deeper implications of Kim s death for East Asian geopolitics remain unclear. On Saturday (Feb. 18) China announced it would cease all coal imports from North Korea. It claimed the measure was simply in compliance with UN sanctions against North Korea, but the timing day s after Kim s death, and one week after North Korea s most recent nuclear test suggest Beijing is losing patience with the regime in Pyongyang.
Korean media has speculated that China had hopes (however far-fetched) that Kim Jong-nam, who had spoken out against his family s totalitarian leadership in the past, would defect to the South and establish a government-in-exile as the first-born son and rightful successor to Kim Jong-il. The murder of Kim Jong-nam has put to rest any such notions.
Read full story
- ^ was murdered (qz.com)
- ^ widely shared (qz.com)
- ^ once-cozy relations (qz.com)
- ^ colluding with hostile forces (www.cbc.ca)
- ^ withdrawn its diplomatic envoy (www.bbc.com)
- ^ cease all coal imports (edition.cnn.com)
- ^ establish a government-in-exile (askakorean.blogspot.hk)
- ^ Giving up alcohol opened my eyes to the infuriating truth about why women drink (qz.com)