Enterprise Security organizations often find themselves caught between the ever-changing needs of the agile business, and the ever-present, ever-evolving threats to that business. At the same time – all too often we security professionals get caught up in “shiny object syndrome” which leads us to spend poorly, allocate resources unwisely, and generally de-couple from the organization we’re chartered to defend. Knowing how to defend begins with knowing what you’ll be defending, why it is worth defending, and who you’ll be defending from… and therein lies the trick. This blog takes the issue of enterprise security head-on, challenging outdated thinking and bringing a pragmatic, business-aligned, beyond the tools perspective … so follow the Wh1t3 Rabbit and remember that tools alone don’t solve problems, strategic thinkers are the key.
Rafal (Principal, Strategic Security Services)
Continuing on the discussion of Healthcare sector challenges for the CISO, today I cover the notion of risk classifications. While this is a topic as old as Information Security, I present to you an interesting way of doing risk classification that I've used, and I've had others teach to get an idea of what real priorities should be for Information Security in your healthcare organization...
What in the world is going on in the healthcare industry? Is every institution out there getting laptops, desktops and other devices stolen with patient-sensitive data on them? Worse yet, how do the thieves know which devices are unencrypted? This is serious, folks!
Healthcare is an interesting animal when it comes to IT Security. While there is a constant need to stay cutting-edge, there is this requirement for keeping costs down for reasons I really don't want to get into here... The need to stay cutting-edge is rather obvious; the latest advances in technology can mean the difference between life and death to a critical patient. In healthcare, sharing information is both a blessing and a curse, with requirements for openness balanced requirements for confidentiality and security pushing and pulling at IT Security professionals at incredible pressures.