Online Safety Community

CISOs map out their cybersecurity plan for 2018

When Omar F. Khawaja compiled his priority list for 2018, he didn’t include which security technologies he wanted or how many IT staff he hoped to hire.

Instead, the CISO at Highmark Health — a healthcare management and insurance provider whose portfolio includes Allegheny Health Network, United Concordia Dental and Visionworks, among others — articulated an overarching strategy on how the cybersecurity plan should fit within the national organization’s business strategy.

network-security-and-big-data-analytics-2-638https://compliance4all14.files.wordpress.com/2018/02/network-security-and-big-data-analytics-2-638.jpg?w=150&h=113 150w, https://compliance4all14.files.wordpress.com/2018/02/network-securi... 300w, https://compliance4all14.files.wordpress.com/2018/02/network-securi... 638w" sizes="(max-width: 563px) 100vw, 563px" height="313" width="417" />

“While I do realize that I will need technology to enable many of the things I’m trying to do [this] year and going into 2019, my goal isn’t to deploy technology, but to realize certain outcomes,” said Khawaja, who works out of Highmark’s Pittsburgh headquarters.

Khawaja broke his cybersecurity plan down into five key areas of focus.

First, he wants to look at how his team makes decisions. “There are always more opportunities to make more impact and add more controls than there are the resources and time to do so,” he said. “So how do we create a decision-making framework so we get [our priorities in order]? And we’re not doing things because it’s a shiny object, but instead because it [has] real business impact?”

Second is organizational change management. The corporate security team needs to be confident that staff throughout Highmark Health, and its subsidiaries, adapt practices and processes to maximize the value of the implemented security protocols and technologies.

Next, Khawaja wants to ensure his team’s cybersecurity plan is aligned with the top business risks, so that the cybersecurity program “isn’t a security program but a risk-management program.”

The healthcare organization also wants to focus on operational excellence and customer satisfaction. “We absolutely have to understand what objectives we’re trying to achieve and who our key stakeholders are,” Khawaja said. “It’s not that we just simply secure the place, but we do it in a way that’s excellent. We have to do it at 100%, and we’ve got to be at 100% every single time.”

While Khawaja’s plans may sound ambitious, he is not alone. Studies show that executives increasingly recognize that a cyberattack could cripple their operations and mean millions in lost business and reputational damage as well as in cleanup costs. The National Association of Corporate Directors’ 2017-2018 Public Company Governance Survey found that cybersecurity threats ranked among the top five trends expected to have the greatest effect on business in the upcoming year.

For Continuation http://bit.ly/2E4Ndsj

Views: 135

Comment

You need to be a member of Online Safety Community to add comments!

Join Online Safety Community

Take our poll!

Take our poll!

Latest Activity

Mark Nilson posted events
17 hours ago
Roger Steven posted events
18 hours ago
Training Doyens posted events
18 hours ago
Adam Fleming posted a blog post

INFRARED SPECTROSCOPY Is Crucial to Your Business. Learn Why!

Near-Infrared Spectroscopy, NIR or NIRS, is considered a superior method assay to traditional ones, which are destructive and also reduce the number of doses for sale. It overcomes these drawbacks by being both rapid and nondestructive, which helps it respond to the pressures in the pharma industry for generating more and more data, which leads to more assays that bring these inevitable downsides.In being responsive to the physical and chemical environment of…See More
yesterday

Forum

Workplace safety for workers other than your own 1 Reply

Do your workplace/traffic safety plans include safety measures for workers who are not your own employees? Do they take into account the safety of those who will be - or could be - at your workplace,…Continue

Tags: emt, paramedics, emergency, occupational, health

Started by John Petropoulos Memorial Fund. Last reply by Jen McDade yesterday.

What % of Dollars should be bugeted for All Safety Training for a "Heavy Equipment Road Construction" company with 100 employees? 1 Reply

I have been at a Highway and Road Construction company for six months. I am developing a (first) complete training program. I am the 1st full time safety hire for this company. I need to develop a…Continue

Started by JTurpening. Last reply by Jen McDade on Tuesday.

Technology and Safety 1 Reply

What are the most useful tools to have at your fingertips? -Toolbox Talks-JSA-JHA-Daily Reports, etc. What is falling through the cracks that could be an easy fix? Safety Managers, Coordinators and…Continue

Tags: safety

Started by Drew stone. Last reply by Jen McDade Feb 15.

Important of Warning sign 1 Reply

Warning sign is a type of traffic sign that guide a hazard ahead on the road. Having proper warning sign on the road provide a healthy environment.Continue

Tags: Signs, Workplace, Safety, Sign, Warning

Started by healthandsafetysigns. Last reply by Jen McDade Jan 14.

Workers paticipation in safety management 2 Replies

Workers paticipation in safety management is the aspect which is required to be implemented in the OHSAS 18001 2007 version. , I invite our experience community members to share their views on the…Continue

Tags: management, safety, in, paticipation, Workers

Started by SafetyRaja. Last reply by Tara safe Dec 27, 2018.

Badge

Loading…

© 2019   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service