There are many actionable items and methods a CISO can use to minimize risk in the healthcare industry. After all, there are all kinds of tools, project management resources, and resource management solutions that can help keep businesses in order and safe. However, there just a few areas in which action should be taken.

As simple as it might sound, having radical transparency within the security department is a must. Where security operations may fall short is when the department does not know what they really do for the company and/or organization. Setting a clear tone, mission, and overall open doors (within reason) of the overall objectives would help check egos, false impressions, and road blocks from negatively affecting operations.

I have seen both small and big companies have suffer from these issues. The same questions always arise. “What do they really do here?” “Why are they even here?” They create high amounts of toxicities, all of which can separate teams and cause cross-department tension.

The observation can be made that smaller companies are better at this than bigger companies because the former do not have the time and/or overall money/energy to spend dealing with this. In small- to mid-sized companie,s the tone of “either you know it or you do not” is strong, and no one has time for egos to get in the way. Bigger companies have layers that just get in the way, and sometimes, no one knows what each other really does. Establishing pillars for focus areas expertise and running them in parallel with the overall arching mission of “protecting this home” helps to shed light on all the areas of information security.

CISOs need to understand and really understand from a topical and technical level how their environments work and function with their (Read more...)