The CSO perspective on healthcare security and compliance
by Mirko Zorz - Editor in Chief - Monday, 20 May 2013.
What advice would you give to CSOs when it comes to requesting a budget increase?

Before a budget request can be made a CSO must know where the monies will be best spent. An honest self-examination of the security controls within the organization and using tools such as a color-coded risk profile as described in the report are a great way of showing the security posture of the organization to an executive in charge of finance.

Itís important to be able to help the CFO, or other executives working with the company budget, to understand the areas that need to be shored up and to translate these security requirements to business needs. By doing so, it helps grease the budget wheels to ensure the CSO gets the funds needed to be effective in securing the organization.

Itís been my experience that itís the CSO who has the ability to show the benefits of the security program in business terms, rather than the experienced security professional, that tend to get the budgets they need.

What's your take on increased cloud adoption? Are you moving some of your resources into the cloud?

Clouds, like BYOD, are a blessing and a curse. My organization utilizes a number of professional cloud providers to augment services we are not properly staffed for, or donít want to operate ourselves. However, while the conversations with these provides mainly center around application performance and capacity, few talk about security or compensation avenues for the loss or exposure of data.

With that said, many cloud providers are improving their service documents to provide better compensation clauses in their contracts but this is still a lingering problem in the cloud provider industry. In our experience with the inconsistent state of security of many cloud vendors, my organization as a practice does not allow PHI, PII, or other confidential information to be sent to a cloud. I expect as cloud providers mature their security practices that this will slowly change over time.

Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Sep 3rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //