3 hours 42 minutes
Hello again. Use library, Guardians of goals and superintendents of standards. And welcome to this last lecture of module one hipper resource is and complementary standards This'll Essen is all about. What we need to know is leaders of our security program and our health care organization outside of HIPPA to ensure that we are aligned in delivering
industry best practices in our administrative, physical and technical controls
and in our critical information systems and its surrounding infrastructure. This lecture is about being the best and is a byproduct of running the most efficient and powerful engine under the hood of our race car. We could make sure that we also win our race to compliance. So if you're ready, hang on. The new engine you dropped in looks like it's leaking oil. You better call in that whole pit crew because now we have a problem.
So in today's lecture, we will be reviewing how frameworks can help us in my maturity modeling. Aligning our program with a maturity model and framework can guide us to bettering our program while also delivering against industry best practices, worthy goals for sure, and that standards and frameworks are the path the racetrack that if we build our race car right with the right chassis and frame
the correctly sized engine and tuned
with a gearing shocks and suspension and driven and maintained by a winning driver, you are security leader and are well oiled. Pit crew are heavily trained employees and business associates. While there will be no business outcome other than to win the race and have a health care organization with an optimized and efficient critical infrastructure
that would deliver on our security and privacy goals
while delivering the best patient care and health care to our patients possible.
So the adoption of frameworks and standards will instill confidence in your customers, and there will be more willing to do business with you because you have proven to be reliable and trustworthy with their information. Your partners and business associates will be more willing to entrust you with their data because you have the policies, procedures and controls in place to protect the confidentiality, integrity and availability
of their critical and confidential information.
Your administrative, physical and technical policies, procedures and methodologies, or reduce the overall risk of breaches, exposing confidential data and keeping critical information out of the hands of malicious Internet actors. Your frameworks will guide you in the development and execution of your go to documentation in the case of an emergency, a malware attack or an environmental disaster
that will outline your procedures to ensure your business and patient care services will stay up and running
and through the guidance of modeling of frameworks, you will adopt and deliver critical employees and partner training on the best way to identify critical data, treat and handle data on a daily basis during their work day while in the critical information systems your employees and partners will be using to deliver services, you will be training your people the best way to use and secure data
as part of their daily routines.
And as you can see, the adoption of frameworks and standards or not just best practices for our organization to adopt and use well, there are requirement.
A maturity model is a tool that helps people assess the current effectiveness of a person or group and supports figuring out what capabilities they need to acquire next. In order to improve their performance maturity models or structured as a series of levels of effectiveness, it's assumed that anyone in the field will pass through the levels and sequence as they become more capable.
Working with the maturity model begins with assessment determining which level the subject is currently performing in.
Once you've carried out an assessment to determine your level, then use the level above your own to prioritize what capabilities you need to learn next. This prioritization of learning is really a big benefit of using a maturity model. It's founded on the notion that if you are at level two in something, it's much more important to learn things that level three than level four.
The model thus acts as a guide as to what to learn,
putting some structure on what otherwise would be, um, or complex process. The vital point here is that the true outcome of a maturity model assessment isn't what level you are, but the list of things you need to work on to improve your current level is merely a piece of intermediate work. In order to determine that list of skills to acquire next maturity, modeling will not only prioritized learning,
prioritize budget and improve planning.
What technology do we need to buy and incorporating what processes do we need to adopt and incorporate to get our program from a Tier two to Tier three security program? Modeling is another way for us to judge ourselves, correct ourselves and stares down the correct path to ultimately achieve our business and operational goals.
So there are tons of standards and frameworks. We can choose that by following their guidance into the adoption of their stated principles and practices. We can achieve HIPPA compliance, but I want to call out three specific frameworks that hippo professionals were routinely access when developing and rolling out their programs.
The High Trust Alliance is a professional organization that has a line with specific industries
in our case, healthcare to build out frameworks to help achieve proper information, risk management and compliance. The High Trust CSF for cybersecurity framework was developed to address the multitude of security, privacy and regulatory challenges facing organizations, and it includes federal and state regulations, standards, frameworks
and incorporates a risk management approach.
The high trust CSF help organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security and privacy controls. The high trust CSF includes and harmonizes and cross references existing globally recognized standards, regulations and business requirements, including ISO
You GDP are honest and P C I.
This will help scale controls according to their type. Size and complexity of an organization follows a risk based approach and offers multiple levels of implementation requirements determined by specific risk thresholds for managing data protection and compliance. As you can tell, I'm a fan of high trust,
and this has a specific guidelines special publication
that will be key to any organization seeking HIPPA compliance. Known a special publication 866 it is a true plan and roadmap that helps an organization adhere to the security rule of HIPPA and just 830 which is a risk management guide that will help in organization understand how to identify, classify and prioritize risk
and to adopt a rigorous risk management program
really important and really vital stuff.
So there are some truly amazing standards of frameworks out there that really inspired me to want to achieve great things in the network I support. If we use the next CSF, for example, the cybersecurity framework, the framework breaks down those systems and processes and procedures in our network into five pillars. The best and needed controls around identifying, protecting,
controlling, responding and recovering from threats.
Pretty great stuff. These pillars of risk management include identifying your assets. Governance and policy access and data controls. Awareness and training. Detecting and monitoring security events and behavior anomalies. Incident response planning and incident response procedures like communication plans and lessons learned improvement strategies
and recovering plans and recovery operations.
You just can't get better than this stuff. And if you hear the excitement in my voice, it's because, well, it's this stuff. I'm passionate about helping organizations improve their programs and helping students like you adopt these principles. There is greatness in these programs, and then excellence. Well, excellence is gonna be your delivery able. There are a ton of these standards and frameworks out there.
I really like the Centers for Internet Security and their benchmarks and their best practices.
Kobe. The control objectives for information related technology and a bunch more. Pick one pick to I don't really care learned from there in corporate and learn from them and incorporate them. I do want to call out one point, though, choosing the right framework for your program. Well, that's what's key when I am asked what standard their company should choose. I always answer this way.
How do you want to eat the Elefant?
Eat part of the animal now with quick results. Are you in it for the long haul? For newer programs, the next CSF measures 100 controls, so go get them. If you want a wider and more comprehensive approach, the best practices. Maybe you're more mature. You want a wider approach. You're a bigger organization.
You need to double and triple. Check your controls and make sure that you're complying with anything and everything
and minimizing risk to the absolute best that you can. Well, the next 853. Well, it will measure 300 controls. So how does your program want to eat the elephant? No matter how you slice it, you will be like every other organization out there eating the elephant one bite at a time. But it's the process. It's the frameworks it
standards that will help us
deliver excellence. And we'll identify us and prioritize the goals and what we need to achieve to help us get there.
So we're approaching the end of the race and we could see the checkered flag, So it's time for our quiz question. Name a few reasons why frameworks and standards help us well. By incorporating standards and frameworks and the delivery on best practices, we will still instill confidence in our customers,
and they all want to do business with us. Are partners in business Associates will want to share information with US NPR business partners In our business journey,
we will prove that we will know how to identify, protect, detect, respond and recover from threats that that's this allows us to reduce and minimize risk in our organization. We will have a heightened awareness and our employees and partners through the adoption and incorporation of comprehensive employee training and testing.
And our people will know the best and most secure ways to manage and work with our critical and confidential information.
And we will have developed an incorporated business continuity plans and incident response procedures to be agile and responsive to organizational emergencies that threaten the confidentiality, integrity and availability of our information. Really, really good stuff. And it's how we will absolutely be in the first place when we cross the finish line and take the checkered flag.
So in today's. Actually we learned how frameworks and standards can help us and how standards and frameworks can help us achieve things like HIPPA compliance and delivery bols like excellence and by the use of maturity modeling Well, it can help us achieve and get to a delivery ble that will call out and identify a list of things that we need to achieve to get to our next level of maturity
and what we need to buy and incorporate and adopt and implement
to help us get to that next level is well and so now we're finished with module one. Yea, and ready for module to which is gonna be a really fun review and walk through a hipper program management around the controls, policies and procedures that we need to have in place to make sure that we're HIPPA compliant. So if you're ready, let's go have fun and module to.
So thanks for sitting through module one. We hope you learned a lot about the HIPPA. Regulations like the security rule privacy rule in breach notification, were now off to module to the controls and safeguards we need to have adopted and implement to manage and maintain our HIPPA compliance program module to will be really informative and a lot of fun. So until next time, on behalf of all of us here at Cyber A
course creators back office. Well, thanks so much for joining us. We hope you're having some fun. And we look forward to seeing you in module to until next time. Thank you. Take care and happy journeys.