CHIME AGENDA - Dallas| December 6, 2016

This program qualifies for 5.5 Continuing Education Units (CEU) towards the CHIME Certified Healthcare CIO (CHCIO) Program. CHIME recognizes 1 hour of participation as equivalent to 1 CEU.
CHIME members and Affiliates may claim CEUs for the LEAD forum by entering them into the CHIME Continuing Education Credits form on the CHIME website.
Program Overview and Learning Objectives 
A top priority for every CIO today is protecting their organization from cybersecurity threats and breaches.  Attendees of this day-long forum will learn about the key components of an effective cybersecurity strategy as well as approaches any organization can take to gain employee-support and engagement.  Cybersecurity begins with awareness which can be the first step in prevention of attacks. In addition to learning approaches to incorporate awareness into a winning organizational cybersecurity plan, you'll gain insights from industry experts on developing, implementing and using cybersecurity plans in time of breaches as well as tips on engaging the organization so cybersecurity becomes a part of everyone’s job.
 Learning Objectives:
  • Identify key steps in preparing an organization against cybersecurity threats and breaches including security frameworks and control measures
  • Define key components of an effective cybersecurity plan including prevention, response and recovery approaches for successful implementation and staff adoption
  • Examine the latest compliance and legal requirements around cybersecurity and ways they can be leveraged by organizations
  • Discuss opportunities to incorporate cybersecurity awareness into the fabric of an  organization and the employee mindset
08:00 - 09:00am
Registration and Continental Breakfast
09:00 - 09:15am
Welcome and Review of the Goals and Objectives of the Meeting
09:15 - 10:00am
Brought to you by:
Essential Factors for Cybersecurity Preparedness
A good defense is the best offense!  Organizations must always take a proactive stance of preparedness and integration of effective cybersecurity into the organization ranging from strategic planning, operations, process, workflow to security controls.  This session discusses the key components to effectively prepare for a breach, including IT and non-IT functions.
Learning Objectives:
  • Identify healthcare and non-healthcare strategic security frameworks and ways to leverage these both today and in the future
  • Define IT and non-IT security assessments and best practices for overall management and controls including working with third party trading partners
  • Outline strategies for building and retaining security staff talent and expertise
  • Identify approaches to securing adequate funding to support your organization’s security strategies and activities plan
Dave Kythe, CISSP, CISM, VP, Security Services and Strategy, Redspin, An Auxilio Company;
Chani Cordero, CHCIO, FACHE, CIO, Medical Education Training Campus, Defense Health Agency
10:00 - 10:30am
Networking Break
10:30 - 11:15am

Brought to you by:
Winning Cybersecurity Strategies Focused on Prevention, Detection, Response and Recovery
Healthcare providers are key targets for today’s security breaches.  Demonstration of effective preparedness and prevention occurs with an organization’s detection, response and recovery to intrusions and breaches.  This goes beyond technology to include how an organization deals with the community, patients, medical staff, payers, other trading partners as well as internal staff.  This session presents real-life breach scenarios, how the organizations responded and what safeguards they implemented to prevent further attacks.
Learning Objectives:
  • Discuss tools and processes that effectively positions organization to respond to threats and breaches
  • Identify an effective incident management process including timeline, detection, response, escalation, mitigation, communication and non-IT recovery activities
  • Evaluate effective strategies for training all organizational staff for response and recovery management
11:15 - 12:15pm
Networking Lunch
12:15 - 1:00pm
Process Makes Perfect: Strategies for Cybersecurity Success
Various cybersecurity legal and compliance requirements must be met by today’s organizations.  In addition to external requirements, the organization must establish effective internal cybersecurity accountability and organizational and IT governance to achieve successful preparedness, response and recovery.   Compliance with effective security practices leads to effective shared governance. This session unravels this complex aspect of cybersecurity and equip organizations with the latest knowledge to remain on point.
Learning Objectives:
  • Discuss strategies and best practices with development, implementation and management of an effective organizational-wide risk management and compliance programs
  • Identify best practices for organizational and IT governance, accountability and oversight responsibilities including the intersection of good governance practices with compliance
  • Identify legal and other compliance requirements and any associated challenges for consideration in an effective risk management program  
01:00 - 01:30pm
Networking Break
01:30 - 02:15pm
Case Study
In this session, attendees will have the opportunity to react to a real-life cybersecurity scenario.  Participants will assess the case in small groups and explore how they would address the problem.  Groups will then share what they have learned through experience and analysis.
02:15 - 02:45pm
Networking Break
02:45 - 03:30pm
Developing and Managing an Ongoing Risk Management Program
Managing cybersecurity is an ongoing process and requires an organization to have a continuous learning environment in order to be effective dealing with threats and breaches.  Organizations must have ongoing risk management programs that involve processes and workflow as well as technology.  This involves reaching outside the healthcare industry for insights, best practices and approaches to address cybersecurity. In this session, discover how to stay vigilant by equipping yourself with the latest trends and strategies, and ways to encourage open knowledge sharing between peers focused on effective risk management programs.
Learning Objectives:
  • Identify strategies that fosters an organizational culture of continuous learning and process improvement for effective risk management programs including  prevention and awareness
  • Discuss strategies and approaches to maintain current working knowledge of cybersecurity  and effective risk management programs along with  ways to leverage industry knowledge to support effective organizational protections
  • Evaluate the experience from those outside of healthcare and learn how non-healthcare industry experience can be leveraged in your organization
Moderator: Adrienne Edens, LCHIME, FCHIME, CHCIO, VP, Education, CHIME
03:30 - 04:00pm
Program Insights & Final Q&A