CHIME AGENDA - Nashville | August 10, 2016
This program qualifies for 5.5 Continuing Education Units (CEU) towards the CHIME Certified Healthcare CIO (CHCIO) Program. CHIME recognizes 1 hour of participation as equivalent to 1 CEU.
CHIME members and Affiliates may claim CEUs for the LEAD forum by entering them into the CHIME Continuing Education Credits form on the CHIME website.
Program Overview and Learning Objectives
A top priority for every CIO today is protecting their organization from cybersecurity threats and breaches. Attendees of this day-long forum will learn about the key components of an effective cybersecurity strategy as well as approaches any organization can take to gain employee-support and engagement. Cybersecurity begins with awareness which can be the first step in prevention of attacks. In addition to learning approaches to incorporate awareness into a winning organizational cybersecurity plan, you'll gain insights from industry experts on developing, implementing and using cybersecurity plans in time of breaches as well as tips on engaging the organization so cybersecurity becomes a part of everyone’s job.
Learning Objectives:
- Identify key steps in preparing an organization against cybersecurity threats and breaches including security frameworks and control measures
- Define key components of an effective cybersecurity plan including prevention, response and recovery approaches for successful implementation and staff adoption
- Examine the latest compliance and legal requirements around cybersecurity and ways they can be leveraged by organizations
- Discuss opportunities to incorporate cybersecurity awareness into the fabric of an organization and the employee mindset
08:00 - 09:00am
Registration and Continental Breakfast
09:00 - 09:05am
Welcome and Opening Remarks
George W. McCulloch, Jr, MA, MBA, FCHIME, CHCIO, EVP, Professional Development and Membership, CHIME
09:05 - 09:15am
Review of the Goals and Objectives of the Meeting
David Finn, CISA, CISM, CRISC, Health Information Technology Officer, Symantec
09:15 - 10:00am
Effective Cybersecurity Begins with Organizational Culture
Security breaches are a constant and formidable threat. An organization must continuously be alert and seek out the latest trends and challenges around cybersecurity threats and breaches to keep patient data safe. In addition, they must routinely monitor for vulnerabilities and weaknesses within the organization to be aware of potential risks. The core foundation to any effective security program begins with the overall governance and the organization’s culture. This is not a technology project! This session addresses the latest strategies and approaches, from both healthcare and non-healthcare industries, for integrating security programs into the fabric of organizations.
Learning Objectives:
- Analyze the current and rapidly changing cybersecurity landscape
- Define basic principles of sound cybersecurity strategy and management
- Evaluate strategies for Board and organizational awareness, education and communication
Scott Augenbaum, Supervisory Special Agent; Federal Bureau of Investigation - Memphis Division
10:00 - 10:30am
Networking Break
Essential Factors for Cybersecurity Preparedness
A good defense is the best offense! Organizations must always take a proactive stance of preparedness and integration of effective cybersecurity into the organization ranging from strategic planning, operations, process, workflow to security controls. This session discusses the key components to effectively prepare for a breach, including IT and non-IT functions.
Learning Objectives:
- Identify healthcare and non-healthcare strategic security frameworks and ways to leverage these both today and in the future
- Define IT and non-IT security assessments and best practices for overall management and controls including working with third party trading partners
- Outline strategies for building and retaining security staff talent and expertise
- Identify approaches to securing adequate funding to support your organization’s security strategies and activities plan
Moderator: George W. McCulloch, Jr, MA, MBA, FCHIME, CHCIO, EVP, Professional Development and Membership, CHIME
David Finn, CISA, CISM, CRISC, Health Information Technology Officer, Symantec
Arny Epstein, Chief Architect, Imprivata
Patty Lavely, SVP & CIO, Gwinnett Medical Center
Winning Cybersecurity Strategies Focused on Prevention, Detection, Response and Recovery
Healthcare providers are key targets for today’s security breaches. Demonstration of effective preparedness and prevention occurs with an organization’s detection, response and recovery to intrusions and breaches. This goes beyond technology to include how an organization deals with the community, patients, medical staff, payers, other trading partners as well as internal staff. This session presents real-life breach scenarios, how the organizations responded and what safeguards they implemented to prevent further attacks.
Learning Objectives:
- Discuss tools and processes that effectively positions organization to respond to threats and breaches
- Identify an effective incident management process including timeline, detection, response, escalation, mitigation, communication and non-IT recovery activities
- Evaluate effective strategies for training all organizational staff for response and recovery management
Moderator: George W. McCulloch, Jr, MA, MBA, FCHIME, CHCIO, EVP, Professional Development and Membership, CHIME
01:00 - 01:30pm
Networking Break
Process Makes Perfect: Strategies for Cybersecurity Success
Various cybersecurity legal and compliance requirements must be met by today’s organizations. In addition to external requirements, the organization must establish effective internal cybersecurity accountability and organizational and IT governance to achieve successful preparedness, response and recovery. Compliance with effective security practices leads to effective shared governance. This session unravels this complex aspect of cybersecurity and equip organizations with the latest knowledge to remain on point.
Learning Objectives:
- Discuss strategies and best practices with development, implementation and management of an effective organizational-wide risk management and compliance programs
- Identify best practices for organizational and IT governance, accountability and oversight responsibilities including the intersection of good governance practices with compliance
- Identify legal and other compliance requirements and any associated challenges for consideration in an effective risk management program
Moderator: George W. McCulloch, Jr, MA, MBA, FCHIME, CHCIO, EVP, Professional Development and Membership, CHIME
Garrett Hall, Research Director – Cyber Security, Implementation Services, KLAS Enterprises
Dave Kythe, CISSP, CISM, VP, Security Services and Strategy, Redspin, An Auxilio Company
02:45 - 03:30pm
Developing and Managing an Ongoing Risk Management Program
Managing cybersecurity is an ongoing process and requires an organization to have a continuous learning environment in order to be effective dealing with threats and breaches. Organizations must have ongoing risk management programs that involve processes and workflow as well as technology. This involves reaching outside the healthcare industry for insights, best practices and approaches to address cybersecurity. In this session, discover how to stay vigilant by equipping yourself with the latest trends and strategies, and ways to encourage open knowledge sharing between peers focused on effective risk management programs.
Learning Objectives:
- Identify strategies that fosters an organizational culture of continuous learning and process improvement for effective risk management programs including prevention and awareness
- Discuss strategies and approaches to maintain current working knowledge of cybersecurity and effective risk management programs along with ways to leverage industry knowledge to support effective organizational protections
- Evaluate the experience from those outside of healthcare and learn how non-healthcare industry experience can be leveraged in your organization
Moderator: David Finn, CISA, CISM, CRISC, Health Information Technology Officer, Symantec
03:30 - 03:55pm
Program Insights & Final Q&A
03:55 - 04:00pm
Closing Remarks
George W. McCulloch, Jr, MA, MBA, FCHIME, CHCIO, EVP, Professional Development and Membership, CHIME