WSHA will host a cybersecurity event from 8:30 a.m. to 2 p.m. Monday, April 22 at The Conference Center at Seattle-Tacoma International Airport to elevate and evolve cybersecurity professionals’ skills by providing proven best practices in the field. The event will focus on the most difficult organizational challenges chief information officers, chief information security officers or anyone responsible for health care cybersecurity may face. Register here.
Health care IT and security leaders are tasked with establishing and executing a sound cybersecurity strategy with limited resources and budgets. Yet, health care leaders have had few resources to develop effective cybersecurity leadership skills. The curriculum will focus on four key areas, divided up by hours.
The event will take place in International B Room, and coffee, light breakfast and lunch will be provided.
Hour one: Justifying cybersecurity investments
One of the most difficult challenges cybersecurity professionals face is the economics of their strategy. Often, it is difficult to determine the return on investment, financial effectiveness and overall value of a cybersecurity program.
In this section, you will learn:
- Establishing a cybersecurity investment percentage
- Utilizing risk/control gaps to prioritize investments
- How to deal with financial constraints and realities
- Measuring return-on-investment effectively
- Demonstrating financial risk and liability
- Financial strategy basic concepts for cybersecurity
Hour two: Developing a cybersecurity roadmap
This section will guide you through effective practices on developing a meaningful and useful cybersecurity roadmap. Although many organizations establish objectives for their cybersecurity programs, they rarely, if ever, develop a comprehensive cybersecurity roadmap. The lack of a roadmap leads to difficulties in answering executive inquiries regarding the long-term evolution of the organizational strategy. The lack of a cybersecurity roadmap also makes it difficult for those outside IT security or compliance to engage in meaningful strategic conversations.
In this section, you’ll learn:
- Understanding the value of roadmaps in cybersecurity
- Common roadmap pitfalls
- Tracking and reporting progress
- Utilizing agile practices in cybersecurity
- Effective priority management
Hour three: Establishing a metrics-driven cybersecurity program
This section will guide you through effective practices in developing a meaningful and useful metric-driven cybersecurity program. The institution of a metric-driven cybersecurity program is a sign of cybersecurity maturity. It is also a powerful way to describe progress and achievements that can help bridge understanding between business units.
In this section, you’ll learn:
- Why cybersecurity metrics matter
- Identifying critical cybersecurity metrics
- Utilizing cybersecurity metrics to drive change
- Tracking and reporting cybersecurity metrics effectively
Hour four: Simplified and realistic incident response
This session provides the latest and most effective real-world incident response tactics. Based on a leading-edge approach known as “tactical cybersecurity,” the session will elevate and reimagine your ability to deal with cybersecurity attacks.
In this section, you’ll learn:
- The 14-minute response window
- The rapid response methodology
- How to decentralize command and control
- Employing tactical operations mindsets in incident response
- Integrating protocols and immediate action drills into incident response
Hour five: AI policies and procedures for health care
Artificial Intelligence in health care is an exciting but complicated frontier. While the possibilities are almost limitless, its impact is equally extensive. Health care organizations must adopt a proactive, structured approach to integrating AI into their existing frameworks. Through the implementation of policies aligned with ethical standards and compliance frameworks, health care providers can navigate this complex landscape with confidence. This section will walk you through a comprehensive set of AI policies and procedures focused on the implementation, governance and risk management of AI technologies in health care settings.
In this section, you’ll learn:
- How to define AI-specific policies and procedures
- Establish AI risk assessments and compliance procedures
- The impact of AI on disaster recovery plans
- How to crosswalk your policies and procedures to HIPAA, NIST CSF and NIST 800-53
If you have any questions, please reach out to Jonathan Bennett at jonathanb@wsha.org. (Jonathan Bennett)
