Meditology Partner, Brian Selfridge will speak at HIMSS Midwest Fall Technology Conference - October 22-24, 2017
Meditology IT Risk Management Partner Brian Selfridge, along with Mitch Parker of Indiana University Health, will present during the HIMSS Midwest Fall Technology Conference. The conference takes place October 22-24, 2017 in Indianapolis, IN.
On Monday, October 23, Brian and Mitch will present on the topic: Effective Governance Risk & Compliance: Seeing the Forest for the Trees
Read a synopsis of the session below:
The cyber battle plays out on many fronts. Ransomware, malware, regulatory gaps and third parties, to name a few, are all threats to your healthcare organization’s security. How does your organization begin to get a handle on prioritizing these risks with limited budgets and resources?
The implementation and execution of a comprehensive Governance Risk and Compliance (GRC) program creates a communication vehicle for executive leadership and aligns security initiatives to an organization’s strategic priorities. GRC approaches can vary widely across organizations and often fall victim to common pitfalls including overly-granular risk tracking processes, poorly-defined resource planning, building processes to fit a specific GRC tool or technology, gaps in communication with key stakeholders, and more.
This session will provide an overview of how to build a strong GRC program that applies lessons learned from GRC implementations and addresses the people, processes, and technologies required for managing enterprise security risks for healthcare entities.
This presentation will discuss pragmatic approaches for aligning with industry leading risk management frameworks including the National Institute for Standards and Technology (NIST) 800-39 Publication. The session will also cover effective communication approaches for translating risk posture to executive leadership, technical resources, and other stakeholder groups.
The presentation will provide practice guidance from experienced industry CISO’s to protect your organization’s information and information systems to make informed judgments and investments that appropriately mitigate risk to an acceptable level.