Patrick Ouellette recently wrote about the importance of Why Healthcare CISOs Must Prioritize, Organize Threat Data, an article about how CISOs can best react to the high volume of risk reports. There are always new threats popping up, and not just in malware, and it’s up to the CISO to decide how best to allocate resources for the maximum benefit to data security.
As discussed in the article, which contains opinions from Heather Roszkowski, CISO at Fletcher Allen Health Care and Mac McMillan, CEO of CynergisTek, there are questions CISOs should ask when assessing and prioritizing threats and deciding on solutions:
As the article notes, it’s best to avoid gut reactions to “fix” immediate threats with the first available solution, as reacting too quickly can cause you to implement the wrong tool, which wastes both time and money. The best solutions to implement, notes the article, are those that “solve multiple problems.” Such solutions include data loss prevention (DLP) and often mobility management tools.
Having a strongly designed security environment, with layered security options, means that when an issue arises, you are more flexible to address it. The article cites an example of an unexpected patch. If you have a way to easily roll-out system updates, this is no problem.