• Realizing that this framework is currently being used in healthcare and utilizing the framework to prevent errors in cyber security
• Looking at the opportunities where the human fell short
• Understanding 'why did they click that'
• Constructing insights from human-based analysis
• Gaining better understanding of the risk landscape
• Further understanding enterprise vulnerabilities 
• Identifying substandard controls or a lack of controls
• Conceiving of best practice to ensure prevention in those areas moving forward 

---

---

---

Deciding what to build, what to buy, and when to partner is mission critical for healthcare organizations. As security leaders we have more options than ever including SIEMs, SOC-as-a-service, and a range of managed products and services. The challenge is finding the right mix to meet your budget, compliance requirements, and cyber risk tolerance. Join us to learn how healthcare organizations can effectively and affordable meet their goals.

• Identify when purchasing an in-house SIEM is the best option
• Review what capabilities an organization should consider outsourcing first
• Learn how to select a security partner that best meets your needs
• Find the best approach when building your business case

---

---

---

In this session, NetSPI’s Nabil Hannan and RxMx’s Jesse Parente will explore the world of healthcare data management – notably, how to manage sensitive data securely. Delve into the healthcare industry’s regulatory pressures and the biggest cyber threats it faces today, then hear insights on how to:

• Collect, store, and manage your data securely
• Look at your data security program holistically (threat modeling and secure design review)

Lastly, with the pandemic as a catalyst for digital transformation in the healthcare industry, cloud adoption has soared. Nabil and Jesse will discuss the benefits of the cloud for data management and

review its security considerations.

---

---

---

Healthcare and public health organizations are under threat and expected to spend a cumulative $125 billion on cybersecurity from 2020 to 2025. But they will reap little return on this investment if the security controls they employ fail. And they do. What's worse, they fail silently so that breaches keep occurring, even when security leaders are confident that their organizations are protected. Verizon estimates that 82 percent of enterprise breaches should have been stopped by existing security controls but weren't, and the healthcare sector ranks among the highest in the rate of severe security flaws. CISOs are under pressure to pinpoint silent failures and deliver risk assessment and mitigation data that is accurate, comprehensive, and current. It’s only possible if they know what security controls they have in place and how effective they are at detecting and preventing real-world attacks. To improve cybersecurity effectiveness, security teams are transitioning to a threat-informed defense strategy with the MITRE ATT&CK framework, a purple team construct of red and blue teams, and an automated testing platform combined into an engine of optimization.

In this talk, author and former DoD Chief Strategy Officer for Cyber Policy Jonathan Reiber will:

-      outline the evolution of threat-informed defense,

-      discuss the value of MITRE ATT&CK and purple team operations, and

-      show security teams how to move forward towards cybersecurity effectiveness.

Participants will leave with:

-      a clear plan for how to affect change in their organizations and

-      deliver results to safeguard our most important data.

---

---

One of the benefits of being in a highly regulated environment is that there is familiarity with how and when legislation tends to change and when and where subsequent regulatory changes occur. It is precisely in this environment that the outpacing of compliance can happen. When outpacing compliance, getting ahead on risk management becomes more straightforward. That’s how to gain a forward facing cyber security posture.

• Honestly assessing the current state of your cyber security organization, talent, tools and technology
• Thinking beyond privacy and management of PII to ensure readiness for a next layer of regulations 
• Conceiving of the next phase associated with current risks to your enterprise to ensure continued management, mitigation and remediation of inevitable incidents
• Engaging in threat modelling based on custom threat intelligence

---

---