1 CISO's 5 pillars of an effective cybersecurity program

In a March 8 session at HIMSS 2018 in Las Vegas, Kevin Charest, chief information security officer of the Health Care Service Corporation (HCSC), outlined the five pillars of its cybersecurity program.

In the session, Charest offered insight into improving cybersecurity. Keys included identifying barriers in building a cybersecurity program and accessing an existing cybersecurity program. Professionals also need to determine how to improve an existing programs and measure effectiveness.

Charest stated effective cybersecurity must move at the speed of business and drive digital transformation with continuous evaluation. It also needs to be fully integrated to enable and protect business innovation.

Charest outlined the five pillars of HCSC’s cybersecurity program:

  1. Governance, risk and compliance: Set the organization’s security strategy and enable governance functions to manage security risk. Policies needs to evolve to address changing risks in the IT environments. Additionally, specified employees training, including gamification and phishing, is needed to build an organization’s ability to quickly adapt to disruptions while maintaining continuous business operations and safeguarding patients, assets and reputation.
  2. Security architecture and engineering: Design and engineer security solutions to protect enterprise from known and potential risks and threats. Build and enhance technical security investments, ensuring expected business value and risk reduction are achieved. This is done by delivering cybersecurity engineering in an agile manner to establish solutions that are resilient, flexible and efficient. Confidentiality and integrity of data needs to be secured through standardization and automation.
  3. Information security operations: Manage and operate security solutions to help detect security vulnerabilities and events that pose risks to the enterprise. Use an in-house, out-sourced or hybrid approach. Include platform management, operational process and standards enforcement, threat and vulnerability lifecycle management and operational metrics.
  4. Cyber defense operations: Respond, investigate and remediate incidents and potential breaches while enhancing architecture and operations through continuous feedback. Restrict pivots through host-based security tools and system hardening and lateral movement with network segmentation and choke points. Identify activity, correlate malicious activities and identity anomalous or abnormal use of accounts and systems. Quarantine the compromised area of the network, prevent exfiltration of data, eradicate the threat and resume normal business operations.
  5. Business engagement: Incorporate cybersecurity into everyday business decisions processes and interactions with the customer. The cycle of engagement includes understanding customer needs, leveraging operational resources and feedback to IT and business groups.