The New Age of Information Security

John Kahanek IV, CISSP, CGEIT, and Linda Ricca, RN, CLNC, CSC, discuss a paradigm shift to consider in defining an organization’s information security framework, governance and reporting structure. This shift impacts security policies and procedures, and assigned authority and accountability for resolving risk. A high functioning Information Security Governance guides policy development, risk acceptance, and even vendor processes. Policies and processes written based on sound security practices enable smooth risk mitigation decisions related to patients, employees, physicians, third party partners, and the organization as a whole. Well thought out security governance provides for consistent risk mitigation decisions and allows the information security department to act as a trusted adviser to the business owners. Integration of information is becoming more ubiquitous, regulations are becoming tighter, and the fines are becoming steeper; Information Security is no longer a tactical issue but has moved to a strategic issue which is tied to business owners and C-Level executives. Blinded client case studies are used to provide specific examples during the discussion.