• To maintain reputation.
Organizational cybersecurity strategy and risk profile
How should health care organizations respond to the challenge of cybersecurity? How do they go about putting an infrastructure in place, and what is the high-level plan? The first step is to quantify the actual risk in question. An assessment of potential organizational risk enables the proper framing of the problem. Every organization has a different risk profile and tolerance, so this necessary step will aid in actually scoping the problem and ensuring that the solution is an appropriate fit. The goal in this step is to get the organization to start thinking in terms of cybersecurity risk and to develop a target risk profile that is acceptable across the enterprise.
Ad Statistics
Times Displayed: 19846
Times Visited: 370 Stay up to date with the latest training to fix, troubleshoot, and maintain your critical care devices. GE HealthCare offers multiple training formats to empower teams and expand knowledge, saving you time and money
Risk framework
Adopting a risk framework can provide the organization with proven practices and processes and enables continued focus on the cybersecurity challenge. The National Institute of Standards and Technology (NIST) has developed a cybersecurity framework which integrates proven cybersecurity practices and provides assessment mechanisms that can be useful as organizations begin to take up the cybersecurity challenge. In addition, the continued evolution of the NIST framework means that organizations can mature their processes and infrastructure over time. The business processes below, outlined in the framework core, define an evergreen infrastructure that can form the foundation of an effective cybersecurity program.
Identify
Develop the institutional understanding to manage cybersecurity risk. This is the scoping phase of the implementation project, and it is sometimes beneficial to narrow the initial focus and then expand as the organizational adoption process matures.
Protect
Develop and implement appropriate safeguards. This involves assessing the assets identified in the first step for vulnerabilities and documenting mitigation controls. The three main categories of safeguards are administrative, technical and physical and utilizing this classification structure can help ensure thorough coverage.
Detect
Develop and implement appropriate activities to detect the occurrence of a cybersecurity event. Put controls in place to enable reviews of critical processes in order to enable detection. Effective strategies must protect medical devices
Respond
Develop and implement appropriate processes and policies to enable a response to a cybersecurity event. For most organizations, the response details are outlined in an Incident Response Plan, discussed in more detail in the section below.
