Latest News

Cyber: A Healthcare Must Have

How to Build a Cost Effective and Profitable Cyber Capability

Suzanne E. Kecmer Digisol, Inc Digisolinc.com skecmer@gmail.com

There are a lot of valid reasons not to invest in a cyber security capability — for example, it is completely foreign to core expertise, the return on investment does not seem to justify the expense, attracting high quality talent is difficult and retention is almost impossible, and no matter what you do the defenses you deploy on your network will ultimately not be viable in the long run as attackers become more sophisticated.

On the other hand, a step up in federal and industry regulations, increased consumer awareness, and dramatic losses of intellectual property threatening inherent company value is making it almost impossible for Executives and Board members to look the other way.

This essay proposes some perspective on how to stand up a cost effective and profitable (yes,profitable) cyber capability to best match your enterprise needs and yet, balances the very credible concerns outlined above.

Hiring a Chief Information Security Officer (CISO) Is Not Your Only Silver Bullet

If your organization can afford it, establishing an internal Center of Excellence organized around a professional information security practice is a positive first step. If funding is limited, adherence to the SANS 20 Critical Controls and NIST Cybersecurity Framework is a good start.

However, there are three commonly overlooked capability areas that are just as vital independent of your Company’s investment profile:

  • Expand the scope of consideration—broaden the traditional definition of cyber security to establish a more

  • Prepare for the threat after next by evaluating your security needs through the lens of a projected threat environment. Also, consider the evolving complexity of regulations that are migrating toward an environment where certification that your solution is virus and malware free is becoming a reality.

  • Consider the entire ecosystem in which your Company and its solutions exist. You must have visibility into how your internal and external systems are connected across the enterprise. In doing so, it is critical to take into consideration the impact of distributed attacks across firmware, software, and hardware when considering your organization from this perspective. From here, you will be able to determine the highest value assets that initially need to be protected— aka your “crown jewels”.

  • Evaluate critical make/buy decisions. When you have prioritized your security needs (beginning by initially protecting the “crown jewels”), consider all sourcing possibilities. Given the changing pace of technologies and threat environments, partnering and subcontracting key security needs makes good sense. And, may be a more flexible and economical approach.

  • Adopt best technology practices. Lean on subcontracted technology providers that ake security a priority. Look for trusted foundries and those that have made investments in organic and non-organic security capability, as these will result in likely longer lasting partnerships.

  • Develop gap capability. As a last resort,invest either organically or inorganically (i.e. acquire) in capability specific to your solution that is not available on the open market. Repeat, this should be a last resort option.proactive stance. Effective cyber security is more than just preparing networkdefenses. The mind of the attacker needs to be evaluated—i.e. how would a bad actor assess your network architecture? How would they go about attacking the organization—including vectors such as company employees and stored data—where’s the low hanging fruit? Consider personnel, information technology and physical security aspects within a holistic approach. And, taken a step further, in evaluating defenses in conjunction with the above questions, what are the lessons learned? How can one then predict future threats off this baseline to evaluate how the organization would respond?

  • Look beyond corporate IT networks—think about impacts to live operations.Cyber security needs to be a priority concern throughout all the critical functional areas of your organization. For example, engineering and research/development networks, human resource networks, and financial systems are all vulnerable entry points into a Company.

  • Outreach to the offensive community to evaluate your product or service solution. The biggest lost opportunity Company’s commonly make is to only consider defensive measures. There is an entire private offensive community available for outreach. Performing vulnerability assessments by a third-party vendor on your product or service solution can be an invaluable exercise for validation and confidence building.

Where to Invest: First Look Inside

There are five critical “must-know” knowns you need to determine about your organization before considering investment:

Market a Must Have: Feature Cyber Security as a Selling Discriminator to Increase Your Return on Investment

The key to turning the internal investment made in developing a cyber capability into a profitable engagement is to use it as a selling discriminator. Some pitch cyber economics in terms of a loss analysis, but in fact by showcasing it as a discriminator can be far more compelling. Consider spreading the investment cost over multiple use cases that is also communicated to the marketplace:

  • Communicate the cyber advantages of this embedded capability within your solution beyond techno-speak. Showcase the tactical and strategic value in a way that consumers can easily understand. Finding the appropriate metrics are key here.

  • Your supply chain is a major vulnerability. Instead of considering it an Achilles heel, use it as an opportunity to partner with your industry peers, jointly invest to harden your integrated solutions (thereby lowering your own costs) and use it as a joint selling feature.

  • Training your employees and staying current on security requirements and the threat environment is a constant expense. Instead, use training as a revenue opportunity by engaging your customers, partners and regulators in an opportunity to exercise and educate your advanced solutions. This may also lead to driving next generation security requirements and putting your organization ahead of the curve.

  • Adopt a services model for your solution to achieve higher operating margins.Even if you are a hardware provider—your medical device is no longer static...in some fashion, it is connected to the internet and has the potential to be updated for today‘s and tomorrow’s

Top 25 Worst Passwords of 2016

1. 123456 2. password 3. 12345 4. 12345678 5. football 6. qwerty 7. 1234567890 8. 1234567 9. princess 10.1234 11.login 12.welcome 13.solo 14. abc123 15. admin 16.121212 17.flower 18.passw0rd 19.dragon 20.sunshine 21.master 22.hottie 23.loveme 24.zaq1zaq1 25.password1

Our Partners


Are You Ready to Join Us in Driving Innovation in Healthcare?

SoPE

20 North Main Street, 2nd Floor |
South Norwalk, CT 06854

info@sopenet.org

 
Buy Cleocin OnlineBuy Keflex OnlineBuy Trental OnlineBuy Accutane OnlineBuy Lopressor OnlineBuy Amalaki OnlineBuy Arjuna OnlineBuy Zyloprim OnlineBuy Tulasi OnlineBuy Diabecon OnlineBuy Levitra OnlineBuy Inderal OnlineBuy Speman OnlineBuy Aceon OnlineBuy Mobic OnlineBuy Celebrex OnlineBuy Chloromycetin OnlineBuy Topamax OnlineBuy Nolvadex OnlineBuy Sustiva OnlineBuy Lioresal OnlineBuy Uroxatral OnlineBuy Zoloft OnlineBuy Zithromax OnlineBuy Bactroban OnlineBuy Protonix OnlineBuy Evista OnlineBuy Guduchi OnlineBuy Vasotec OnlineBuy Desyrel OnlineBuy Motilium OnlineBuy Aggrenox OnlineBuy Paxil OnlineBuy Avapro OnlineBuy Famvir OnlineBuy Micronase OnlineBuy Trileptal OnlineBuy Trikatu OnlineBuy Norvasc OnlineBuy Stromectol OnlineBuy Voltaren OnlineBuy Zestoretic OnlineBuy Cordarone OnlineBuy Botox OnlineBuy Cenforce OnlineBuy Flomax OnlineBuy Vantin OnlineBuy Actos OnlineBuy Hyzaar OnlineBuy Glucotrol OnlineBuy Clomid OnlineBuy Zebeta OnlineBuy Moduretic OnlineBuy Amaryl OnlineBuy Copegus OnlineBuy Antabuse OnlineBuy Imodium OnlineBuy Levaquin OnlineBuy Artane OnlineBuy Motrin OnlineBuy Cefixime OnlineBuy Cymbalta OnlineBuy Imitrex OnlineBuy Eldepryl OnlineBuy Luvox OnlineBuy Floxin OnlineBuy Rulide OnlineBuy Neem OnlineBuy Avelox OnlineBuy Duricef OnlineBuy Requip OnlineBuy Minipress OnlineBuy Detrol OnlineBuy Prandin OnlineBuy Asacol OnlineBuy Kapikachhu OnlineBuy Albenza OnlineBuy Prednisone OnlineBuy Vigorelle OnlineBuy Mysoline OnlineBuy Periactin OnlineBuy Atarax OnlineBuy Reglan OnlineBuy Microzide OnlineBuy Propecia OnlineBuy Ayurslim OnlineBuy Zofran OnlineBuy Kemadrin OnlineBuy Vrikshamla OnlineBuy Zocor OnlineBuy Allegra OnlineBuy Paracetamol OnlineBuy Exelon OnlineBuy Glucovance OnlineBuy Hytrin OnlineBuy Nizoral OnlineBuy Combivir OnlineBuy Epivir OnlineBuy Sinemet OnlineBuy Diovan OnlineBuy Nexium OnlineBuy Fliban OnlineBuy Tegretol OnlineBuy Urispas OnlineBuy Lexapro OnlineBuy Abilify OnlineBuy Neurontin OnlineBuy Pamelor OnlineBuy Betnovate OnlineBuy Evecare OnlineBuy Lanoxin OnlineBuy Lopid OnlineBuy Coreg OnlineBuy Zyrtec OnlineBuy Karela OnlineBuy Micardis OnlineBuy Ventolin OnlineBuy Cialis OnlineBuy Plavix OnlineBuy Cipro OnlineBuy Haridra OnlineBuy Myambutol OnlineBuy Coumadin OnlineBuy Feldene OnlineBuy Grifulvin OnlineBuy Celexa OnlineBuy Sumycin OnlineBuy Himplasia OnlineBuy Symmetrel OnlineBuy Cozaar OnlineBuy Amoxil OnlineBuy Menosan OnlineBuy Elavil OnlineBuy Provestra OnlineBuy Retrovir OnlineBuy Singulair OnlineBuy Tofranil OnlineBuy Augmentin OnlineBuy Risperdal OnlineBuy Azulfidine OnlineBuy Shatavari OnlineBuy Cardura OnlineBuy Sinequan OnlineBuy Flagyl OnlineBuy Lasix OnlineBuy Lasuna OnlineBuy Lozol OnlineBuy Biaxin OnlineBuy Zovirax OnlineBuy Viagra OnlineBuy Duphaston OnlineBuy Diflucan OnlineBuy Janya OnlineBuy Terramycin OnlineBuy Punarnava OnlineBuy Aldactone OnlineBuy Zetia OnlineBuy Sporanox OnlineBuy Priligy OnlineBuy Benicar OnlineBuy Tenoretic OnlineBuy Serevent OnlineBuy Bactrim OnlineBuy Adalat OnlineBuy Depakote OnlineBuy Bystolic OnlineBuy Arava OnlineBuy Flonase OnlineBuy Ceftin OnlineBuy Metaglip OnlineBuy Arcoxia OnlineBuy Prevacid OnlineBuy Diamox OnlineBuy Indocin OnlineBuy Manjishtha OnlineBuy Aricept OnlineBuy Astelin OnlineBuy Casodex OnlineBuy Shallaki OnlineBuy Effexor OnlineBuy Alesse OnlineBuy Crestor OnlineBuy Seroquel OnlineBuy Cytoxan OnlineBuy Persantine OnlineBuy Tricor OnlineBuy Altace OnlineBuy Omnicef OnlineBuy Aciphex OnlineBuy Shigru OnlineBuy Lamictal OnlineBuy Valtrex OnlineBuy Imdur OnlineBuy Vasaka OnlineBuy Ziac OnlineBuy Megaslim OnlineBuy Avalide OnlineBuy Rebetol OnlineBuy Vermox OnlineBuy Zantac OnlineBuy Avodart OnlineBuy Mestinon OnlineBuy Buspar OnlineBuy Triphala OnlineBuy Lipitor OnlineBuy Glucophage OnlineBuy Parlodel OnlineBuy Noroxin OnlineBuy Geodon OnlineBuy Zanaflex OnlineBuy Claritin OnlineBuy Calan OnlineBuy Anafranil OnlineBuy Precose OnlineBuy Xenical OnlineBuy Vigrx OnlineBuy Strattera OnlineBuy Ponstel OnlineBuy Alprostadil OnlineBuy Prograf OnlineBuy Oxytrol OnlineBuy Deltasone OnlineBuy Naprosyn OnlineBuy Suprax OnlineBuy Prilosec OnlineBuy Brahmi Online