Access your Pro+ Content below.
Industries seek to improve third-party security risk controls
This article is part of the Information Security issue of October 2018, Vol. 20, No. 5
CISOs are making strides in some industries to drive support for a common set of information security requirements to help manage third-party security risk. Taylor Lehmann, CISO of Wellforce, the parent organization of Tufts Medical Center, and Omar Khawaja, CISO of Alleghany Health Network and Highmark Health, joined forces with security leaders from the healthcare industry to create the Provider Third-Party Risk Management Council. Announced in August, the council is working with the Health Information Trust Alliance (HITRUST) to develop industrywide best practices for managing third-party security risk associated with supply chain vendors and their information security-related systems. The goal is to create and adopt a common third-party assessment and certification process for healthcare industry providers and their vendors -- companies that have to spend considerable time and money attempting to meet the information security requirements of different hospitals and health plans. The founding members of the healthcare ...
Features in this issue
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.
Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties.
News in this issue
Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.
Columns in this issue
A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.
Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.