PRO+ Premium Content/Information Security
Access your Pro+ Content below.
Industries seek to improve third-party security risk controls
This article is part of the Information Security issue of October 2018, Vol. 20, No. 5
CISOs are making strides in some industries to drive support for a common set of information security requirements to help manage third-party security risk. Taylor Lehmann, CISO of Wellforce, the parent organization of Tufts Medical Center, and Omar Khawaja, CISO of Alleghany Health Network and Highmark Health, joined forces with security leaders from the healthcare industry to create the Provider Third-Party Risk Management Council. Announced in August, the council is working with the Health Information Trust Alliance (HITRUST) to develop industrywide best practices for managing third-party security risk associated with supply chain vendors and their information security-related systems. The goal is to create and adopt a common third-party assessment and certification process for healthcare industry providers and their vendors -- companies that have to spend considerable time and money attempting to meet the information security requirements of different hospitals and health plans. The founding members of the healthcare ...
Features in this issue
-
Cloud-first? User and entity behavior analytics takes flight
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.
-
Beware of the gray hat hacker, survey warns
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.
News in this issue
-
Industries seek to improve third-party security risk controls
Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.
Columns in this issue
-
Kurt Huhn discusses the role of CISO in the Ocean State
A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.
-
White hat Dave Kennedy on purple teaming, penetration testing
Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.