MN HIMSS: Why Information Security and Privacy is Mission Critical
Minneapolis, MN
On January 13th, Jessica Albrecht attended the Minnesota HIMSS: “Why Information Security and Privacy is Mission Critical” webinar. The webinar was facilitated by the Minnesota HIMSS Chapter while Aaron Thomas, a Partner from Copeland Buhl, reviewed “Why Information Security and Privacy is Mission Critical”.
Information is everywhere and is accessed / lives on a multitude of different facets (mobile, smart devices, cloud, etc.). Information can also be accessed from anyplace at any time. It is critical that in today’s environment businesses manage the data that is entrusted to them, failing to do so, can result in damages to the organization through regulatory penalties, financial losses, and reputational damages. Aaron Buhl noted that if businesses manage their information security and privacy, this can minimize risk while increasing reliability, efficiency, and accountability.
Some key highlights that Aaron reviewed during the session are as follows:
- Delineation Between Privacy and Security
- Privacy Types (Information Type)
- Public: name, address, and phone
- Confidential: customer lists, internal policies, and trade secrets
- Private: SSN#, driver’s license #, and healthcare information
- Security is the Information Protection Plan
- Security involves the entire organization
- Information Protection Plan includes the following:
- Risk Assessments
- Policies
- Procedures
- Information Protection Plan includes the following:
- Security involves the entire organization
- Privacy Types (Information Type)
- Key Considerations
- Security is NOT IT. Security takes into consideration the following:
- Administrative: documentation, risk assessments, and organizational objectives
- Physical: physical assets and buildings
- IT: information life cycle management (cradle to grave), infrastructure, and implementation of procedures
- Security is NOT IT. Security takes into consideration the following:
- Steps to Build an Information Protection Plan
- Identify a leader / owner
- Select an industry framework such as HITRUST
- Establish a project plan with objects / goals
- Perform a risk assessment
- Act on the assessment by creating policies / procedures based on the framework the organization uses
- Implement and train
- Compliance audit, audit of the polices / procedures
- Update and adjust based on organizational and or regulatory changes.
To connect with a Trexin Advisor and learn how we can assist your organization with information security and privacy, click here:
