KEMBAR78
It’s not if but when 20160503 | PPTX
Barry Caplin, profile picture
Uploaded byBarry Caplin
PPTX, PDF244 views

It’s not if but when 20160503

The document discusses the role and challenges faced by Chief Information Security Officers (CISOs) in healthcare settings, highlighting the increasing threat of ransomware and the need for robust incident management strategies. It emphasizes the inevitability of cyberattacks, the importance of proactive and reactive responses, and the necessity of leadership and communication across various stakeholders. Key elements include understanding risks, preparing response plans, and practicing incident management to mitigate potential impacts.

Technology
Related topics:
Incident Management
Download to read offline
IT’S NOT IF… BUT WHEN CISO Assembly, Dallas, TX bcaplin1@fairview.org bc@bjb.org @bcaplin http://about.me/barrycaplin http://securityandcoffee.blogspot.com Barry Caplin Chief Information Security Official Fairview Health Services
@bcaplin http://about.me/barrycaplin securityandcoffee.blogspot.com
o Not-for-profit established in 1906 o Academic Health System since 1997 partnership with University of Minnesota o >22K employees o >3,300 aligned physicians o Employed, faculty, independent o 7 hospitals/medical centers (>2,500 staffed beds) o 40-plus primary care clinics o 55-plus specialty clinics o 47 senior housing locations o 30-plus retail pharmacies 2014 volumes o 6.39M outpatient encounters o 1.4M clinic visits o 71,049 inpatient admissions o 76,595 surgeries o 9,298 births o 282 blood and marrow transplants o 340 organ transplants o >$4 billion total revenue
got breach? got job?
2015 – Year of the Breach 2014 – Year of the Breach 2013 – Year of the Breach 2016 – Availability? Integrity?
BOARD REPORTING EXAMPLE • Ransomware first appeared in 1989; large growth since 2013 • 2016 Hollywood Presbyterian – first publicized healthcare org to pay • $17K ransom paid • Systems down for over 1 week – ER, OR, imaging, lab, pharmacy • MedStar, MD – 10 hospital network • $3+ days of outages – 4 ERs, all inpatient shut down • 4/7/16, all systems back up • Most attacks are through email attachment or link based • Systems must be taken down to stop spread
BOARD REPORTING EXAMPLE • Estimated >$325M paid in ransoms in 2015 • Some variants charge $100-$500 per workstation • Some are “flat fee” • Often the cost of downtime and recovery is more than the ransom • It’s not “if”, but “when” an attack will happen • There is no “prevention” – Each attack is new and unique • There are “proactive/prevent” responses, and “detect/remediate” approaches • We do pursue both
•Can we prevent? •It’s not If, but When •Is Incident Management the key part of our job? •How we respond makes a difference
•How to start: •Figure out where your “stuff” is •Figure out the risks to your “stuff” •Figure out how you will react if that risk manifests •Write it down – Playbooks •Practice •Know what’s normal - Monitor Incident Response
CISO’s Role •Leadership •Communication – Internal/External • Staff/Exec/Board • Law Enforcement • External Counsel • Media • Regulatory
CISO’s Role •Incident Response/Forensics • Outsource? • Pre-pay? • Retainer? •Cyber Insurance – What is covered? How does it pay? •Tabletop – Exec Breach exercise
Discussion Questions •Can you “defend” you architecture/tech choices? •Can you detect problems, attacks and IoC’s against your enterprise? •Do you have response plans? Have you exercised them? •Do you have communication plans? Have you exercised them? •Does your C-suite have your back? Why?

More Related Content

PPTX
INFORMATION SECURITY
byAhmed Moussa
 
PDF
TAGLaw and Lawyers from Around the World Support Ebola Relief Efforts of Doct...
byTAG Alliances
 
PPTX
It’s not If but When 20160503
byBarry Caplin
 
PPT
Security Lifecycle Management
byBarry Caplin
 
PPTX
Dreaded Embedded sec360 5-17-16
byBarry Caplin
 
PPTX
CISOs are from Mars, CIOs are from Venus
byBarry Caplin
 
PPTX
Information Security and the SDLC
byBDPA Charlotte - Information Technology Thought Leaders
 
PPT
Wearing Your Heart On Your Sleeve - Literally!
byBarry Caplin
 
INFORMATION SECURITY
byAhmed Moussa
 
TAGLaw and Lawyers from Around the World Support Ebola Relief Efforts of Doct...
byTAG Alliances
 
It’s not If but When 20160503
byBarry Caplin
 
Security Lifecycle Management
byBarry Caplin
 
Dreaded Embedded sec360 5-17-16
byBarry Caplin
 
CISOs are from Mars, CIOs are from Venus
byBarry Caplin
 
Information Security and the SDLC
byBDPA Charlotte - Information Technology Thought Leaders
 
Wearing Your Heart On Your Sleeve - Literally!
byBarry Caplin
 

Similar to It’s not if but when 20160503

PPTX
2022 Rea & Associates' Cybersecurity Conference
byRea
 
PDF
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
byHealth IT Conference – iHT2
 
PDF
Security Program Guidance and Establishing a Culture of Security
byDoug Copley
 
PPTX
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
byDan Michaluk
 
PPTX
You Will Be Breached
byMike Saunders
 
PPTX
Cybersecurity: How Safe Is Your Organization?
byCBIZ, Inc.
 
PPT
Accidental Insider
byBarry Caplin
 
PPTX
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
byConnXus
 
PPT
cyber security incident exercises TTX .ppt
byZharfanHanif
 
PPTX
Enterprise security incident management
byzapp0
 
PDF
INCIDENT RESPONSE CONCEPTS
bySylvain Martinez
 
PDF
cybersecurity_alert_feb_12_2015
byPaul Ferrillo
 
PPTX
Enterprise incident response 2017
byzapp0
 
PPTX
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
byJack Shaffer
 
PPTX
IT Security and Management - Semi Finals by Mark John Lado
byMark John Lado, MIT
 
PDF
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
byCitrin Cooperman
 
PPTX
Cyber Security and Healthcare
byJonathon Coulter
 
PPTX
Cybersecurity - Sam Maccherola
byTechBiz Forense Digital
 
PPTX
Information+security rutgers(final)
byAmy Stowers
 
PDF
File000119
byDesmond Devendran
 
2022 Rea & Associates' Cybersecurity Conference
byRea
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
byHealth IT Conference – iHT2
 
Security Program Guidance and Establishing a Culture of Security
byDoug Copley
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
byDan Michaluk
 
You Will Be Breached
byMike Saunders
 
Cybersecurity: How Safe Is Your Organization?
byCBIZ, Inc.
 
Accidental Insider
byBarry Caplin
 
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
byConnXus
 
cyber security incident exercises TTX .ppt
byZharfanHanif
 
Enterprise security incident management
byzapp0
 
INCIDENT RESPONSE CONCEPTS
bySylvain Martinez
 
cybersecurity_alert_feb_12_2015
byPaul Ferrillo
 
Enterprise incident response 2017
byzapp0
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
byJack Shaffer
 
IT Security and Management - Semi Finals by Mark John Lado
byMark John Lado, MIT
 
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
byCitrin Cooperman
 
Cyber Security and Healthcare
byJonathon Coulter
 
Cybersecurity - Sam Maccherola
byTechBiz Forense Digital
 
Information+security rutgers(final)
byAmy Stowers
 
File000119
byDesmond Devendran
 

More from Barry Caplin

PPTX
Healing healthcare security
byBarry Caplin
 
PPTX
Online Self Defense - Passwords
byBarry Caplin
 
PPT
The CISO Guide – How Do You Spell CISO?
byBarry Caplin
 
PPT
Bullying and Cyberbullying
byBarry Caplin
 
PPT
3 factors of fail sec360 5-15-13
byBarry Caplin
 
PPT
Tech smart preschool parent 2 13
byBarry Caplin
 
PPT
Embracing the IT Consumerization Imperative NG Security
byBarry Caplin
 
PPT
Online Self Defense
byBarry Caplin
 
PPT
Embracing the IT Consumerization Imperitive
byBarry Caplin
 
PPT
Embracing the IT Consumerization Imperitive
byBarry Caplin
 
PPTX
Stuff my ciso says
byBarry Caplin
 
PPTX
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
byBarry Caplin
 
PPT
Toys in the office 11
byBarry Caplin
 
PPT
Teens 2.0 - Teens and Social Networks
byBarry Caplin
 
PPT
Laws of the Game For Valley United Soccer Club travel soccer refs
byBarry Caplin
 
PPT
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
byBarry Caplin
 
PPTX
How to be a Tech-Smart Parent
byBarry Caplin
 
PPT
Internet Safety for Families and Children
byBarry Caplin
 
PPT
Elements of an Information Security Awareness Program
byBarry Caplin
 
PPT
Risk Management 101
byBarry Caplin
 
Healing healthcare security
byBarry Caplin
 
Online Self Defense - Passwords
byBarry Caplin
 
The CISO Guide – How Do You Spell CISO?
byBarry Caplin
 
Bullying and Cyberbullying
byBarry Caplin
 
3 factors of fail sec360 5-15-13
byBarry Caplin
 
Tech smart preschool parent 2 13
byBarry Caplin
 
Embracing the IT Consumerization Imperative NG Security
byBarry Caplin
 
Online Self Defense
byBarry Caplin
 
Embracing the IT Consumerization Imperitive
byBarry Caplin
 
Embracing the IT Consumerization Imperitive
byBarry Caplin
 
Stuff my ciso says
byBarry Caplin
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
byBarry Caplin
 
Toys in the office 11
byBarry Caplin
 
Teens 2.0 - Teens and Social Networks
byBarry Caplin
 
Laws of the Game For Valley United Soccer Club travel soccer refs
byBarry Caplin
 
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
byBarry Caplin
 
How to be a Tech-Smart Parent
byBarry Caplin
 
Internet Safety for Families and Children
byBarry Caplin
 
Elements of an Information Security Awareness Program
byBarry Caplin
 
Risk Management 101
byBarry Caplin
 

Recently uploaded

PPTX
Hybrid Active Directory Cyber Resiliency
byFrancesco Faenzi
 
PDF
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
PDF
Planetek Italia Corporate Profile brochure
byPlanetek Italia Srl
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PPTX
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
PDF
Expert Python App Development Company for Modern Enterprises
bySynapseIndia
 
PDF
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
PDF
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
PDF
Agentic AI Guide for Enterprise Use-cases
byDebmalya Biswas
 
PPTX
BioVault.net ADW 2025 CODATA: SyftBox: a General Purpose Solution for Data Vi...
byMadhava Jay
 
PDF
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
PDF
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
PDF
UiPath DevConnect 2025: Introduction to Agentic Automation
byDianaGray10
 
PDF
KV Caching Strategies for Latency-Critical LLM Applications by John Thomson
byScyllaDB
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
PPTX
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
PDF
Unlock This Brilliant App Freezur That Builds Brainrot Videos That Captivate ...
bySOFTTECHHUB
 
PDF
Unlocking Full-Stack Observability for AIOps: A Precisely Ironstream for Big ...
byPrecisely
 
PDF
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
PDF
UnityNet Digital Sovereignty Checklist 2025-10-13
byLHelferty
 
Hybrid Active Directory Cyber Resiliency
byFrancesco Faenzi
 
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
Planetek Italia Corporate Profile brochure
byPlanetek Italia Srl
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
Expert Python App Development Company for Modern Enterprises
bySynapseIndia
 
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
Agentic AI Guide for Enterprise Use-cases
byDebmalya Biswas
 
BioVault.net ADW 2025 CODATA: SyftBox: a General Purpose Solution for Data Vi...
byMadhava Jay
 
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
UiPath DevConnect 2025: Introduction to Agentic Automation
byDianaGray10
 
KV Caching Strategies for Latency-Critical LLM Applications by John Thomson
byScyllaDB
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
Unlock This Brilliant App Freezur That Builds Brainrot Videos That Captivate ...
bySOFTTECHHUB
 
Unlocking Full-Stack Observability for AIOps: A Precisely Ironstream for Big ...
byPrecisely
 
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
UnityNet Digital Sovereignty Checklist 2025-10-13
byLHelferty
 

It’s not if but when 20160503

  • 1.
    IT’S NOT IF…BUT WHEN CISO Assembly, Dallas, TX bcaplin1@fairview.org bc@bjb.org @bcaplin http://about.me/barrycaplin http://securityandcoffee.blogspot.com Barry Caplin Chief Information Security Official Fairview Health Services
  • 2.
  • 3.
    o Not-for-profit establishedin 1906 o Academic Health System since 1997 partnership with University of Minnesota o >22K employees o >3,300 aligned physicians o Employed, faculty, independent o 7 hospitals/medical centers (>2,500 staffed beds) o 40-plus primary care clinics o 55-plus specialty clinics o 47 senior housing locations o 30-plus retail pharmacies 2014 volumes o 6.39M outpatient encounters o 1.4M clinic visits o 71,049 inpatient admissions o 76,595 surgeries o 9,298 births o 282 blood and marrow transplants o 340 organ transplants o >$4 billion total revenue
  • 4.
  • 5.
    2015 – Yearof the Breach 2014 – Year of the Breach 2013 – Year of the Breach 2016 – Availability? Integrity?
  • 6.
    BOARD REPORTING EXAMPLE •Ransomware first appeared in 1989; large growth since 2013 • 2016 Hollywood Presbyterian – first publicized healthcare org to pay • $17K ransom paid • Systems down for over 1 week – ER, OR, imaging, lab, pharmacy • MedStar, MD – 10 hospital network • $3+ days of outages – 4 ERs, all inpatient shut down • 4/7/16, all systems back up • Most attacks are through email attachment or link based • Systems must be taken down to stop spread
  • 7.
    BOARD REPORTING EXAMPLE •Estimated >$325M paid in ransoms in 2015 • Some variants charge $100-$500 per workstation • Some are “flat fee” • Often the cost of downtime and recovery is more than the ransom • It’s not “if”, but “when” an attack will happen • There is no “prevention” – Each attack is new and unique • There are “proactive/prevent” responses, and “detect/remediate” approaches • We do pursue both
  • 8.
    •Can we prevent? •It’snot If, but When •Is Incident Management the key part of our job? •How we respond makes a difference
  • 9.
    •How to start: •Figureout where your “stuff” is •Figure out the risks to your “stuff” •Figure out how you will react if that risk manifests •Write it down – Playbooks •Practice •Know what’s normal - Monitor Incident Response
  • 10.
    CISO’s Role •Leadership •Communication –Internal/External • Staff/Exec/Board • Law Enforcement • External Counsel • Media • Regulatory
  • 11.
    CISO’s Role •Incident Response/Forensics •Outsource? • Pre-pay? • Retainer? •Cyber Insurance – What is covered? How does it pay? •Tabletop – Exec Breach exercise
  • 12.
    Discussion Questions •Can you“defend” you architecture/tech choices? •Can you detect problems, attacks and IoC’s against your enterprise? •Do you have response plans? Have you exercised them? •Do you have communication plans? Have you exercised them? •Does your C-suite have your back? Why?

Editor's Notes

  • #3 Check out my about.me, with links to twitter feed and Security and Coffee blog.