New National Risk Management Center to Help Combat Cybersecurity

August 24, 2018
7681 Views

Details forthcoming in new Department of Homeland Security initiative

Written by Carl Anderson, Chief Legal Officer & Senior Vice President of Governmental Affairs, HITRUST

Make no mistake, the federal government takes the threat of cybersecurity seriously. And so does industry.

During the recent Department of Homeland Security’s National Cybersecurity Summit, DHS Secretary Kirstjen Nielsen discussed the creation of the National Risk Management Center to help government and business focus on the systemic risk of cybersecurity.

She said new risk center “allows us to move beyond routine information sharing,” and will produce “policies, plans and playbooks” for the critical infrastructure that can be leveraged when identifying critical risks and managing them within an organization’s enterprise.

The summit, in New York on July 31, attracted key participants including corporate CEOs and trade association leaders, along with Energy Secretary Rick Perry, FBI Director Christopher Wray and other senior federal officials. It was encouraging to hear them focus on the ongoing and cross-sector and industry-government collaborations around risk management to better enable and leverage forces to protect critical infrastructure.

But the most interesting news for me was the new Nation Risk Management Center. Clearly, more details are forthcoming about the center’s work but during the panel I was asked to participate on, we discussed the many ways industry analyzes systemic risk to its sector as well as its own organizations. As you may appreciate, HITRUST has a global view of the healthcare sector through our work with a broad swathe of industry organizations and with agencies, as well as our work as an Information Sharing and Analysis Organization (ISAO) and support for threat intelligence and management.

During my session, I discussed how HITRUST focuses on the health and resiliency of the subcomponents that make up the complex system of healthcare as well as systems in other critical infrastructure sectors. While identifying and prioritizing systemic risk is quite difficult given an ever-changing landscape, HITRUST helps organizations and industry mitigate systemic risk via a “wellness” approach that focuses on the specification and implementation of a comprehensive and prescriptive suite of preventative cybersecurity measures as well as response and recovery measures when prevention is not successful.

At the end of the day, we all left the summit appreciating the roles – and collaboration – government and industry share combating cybersecurity.

Share this with your friends...Share on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

You may be interested

“Using Work of Others” Initiative from HITRUST Streamlines IT Security Control Assessments to Promote a Culture of Risk Management Collaboration
Compliance & Risk Management
shares134 views
Compliance & Risk Management
shares134 views

“Using Work of Others” Initiative from HITRUST Streamlines IT Security Control Assessments to Promote a Culture of Risk Management Collaboration

Lacy Deatrich - Sep 11, 2019

By Jeremy Huval, Vice President, Compliance & Internal Audit Completing HITRUST CSF Assessments will now require less time and fewer…

HITRUST® Submits Application to be an Accountability Agent for APEC Certification
Privacy
shares265 views
Privacy
shares265 views

HITRUST® Submits Application to be an Accountability Agent for APEC Certification

Lacy Deatrich - Aug 14, 2019

By Anne Kimbol, Chief Privacy Officer, HITRUST HITRUST has submitted its application to be recognized as an Accountability Agent under…

HITRUST Shared Responsibility Program Helps Organizations and Cloud Service Providers Collaborate to Protect Data in the Cloud
Compliance & Risk Management
shares115 views
Compliance & Risk Management
shares115 views

HITRUST Shared Responsibility Program Helps Organizations and Cloud Service Providers Collaborate to Protect Data in the Cloud

Lacy Deatrich - Jul 08, 2019

By Becky Swain, Director, Standards Development Your cloud provider is certified to comply with all the major regulations for protecting…