There are many disparate factions at an Academic Medical Center trying to accomplish their own focused goals. Cybersecurity as an enterprise function horizontally crosses all and impacts all factions, but isn’t always positioned to understand constraints controls may introduce. This can result in control circumvention, animosity for the information security office, and barriers to successful rollouts of new controls.
Over the last two years, MUSC has implemented the “Information Security Forum” (ISF). This monthly enterprise-wide, inter-disciplinary forum provides a collaborative environment to engage the entire community and understand multiple perspectives. This has resulted in higher alignment of enterprise controls, tailored controls that properly reduce risk, and ‘ownership of information security’ by individuals in the enterprise that are not on the information security team . This has had major value, impact, and costs the organization a box of bagels a month.
This talk will share the approach to successfully launch your own ISF, lessons learned from MUSC’s two years of experience, and how you can leverage your ISF to reduce cyber risk at your AMC.