Course Description

There are many disparate factions at an Academic Medical Center trying to accomplish their own focused goals. Cybersecurity as an enterprise function horizontally crosses all and impacts all factions, but isn’t always positioned to understand constraints controls may introduce. This can result in control circumvention, animosity for the information security office, and barriers to successful rollouts of new controls.

Over the last two years, MUSC has implemented the “Information Security Forum” (ISF). This monthly enterprise-wide, inter-disciplinary forum provides a collaborative environment to engage the entire community and understand multiple perspectives. This has resulted in higher alignment of enterprise controls, tailored controls that properly reduce risk, and ‘ownership of information security’ by individuals in the enterprise that are not on the information security team . This has had major value, impact, and costs the organization a box of bagels a month.

This talk will share the approach to successfully launch your own ISF, lessons learned from MUSC’s two years of experience, and how you can leverage your ISF to reduce cyber risk at your AMC.

Course Curriculum

  • 1


    • Presentation


Information Security Architect, MUSC

Gerald Auger

Gerry is passionate about information security and believes there is an appropriate, tailored information security program for every organization. At the Medical University of South Carolina he’s responsible for setting the information security strategy and designing solutions to realize it. He holds a PhD in Cyber Operations.

Information Security Architect, MUSC

Matt Jones

Matt started in IT as an application developer and database administrator almost 20 years ago, but has spent the last 14 years in Information Security. He joined MUSC in 2012 as the second member of the Information Security team. He holds BS degrees in Business Management and Management Science from the University of South Carolina.