Mar 20, 2018
In this podcast, healthcare system CISO, Keith Henkell, shares
his approach to key data security activities including Privileged
Access Management, OCR Audit Reponse and Security Metrics Tracking
techniques. Specific discussions center on strategies to
reduce privilege-related breaches from occurring such as the use of
multifactor authentication and reduction of local admin accounts.
Also, Keith provides tips for using security metrics to craft a
story for upper management including maturity score of your overall
program, coverage indicators from existing security tools and a
- 1:26 How to prevent privilege- related breaches
- 2:50 Change in culture around Multi-factor
- 4:19 Free/ Cheap Tools
- 5:36 Emerging Password Trends vs NIST
- 7:56 What about privileged accounts?
- 9:10 People need to remember so many passwords / changes… How
to remember? Tools?
- 11:35 Other solutions for additional protections? Worth it
- 14:08 Local admin accounts? Weaker links in the chain… how to
tackle this issue?
- 17:11 Discussion of admin account usage reports
- 17:50 Metrics around AV policies… any evolved philosophies
about what to track?
- 22:44 What are the top 3 things to put in front of the board or
- 24:36 Maturity score is dangerous, shows maybe you're "done"
does that mean no more investment?
- 27:49 Metrics to avoid communicating to decision makers?
- 01 Are there any process-oriented metrics to report?