Mar 20, 2018
In this podcast, healthcare system CISO, Keith Henkell, shares his approach to key data security activities including Privileged Access Management, OCR Audit Reponse and Security Metrics Tracking techniques. Specific discussions center on strategies to reduce privilege-related breaches from occurring such as the use of multifactor authentication and reduction of local admin accounts. Also, Keith provides tips for using security metrics to craft a story for upper management including maturity score of your overall program, coverage indicators from existing security tools and a risk register.
Show Notes
- Introduction
- 1:26 How to prevent privilege- related breaches
- 2:50 Change in culture around Multi-factor
- 4:19 Free/ Cheap Tools
- 5:36 Emerging Password Trends vs NIST
- 7:56 What about privileged accounts?
- 9:10 People need to remember so many passwords / changes… How to remember? Tools?
- 11:35 Other solutions for additional protections? Worth it price-wise?
- 14:08 Local admin accounts? Weaker links in the chain… how to tackle this issue?
- 17:11 Discussion of admin account usage reports
- 17:50 Metrics around AV policies… any evolved philosophies about what to track?
- 22:44 What are the top 3 things to put in front of the board or c-level?
- 24:36 Maturity score is dangerous, shows maybe you're "done" does that mean no more investment?
- 27:49 Metrics to avoid communicating to decision makers?
- 01 Are there any process-oriented metrics to report?