Cloud Security , Governance & Risk Management , Healthcare
A CISO Offers Tips on IT ResiliencyAnahi Santiago of ChristianaCare on Maximizing Value
With healthcare being the frequent target of ransomware assaults and other cyberattacks, CISOs must devise ways to improve their organizations' IT resiliency while maximizing value, says Anahi Santiago, CISO at ChristianaCare, a Wilmington, Delaware-based healthcare system.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
"When we talk about cyber resiliency, we're not just talking about sound security controls, but our ability to operate in the face of adversity," she says in a video interview with Information Security Media Group.
To help maximize the value of security investments and resources, Santiago suggests healthcare entities take steps to reduce technology complexity "while maintaining the right level of security."
For instance, Santiago's organization over the last two years has been fine-tuning its portfolio of security tools, reducing the number of overlapping or duplicative solutions used for a particular layer of the security stack when there are integrated platforms that can be leveraged instead.
ChristianaCare has consolidated platforms in areas including data loss prevention and web security gateways, says Santiago, who is a speaker at the Healthcare Information and Management Systems Society 2021 conference in Las Vegas this week.
Making such moves enables the organization to ensure "that our operational analysts aren't having to manage multiple platforms, which creates more work and complexity than necessary."
In the video interview, Santiago also discusses:
- Top worries about the surge of ransomware attacks;
- Identity and access management challenges involving remote users, cloud computing, patients and the pandemic;
- Complying with the information blocking rule in the Department of Health and Human Services' 21st Century Cures Act.
As ChristianaCare's CISO, Santiago provides strategic direction and oversight for a comprehensive security program, policy development, standards and controls implementation, training and awareness, regular risk assessment and mitigation, and partnerships with internal and external auditors. Previously, she served in a similar role at Albert Einstein Healthcare Network.