Governance & Risk Management , IT Risk Management

A CISO Lists Top Governance Challenges

Afzal Bashir on Avoiding Mistakes in Security Risk Management
A CISO Lists Top Governance Challenges
Afzal Bashir, CISO, Versatile Inc.

What are some of the toughest information security governance challenges healthcare organizations face? CISO Afzal Bashir discusses key insights based on his experience.

Gaining buy-in from senior executives and ensuring that all business areas are adhering to the information security goals are two of the most common challenges, says Bashir, a former information security leader at Steward Health Care who now serves as CISO at IT solutions provider Versatile Inc., where he works with healthcare clients.

Another governance challenge is making sure security technologies don't impede patient care workflows, Bashir explains in an interview with Information Security Group.

"Clinicians are focused on providing care to their patients and not on the technologies, and so the technologies must be easy to use in providing effective care," he notes. "There's a balance between technology and care objectives - and technology adoption is slow if not properly implemented."

Bashir also says: "Risk management is also lacking in organizations - not only in the business but in IT as well." Business units within healthcare organizations often fail to recognize the importance of engaging the IT team early in any initiative, he says.

Too many healthcare organizations have gaps in their security governance policies and procedures, Bashir adds. "What the policies note often does not translate to operational procedures," he says.

In the interview (see audio link below photo), Bashir also discusses:

  • Challenges involving secure health information exchange;
  • Top cybersecurity issues in the healthcare sector;
  • His CISO role at a technology vendor vs. his previous role as a top security leader at a healthcare entity.

Bashir is CISO for IT solutions provider Versatile Inc. He previously was director of information security and risk management at Dallas-based integrated healthcare system, Steward Health Care. Prior to that, he held IT management positions for Dunkin' Brands.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.