Category Archives: automation

What is the Trusted Exchange Framework?

On January 5, 2018, the Office of the National Coordinator for Health Information Technology released the “Draft Trusted Exchange Framework.” Per ONC’s website, the framework:

outlines a common set of principles for trusted exchange and minimum terms and conditions for trusted exchange. This is designed to bridge the gap between providers’ and patients’ information systems and enable interoperability across disparate health information networks (HINs).

The framework was a response to Congress.

In the 21st Century Cures Act (Cures Act), Congress identified the importance of interoperability and set out a path for the interoperable exchange of Electronic Health Information. Specifically, Congress directed ONC to “develop or support a trusted exchange framework, including a common agreement among health information networks nationally

Marianne Kolbasuk McGee at www.healthcareinfosecurity.com provides a good analysis here, including security components that go beyond HIPAA requirements. I will review the draft proposal and provide comments.

The Takeways

Review draft trust exchange framework, provide feedback to the ONC and alert your partners in compliance, legal, privacy and InfoSec GRC about this new framework.

What are some emerging trends in cybersecurity?

Leave a reply

I read an interesting blog post on ten cyber security trends for organizations to consider. Please read the entire blog posting here. Below (copied directly from blog post) are the potential trends that I find the most interesting and accurate.

A new model of cyber security will emerge
As firms invest more in cloud computing, a new model for cyber security is emerging. Increasingly, firms can look to cloud providers to embed good IT security, but firms still own the problem of setting their requirements and determining just who can access what. The shift towards DevOps and agile development build on these more flexible infrastructures, but also demand new ways of embedding security into the development lifecycle and an equally agile test regime. Security can no longer engage at the end of development cycles and, if it does, it risks being seen as a blocker rather than an enabler.

Automation of controls and compliance will be the order of the day
Firms are coming under pressure to contain their burgeoning cyber security budgets. Manpower-intensive compliance processes are beginning to give way to continuous testing and controls monitoring, helping firms build a more accurate picture of their IT estate – helping the CIO as well as the CISO. The growing demand for supply chain security and third party assurance will also lead to a burgeoning industry of testing firms offering risk scoring and testing services for those third parties.

Digital channels will demand customer centric security
Digital channels are becoming more and more sophisticated, demanding new consumer identity and access management approaches, dynamic transaction risk scoring and fraud controls, and an emphasis on usable non-intrusive security measures which don’t impact the consumer’s experience. Open Banking and the arrival of Payment Services Directive 2 will drive richer interactions between a new ecosystem of payment service providers and the banks who handle our money. A new world of open API is on the horizon, but concerns over criminal exploitation of these rich interfaces abound.

Resilience and speed matters
Regulators are focusing on resilience – the ability of an organization to anticipate, absorb and adapt to disruptive events – whether cyber-attack, technology failure, physical events or collapse of a key supplier. Exercises and playbooks are in fashion as firms try to build the muscle memory they need to respond to a cyber-attack quickly and confidently, while cyber insurance is finding its place not just as a means of cost reimbursement but as a channel for access to specialist support in a crisis.

The Takeaways

Review and discuss above trends and adjust any strategy as appropriate for your organization

What are the next steps for cybersecurity?

Leave a reply

COO (#focus16 #P_barnabe) of Atos is delivering a keynote that aligns with the message of collaboration. The next steps of cyber security according to Atos needs these elements:

The Takeways

Ensure cyber security roadmap and / or approach utilize predictive, automation, orchestration and supercomputing technologies

What is the Open Data Exchange Layer?

Leave a reply

I am at Mcafee Focus 16 (#focus16). I decided to come despite missing out on the CxO track.

The opening video talked about the need to collaborate and work together. Standing alone won’t work. “Together is Power!”

Chris Young announced Open Data Exchange Layer. I have been waiting for this for last 2 years. He has thrown down the gauntlet to their competitors. Are you listening, Cisco, Symantec, Microsoft and Palo Alto Networks?

Chris Young also mentioned automation, integration and orchestration. Nice. Another key element is using the cloud as part of our cybersecurity efforts; it expands and contracts with the individual and company’s needs. It is always available regardless of where the person is physically or virtually.
The Takeways

Take a closer at ODXL. Is it real?
Invite your current security product suppliers to add ODXL to their roadmaps
Keep McAffee accountable to this “Together is Power” vision. Ask them to prove and deliver it!
Ask Mcaffee to add other open standards, like SACM, to their products