Health-ISAC Framework for CISOs to Manage Identity

Outlines a comprehensive Framework that health CISOs can use to architect, build and deploy a modern identity system that will protect against modern attacks and also support key business drivers.

Our first paper “Identity for the CISO Not Yet Paying Attention to Identity” detailed why healthcare CISOs need to embrace an identity-centric approach to cybersecurity – including where and how to get started. If you’ve read it, perhaps you’ve been convinced that identity should be a priority. But what does that mean, and how should you get started? This paper was written to address those questions. It outlines a comprehensive Framework that health CISOs can use to architect, build and deploy a modern identity system that will protect against modern attacks and also support key business drivers.

You already use some Identity and Access Management (IAM) tools today.

Authentication, provisioning, authorization, and access control – these are all important technologies on their own. When treated as point solutions and deployed in isolation, they fail to deliver a holistic approach to identity that can protect against identity-centric attacks. Identity is not just about internal workforce; it’s about an organization’s entire ecosystem including customers and external partners. CISOs should use an identity-centric approach to cybersecurity. Identity should be owned and operated by an organizational function motivated by risk (e.g., the CISO), not one motivated by service levels and speed (e.g., the Service Desk or HR).

Identity Framework

When integrated as part of a more holistic Framework, however, these solutions and others enable an enterprise to manage the full identity lifecycle of employees, practitioners, patients, and business partners in a way that guards against common attacks on identity, materially lowers risk, and increases operational efficiencies. The Identity Framework in this whitepaper details the different components needed for a modern identity-centric approach to cybersecurity, and outlines how these different components should integrate and inter-relate to secure the enterprise.

An H ISAC Framework For CISOs To Manage Identity April 2020
Size : 8.4 MB Format : PDF

• Related Resources & News
• Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
• New Cybersecurity Policies Could Protect Patient Health Data
• CyberWire Podcast: PHP flaw sparks global attack wave
• Health-ISAC Hacking Healthcare 3-14-2025
• HSCC Aiming to Identify Healthcare Workflow Chokepoints
• New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
• Are Efforts to Help Secure Rural Hospitals Doing Any Good?
• CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
• 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
• Cobalt Strike takedown effort cuts cracked versions by 80%