Health-ISAC Framework for CISOs to Manage Identity

Outlines a comprehensive Framework that health CISOs can use to architect, build and deploy a modern identity system that will protect against modern attacks and also support key business drivers.
Our first paper “Identity for the CISO Not Yet Paying Attention to Identity” detailed why healthcare CISOs need to embrace an identity-centric approach to cybersecurity – including where and how to get started. If you’ve read it, perhaps you’ve been convinced that identity should be a priority. But what does that mean, and how should you get started? This paper was written to address those questions. It outlines a comprehensive Framework that health CISOs can use to architect, build and deploy a modern identity system that will protect against modern attacks and also support key business drivers.
You already use some Identity and Access Management (IAM) tools today.
Authentication, provisioning, authorization, and access control – these are all important technologies on their own. When treated as point solutions and deployed in isolation, they fail to deliver a holistic approach to identity that can protect against identity-centric attacks. Identity is not just about internal workforce; it’s about an organization’s entire ecosystem including customers and external partners. CISOs should use an identity-centric approach to cybersecurity. Identity should be owned and operated by an organizational function motivated by risk (e.g., the CISO), not one motivated by service levels and speed (e.g., the Service Desk or HR).
Identity Framework
When integrated as part of a more holistic Framework, however, these solutions and others enable an enterprise to manage the full identity lifecycle of employees, practitioners, patients, and business partners in a way that guards against common attacks on identity, materially lowers risk, and increases operational efficiencies. The Identity Framework in this whitepaper details the different components needed for a modern identity-centric approach to cybersecurity, and outlines how these different components should integrate and inter-relate to secure the enterprise.
An H ISAC Framework For CISOs To Manage Identity April 2020
Size : 8.4 MB Format : PDF
- Related Resources & News
- Health-ISAC whitepaper highlights cybersecurity responsibilities in medical device lifecycle, focuses on resilience
- Health-ISAC Hacking Healthcare 2-3-2025
- Exploring the Cybersecurity Roles of Manufacturers and Healthcare Organizations During the Medical Device Lifecycle
- Impacts of Proposed US Import Tariffs on the Global Health Sector
- NY Blood Center Attack Disrupts Suppliers in Several States
- 2025 Newsletter – February
- DeepSeek’s Security Risk Is A Critical Reminder For CIOs
- $6.4m to combat health sector cyber threat
- Threat Bulletin: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks
- EU Commission Calls for Health Sector ‘Cyber Action Plan’