One of the leading voices in health care information assurance thinks some in his industry are approaching information security the wrong way.
Mansur Hasib writes in a recent Information Week commentary that while healthcare organizations are hiring more Chief Information Security Officers (CISOs), bad management structure, insufficient resources and poor understanding of risks often doom these newly appointed security executives.
Hasib who earned a Doctor of Science (DSc) in information assurance and has 12 years experience as a CIO, was featured in a recent American News Report story about the importance of creating the right cyber security culture in an organization.
His latest commentary expands on the theme. This doesn’t surprise people he worked with at Capitol College in Laurel, Marylandhere he earned his doctorate.
“Mansur’s passion for understanding and recognizing the importance of people in designing an effective cybersecurity culture inspired his doctoral work,” said Dr. Helen Barker, Dean of Business and Information Services at Capitol College. “We are proud that he has become a leader in promoting good governance and proper risk management for organizations.”
Hasib conducted his own survey of healthcare organizations and discovered that about half the CIOs in his industry report to Chief Financial Officers and other executives, rather than the CEO.
“This structure is dangerous for both the organization and the CIO,” he said. “The CFO and other executives run IT and cyber security strategy, instead of the CIO.”
What else would he change?
Hasib strongly believes that cyber security shouldn’t be viewed as a separate component of the IT budget.
“If you look at it that way you are approaching it wrong,” he said. “Cyber security must be baked into the entire IT strategy”.
Hasib writes that it’s critical that company and organization leadership understand that a strong cyber security approach in information technology will drive the strategy for the entire organization because IT is the life blood of most organizations today.
There are highly qualified and strategic CISOs, who Hasib believes should be senior executives, not just reporting to one.
He also has some strong ideas about how IT budgets are spent.
“I used a risk balancing (of both positive and negative risks) approach to prioritize spending, frequently using a multi-year transparent vision,” he writes. “I empowered and trained all the people in my organization, ensuring they could use technology to make themselves more productive and innovative.”
He also implemented a governance framework that promoted what he called “a virtuous culture of innovation and safety”.
Hasib passionately urges other to follow his lead.
“This is what modern cyber security is and what a cyber security culture can achieve.”
Hasib’s dissertation at Capitol was about developing a cybersecurity culture in healthcare.
Obviously his work on that topic continues.
To achieve all that Hasib envisions, he believes will take an industry that understands that your Chief Information Security Officer is and should be treated as one of the senior leaders of the organization.
(0) Readers Comments
November 12, 2012
October 21, 2015
October 08, 2012
September 12, 2012
Wow! This could be one particular of the more helpful blogs I've acros
Thank you so much for the great article, it was fluent and to the poin
Having been a customer of the enterprise marketing automation systems
I writing them up in Assignments first and then I update the blog and
In July of 2015, it was discovered that I had type 2 diabetes. By the