Just published on Healthcare Innovation, Where Cybersecurity and Business Align: One CISO’s High-Level Perspective, profiles CISO Omar Khawaja’s success at introducing FAIR to Highmark Health, a leading healthcare delivery and insurance organization.
Hear Omar speak on Defining the Goals of an Effective Risk Management Program at the FAIR Conference in September.
The article details how Omar landed on FAIR as the solution for his quest to develop a “risk-based culture rather than a [security technologies] installation-focused culture.” He eventually made it a requirement that every director and manager in the security organization get FAIR-certified “so everyone spoke a common language.”
Omar sees FAIR as the antidote to endemic pessimism in the cybersecurity profession. The cliche is that “you cannot measure ROI on security but…that’s a pessimistic viewpoint, and in reality, there is significant value in trying to quantify cyber risk…It takes time for people to be willing to stand up to those truisms.”
With a quantitative, financial approach, his team is “able to make that case [for increased cybersecurity resources] and tie it back to patient care — which is the ultimate business outcome that hospitals exist to deliver”.
Omar’s prediction, as reported by Healthcare Innovation: “He would be shocked if in five years” the number of hospitals using FAIR “isn’t closer to 40 to 50 percent.”
Read the complete article, Where Cybersecurity and Business Align: One CISO’s High-Level Perspective.