Simply meeting the current requirements to safeguard sensitive information is taxing most organizations and especially healthcare entities.  As more and more data is coming online with new applications storing it on new geographically dispersed media and large numbers of distributed access / end points, privacy, security and compliance teams are being heavily taxed to safeguard this information.  The two key challenges for organizations, then, are to bridge two gaps: 1) the communication gap between privacy, security, compliance and information risk management teams and the board and executives so that informed resource discussions can take place; and, 2) the gap between the current state of tactical, technical spot-welding and establishing and maturing a more strategic, business-oriented and architectural approach. This session is designed to help CEs and BAs understand and act on the importance of maturing an information risk management program.

---

Learning Objectives:

• Discuss practical, tangible actions that your organization can take to establish, implement and mature its information risk management program
• Explain the concepts of maturity models in general and an information risk management maturity model in particular
• Analyze your current level of information risk management maturity through an online self-assessment

Bob Chaput, CISSP, HCISPP, CRISC, CIPP/US, CEO, Clearwater Compliance LLC