Working in healthcare technology is about as exciting as IT gets. Between the rapid evolution in healthcare technology and the increase in cyber threats, there has never been a sector with a greater need to balance effective governance with lean but agile delivery of new technologies.
You might have noticed that most of us now carry or wear devices capable of accurately measuring our physical activity, heart rate, blood oxygen levels and more. Most of us wear these for fun or to help promote a healthier lifestyle. However, have you ever stopped to consider the consequences if critical technologies in clinical environments were not functioning or became unavailable when they were needed?
Editor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Cynthia Damian, T-Mobile senior manager of enterprise risk management. Interested in joining ISACA and networking with colleagues like Damian? Learn more here.
ISACA member Cynthia Damian has not had to leave her hometown to work for some of the world’s largest, best-known brands.
Just a decade ago, as security professionals, we could talk reasonably about physical security and logical security requiring different approaches. Five years ago, we might have found ourselves having conversations about the blurring lines between the two types of security discipline, and could have easily pointed to aspects of both physical and logical security that crossed over each other.
Today? In organizations that have embraced even the least cutting-edge aspects of operational and information technological advances (consumer IoT, industrial IoT, cloud hosted services, etc.), we can no longer rationally discuss a strictly “physical” or “logical” approach to managing security risks to the enterprise.
The Mirai botnet attack on the DYN network in October 2016 highlighted to many policymakers the potential problems associated with IoT devices. The compromise and concerted use of thousands of webcams and DVRs to disrupt key Internet services focused attention on the poor implementation of security controls on millions of devices newly connected to the Internet.
The introduction of the IoT Cybersecurity Improvement Act of 2017 by a bipartisan group of US senators seeks to address the inherent threat IoT devices pose to federal government services. This bill builds on recent efforts, including the Trump administration’s new executive order on cyber security for federal networks and critical infrastructure.
Today, we trust banks and other financial institutions to safely handle our money and the bulk of our monetary transactions. Successful breaches are somewhat rare thanks to technologies like multi-factor authentication and heavy investment in cyber security, but hackers are always improving their techniques, and tech is always changing. This leads to an ongoing cycle of improvement on both sides: financial institutions keep building better defenses, and hackers keep trying to overcome those advancements.
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.