CIOReview
CIOREVIEW >> Enterprise Architecture >>

Changing The Tenor Of The Conversation

Mark Combs, CISO, WVU Healthcare
Mark Combs, CISO, WVU Healthcare

Mark Combs, CISO, WVU Healthcare

Any CISO worth his salt could easily sit down with a top executive and discuss the issues surrounding today's complex regulatory landscape when it comes to protecting critical information. Our world is fraught with government rules like HIPAA/HITECH, SOX, PCI, FERPA, etc. Fines, penalties, loss of reputation, and loss of business–these are all real threats that we face, but what impact are they having? If government enforced penalties are really effective, then why are we still seeing breaches of sensitive information? Breaches are not declining–they are on the rise at an alarming rate.

Everyday my inbox fills with stories of horror where thousands upon thousands of customer records are disclosed. When will organizations start to realize the true impact to the lives of those people whose information we carelessly took for granted? In many of these cases, the breach could have been easily prevented by some of the most common security controls, encryption at the top of the list.

Let's take the financial industry, for example–every day I go to work to provide for my family. The company I work for pays me for my time that I spend providing valuable output to grow the organization. That money represents a part of my life that I can never regain. When an employee walks out of the building with my information on a laptop or USB drive that is not encrypted and loses it–they lose more than just that information; they lose part of my life.

Here's another example - If a healthcare organization discloses a large amount of patient data and loses patient confidence it can have a much farther reaching effect. Studies have shown that patients who do not believe their healthcare organization protects their information are much less likely to disclose sensitive information about their condition. Let's say a patient presents to their physician with a lump in a sensitive area of the body. In this case, the patient has lost confidence in this particular healthcare provider because of a recent breach that was just all over the news. Due to this lack of confidence, the patient doesn’t fully disclose about the lump–time passes, the lump grows and turns out to be cancer. In a lot of cases, cancer can be more easily treated with early detection; however, since the organization didn’t take, in most cases, the most basic of precautions, the patient now has a terminal illness and it costs the organization many times more to treat than it would have to begin with.

Oftentimes I sit with providers, business executives and other leaders and try to explain the importance of information security; yet I see the glossed over look when I talk about the fines, the penalties, the policies and the harm to the organization. That look becomes intense interest when I change the subject to how it affects our customers, our patients–the people.

CISO's have got to start speaking the language of their executives. In most cases, C-levels really don’t understand or care too much about the technical jargon. How many viruses did you stop? How much SPAM or phishing did you thwart? Not important–how many lives did we change today? That's the real question.

If you are serious about building an effect information security program, change the tenor of the conversation. Help them to understand you’re not just protecting data; you’re protecting their most precious asset–your customers.

CIO Review Clients : Flagship , PCMI

Media Partner : CIO Review | B2B Online 2020

CIO Review Press Releases :   CIO Review | One Stop Systems

                                         CIO Review | ComplianceQuest

Read Also

How to Build a Techforce

How to Build a Techforce

Christian N. Schmid (Managing Director and Partner), Raffael Kazda (Associate Director), Daniel Wagner (Manager) and Annika Melchert (Senior IT Architect), all core members of the Banking Practice Area of BCG and BCG Platinion
Data Archival - Rest in peace

Data Archival - Rest in peace

Himali Kumar, Director Data Management, AutoZone
What Does RBG's Death Mean for the Investing World?

What Does RBG's Death Mean for the Investing World?

Jenny Abramson, Founder & Managing Partner, Rethink Impact
The New Bridges and Barriers to an Integrated World view

The New Bridges and Barriers to an Integrated World view

Brandon Beals, Director of Data & Analytics, Dot Foods
Data Literacy –What is it and Why Should Your Company Care?

Data Literacy –What is it and Why Should Your Company Care?

Lisa M. Mayo, Director of Data Management, Ballard Spahr LLP