Today, those taking on the role of chief information security officer must wear many hats, according to Jigar Kadakia, CISO at Boston-based Partners HealthCare. They must be strategists and technologists, as well as guardians and advisers.
"The role of CISO has changed dramatically in the last couple years," he said during the HIMSS Connected Health Conference just outside of the District of Columbia on Monday. "They're more innovative and more technology-driven ... so it's a different perspective from the traditional role of the CISO."
In addition, Kadakia said technology in healthcare overall has evolved recently. It used to fall on the IT team, it's now integrated with the business; it used to be just about guarding the perimeter, now it's about detecting and analyzing threats; and it used to be separate from the business, but now it's instilled from the top down.
CISOs looking to address risks should follow six steps, Kadakia said, which include:
- Own the risk
- Prioritize key initiatives
- Learn from others and incorporate that knowledge
- Enhance security culture
- Secure all aspects of the business
- Measure program maturity
Looking forward to the next 18 to 24 months, one of the largest challenges ahead for CISOs will be mobile technology, including telehealth, bring-your-own-device policies and mHealth-based patient engagement, Kadakia said.
Other aspects of security CISOs will have to keep an eye on, according to Kadakia, will include social media, cloud technologies, big data and analytics, as well as the concept of "data lakes."