The role of chief information security officer will continue to mature, and has already seen great change as people in the position move to a more risk-based approach to tackling security challenges.
Previously, CISOs were more focused on compliance with regulations and policies like HIPAA, but now they're viewing privacy and security through a larger lens, Raj Mehta, a partner in Deloitte Cyber Risk Services, tells HealthITSecurity.com.
"[T]hey're starting to see more of a risk type of consideration," Mehta says. "What do we do about cybersecurity? What are other issues we need to worry about?"
As security threats against healthcare organizations proliferate, the role of chief information security officers is gaining more visibility, FierceHealthIT previously reported.
Mehta says CISOs in healthcare and beyond now are looking at security from a business risk management perspective. They might soon take more active steps in areas like biometric security.
However, there also will be challenges for CISOs to face, Mehta says, such as being able to communicate effectively with executives, and dealing with the safety of information in an industry where sharing data is growing in scope and in complexity.
CISOs have their work cut out for them when it comes to being seen as more than a scapegoat when breaches occur. Seventy-five percent of respondents to a recent survey didn't think CISOs deserved to be part of an organization's leadership team, according to the report by security vendor ThreatTrack.
To learn more:
- here's the interview