Risk
12/13/2012
12:03 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

HITRUST And (ISC)2 Launch First Certification For Healthcare Info Security Professionals

Cooperative development will establish metrics for qualifications held by information protection professionals in the industry

PALM HARBOR, Fla., Dec. 12, 2012 /PRNewswire/ -- (ISC)²® ("ISC-squared"), the world's largest information security professional body and administrators of the CISSP®, and the Health Information Trust Alliance (HITRUST), a non-profit organization responsible for the development, management, education and awareness relating to health information security and the leading organization aiding the healthcare industry in advancing the state of information protection, announced today they have entered into an agreement to meet the growing demand for qualified security professionals who can protect sensitive healthcare information. This relationship was also established to allow both organizations to connect with key stakeholders in the healthcare market that can contribute to building new IT security certification and education programs for healthcare professionals.

According to a recently released HITRUST report, "A Look Back: U.S. Healthcare Data Breach Trends," the healthcare industry has made very little progress in reducing the number of breaches and that the industry's susceptibility to certain types of breaches has been largely unchanged since breach data became available from the U.S. Department of Health and Human Services (HHS) and the new Health Insurance Portability and Accountability Act ("HIPAA") and the Health Information Technology for Economic and Clinical Health ("HITECH") Act went into effect. The HITRUST analysis concludes that every organization would benefit from better education of professionals and the simpler identification of the necessary skills in professionals available to assist them in their security efforts. In fact, HHS recommends that smaller organizations seek out certified professionals to help conduct risk assessment and analysis if they lack the capability in-house.

"Through this cooperative relationship, HITRUST and (ISC)² will work together to ensure information security professionals working in healthcare have the required skills to be successful within their organizations and careers," said Daniel Nutkis, chief executive officer, HITRUST. "Our experience has shown us that organizations with more knowledgeable security professionals manage information risks better and have more advanced information security programs. Healthcare organizations will benefit from having a simpler method to ensure their information protection professionals have the appropriate skills."

In the U.S. alone, there are approximately 5,754 hospitals registered with the American Hospital Association and almost 240,000 physician practices, according to market research firm SK&A. Some of the key challenges that healthcare organizations face today include:

They must not only safeguard sensitive patient information within their immediate sphere of control, but they must also ensure the security and privacy of the information shared with their vendors, contractors, and business partners;

They must comply with vague and non-prescriptive regulations at various levels with HIPAA, HITECH and meaningful use;

They must contend with the complexities posed by a wide range of business partners with differing capabilities, requirements and risk profiles; and

They must continuously address significant security, privacy and compliance risks in an effort to protect patient information.

"Healthcare IT professionals are at a critical juncture. With the move to electronic health records, complex regulations to adhere to, and sophisticated cyber security threats knocking at their doors, they have no choice but to improve their security skills and knowledge," said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)². "Our new relationship with HITRUST underscores our joint commitment to address this problem and improve not only the skills of healthcare information security professionals, but also cyber security professionalization. We believe that an organization's privacy and security programs are significantly enhanced when properly trained and experienced individuals are involved. As we look toward 2013, (ISC)² and HITRUST are thrilled to join forces to bring the healthcare IT market real solutions for educating, qualifying and certifying professionals in this field."

This new cooperative development between HITRUST and (ISC)² will establish metrics for qualifications held by information protection professionals in the industry. In January 2013, the organizations will conduct a credential-building workshop, with several key contributors involved in the job task analysis (JTA) they are jointly working on. This workshop will help the organizations identify the major job requirements and subsequently the knowledge and skills needed by a healthcare information protection professional to fulfill these requirements.

Some of those participating experts include:

Cathy Beech, chief information security officer, The Children's Hospital of Philadelphia

Kevin Charest, chief information security officer (acting), US. Department of Health & Human Services

Clara Cheung, senior systems manager (application infrastructure), Hong Kong Hospital Authority

Bryan Cline, vice president, CSF development and implementation, and chief information security officer, HITRUST

Jamie Crow, IT regulatory compliance analyst, Express Scripts

Leo Dittemore, director, IS security administration, HealthCare Partners, LLC

Michael Gerleman, director of audit and compliance, Availity

Kevin Haynes, chief privacy officer, The Nemours Foundation

Darren Lacey, chief information security officer, Johns Hopkins University/Johns Hopkins Health System

Taylor Lehmann, chief security officer, Independent Health

Joy Poletti, director - IT security compliance, Catholic Health Initiatives

John Sapp, senior director, information security and IT risk management, McKesson Corp.

Jason Taule, corporate information security and privacy officer, CSC Civil Health Sector

Ken Vander Wal, chief compliance officer, HITRUST

Jason Zahn, IT senior internal audit manager, University of Pittsburgh Medical Center

About HITRUST

The Health Information Trust Alliance (HITRUST) is a non-profit organization that was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving the adoption of and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit HITRUSTalliance.net.

About (ISC)²

(ISC)² is the largest not-for-profit membership body of certified information security professionals worldwide, with over 87,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), Certified Authorization Professional (CAP®), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates. (ISC)²'s certifications are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers education programs and services based on its CBK®, a compendium of information security topics. More information is available at www.isc2.org.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
12/14/2012 | 1:18:53 AM
re: HITRUST And (ISC)2 Launch First Certification For Healthcare Info Security Professionals
Top healthcare IT professional organization and top security professional organization working together -- could be a step we see in other vertical markets as well.
--Tim Wilson, editor, Dark Reading
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.