Governance

Governance: Improving Security Documentation

NTT Security's Bonnie Goins Offers Insights

When it comes to governance, healthcare organizations need to do a far better job of documenting all their security policies and procedures, says Bonnie Goins of NTT Security.

See Also: 2017 Predictions on Data Security: Insights on Important Trends in Security for the Banking Industry

"A lot of times we see information security policies are minimal," she says. "They don't necessarily cover all aspects of information security. We also see vulnerability programs and incident management programs that are really lacking. For example, they may have information on how to do technical recovery but they don't really have the guts of what needs to be done from a management perspective."

In this video interview at Information Security Media Group's recent Healthcare Security Summit in New York, Goins also:

  • Discusses why senior executives need to be "on the hook" for ensuring security processes are well-documented.
  • Emphasizes the need to make better use of standards from the National Institute of Standards and Technology, the SANS Institute and others.

Goins is governance, risk and compliance principal security consultant at NTT Security. She has more than 23 years of experience providing information security, risk management and regulatory compliance services to Fortune 500 companies and multinational organizations. She is an adjunct industry professor of information technology and a distinguished member of the Illinois Institute of Technology Center for Cybersecurity and Forensics Education. Goins works with security leaders to create comprehensive information security, risk management and compliance programs, specializing in business continuity/disaster recovery, incident response and policy, IT and risk management disciplines. Goins is also co-author of the "CISSP Common Body of Knowledge," the "SSCP Common Body of Knowledge" and the "Handbook of Information Security Management."


About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 28 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from the North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global Summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.




Around the Network