Is your HIPAA security management like a washing machine?
Most security appliance vendors use fluffy charts with a 4 step “information risk management” cycle.
It’s always a 4 step cycle, like “Discover, Monitor, Protect and Manage” and it’s usually on a circular chart but sometimes in a Gartner-style magic quadrant or on a line.
It’s a washing machine cycle that never stops.
The problem with the washing machine model is that it tackles the easy part of information security (running the appliance, discovering vulnerabilities, fixing things and producing reports) and ignores the hard stuff; quantification and prioritization of your actions based on financial value of assets and measurement of threat impact.
Modern security tools are good at discovering exploitable vulnerabilities in the network, Web servers and applications. However – since these tools have no notion of your business context and how much you value your information assets, it is likely that your security spending is misdirected.
With reported data breaches and medical devices and information system that doubled last year, and security budgets that are shrinking as the US economy stutters – you need to measure how well the product reduces Value at Risk in dollars (or in Euro) and how well it will do 3 years after you buy the technology.
In order to help make that happen – all you need to do is contact us via the site contact form or pick up a phone and give me a ring at +972-54-447.1114.
This is what we do – help you and your team take a leadership role in the board room and secure your medical devices instead of waiting for vendor proposals in your office.
Through specific Business Threat Modeling(TM) tactical methods we teach you how to quantify threats, valuate your risk and choose the most cost-effective security technologies to protect your data.
Data security is a war – when the attackers win, you lose. We will help you win more.