An H-ISAC Framework for CISOs to Manage Identity

ABSTRACT:

Our first paper “Identity for the CISO Not Yet Paying Attention to Identity” detailed why healthcare CISOs need to embrace an identity-centric approach to cybersecurity – including where and how to get started. If you’ve read it, perhaps you’ve been convinced that identity should be a priority. But what does that mean, and how should you get started? This paper was written to address those questions. It outlines a comprehensive Framework that health CISOs can use to architect, build and deploy a modern identity system that will protect against modern attacks and also support key business drivers.

 

You already use some Identity and Access Management (IAM) tools today.

Authentication, provisioning, authorization, and access control – these are all important technologies on their own. When treated as point solutions and deployed in isolation, they fail to deliver a holistic approach to identity that can protect against identity-centric attacks. Identity is not just about internal workforce; it’s about an organization’s entire ecosystem including customers and external partners. CISOs should use an identity-centric approach to cybersecurity. Identity should be owned and operated by an organizational function motivated by risk (e.g., the CISO), not one motivated by service levels and speed (e.g., the Service Desk or HR).

 

Identity Framework

When integrated as part of a more holistic Framework, however, these solutions and others enable an enterprise to manage the full identity lifecycle of employees, practitioners, patients, and business partners in a way that guards against common attacks on identity, materially lowers risk, and increases operational efficiencies. The Identity Framework in this whitepaper details the different components needed for a modern identity-centric approach to cybersecurity, and outlines how these different components should integrate and inter-relate to secure the enterprise.

 

 

Translate »