Information technology management is about executing predictable business processes.
Information Security Management is about reducing the impact of unpredictable attacks to your healthcare provider organization.
Once we put it this way – it’s clear that IT and security and compliance professionals, as dedicated as they are to their particular missions – do not have common business objectives and key results. This is why we have so many software security issues – we have software that is developed and implemented with disregard to best practice security.
In order to bridge the gap – healthcare provider IT and security professionals need to adopt a common goal and a common language – a language of customer-centric threat modelling
Typically, when a healthcare provider ( whether a hospital, HMO or primary care provider) needs software application, an IT consultant will do a system analysis starting with business requirements and then proceed to propose a solution to buy or build an application and deploy it.
Similarly, when the information security group needs an anti-virus or firewall, security consultants make requirements based on the current risk profile of the healthcare provider, test products, and proceed to buy and deploy or subscribe and deploy the new anti-virus or firewall solution.
The problem is that the two activities never work together – as result, we get islands of software applications that are not integrated with the company information security and compliance portfolio and we get information security technologies that are unaware of the applications and in a worst case scenario – get in the way of business productivity.
Michael Koploy of Software Advice explains well on how BI (business intelligence, once the domain of IT expert consultants) is now highly accessible technology in his article 4 Steps to Creating Effective BI Teams.
Business intelligence–the use of sophisticated software to analyze complex data–is no longer the domain of a centralized group of IT staff or advanced data analysts. Today, powerful and Web-based BI tools are accessible to a wide range of business users.
BI is everywhere, and it’s everyone’s job. But with this proliferation comes new challenges. Teams of BI users today often lack the structure, guidance and leadership to effectively mine data. In this article, I’ll share four steps to establish guidelines, organize teams, delegate data management and allow the success of the BI team to permeate and drive innovation throughout the business.
I agree with Michael.
By using BI – we can explore vulnerabilities in business processes and bring the information back to healthcare IT and security management in a constructive way and start building that common language between healthcare IT and healthcare security management that is so essential to protecting patient health records.