A standards body has said that in order for
healthcare IT security to succeed it has to align with the overall activities
of an organisation if it has any chance of being effective.
The chief of the Baldrige PerformanceExcellence Program just launched under the umbrella of The National Institute
of Standards and Technology (NIST), says that cybersecurity systems cannot
operate in isolation if they have any chance of succeeding.
"If your cybersecurity operations and approaches aren't integrated into
your larger strategy, aren't integrated into your workforce development
efforts, aren't integrated into the results of the things you track for your
organisation and overall performance, then they're not likely to be
effective," says Robert Fangmeyer, director of the programme.
The Baldridge Performance Excellence Program is a self-assessment tool that has been devised to help organisations upgrade their IT security capacity, set and achieve sustainable results.
See Also: Patient Safety at Risk: Poor IT Security
NIST says that the Baldrige Cybersecurity Excellence Builder is critical for:
- Identifying cybersecurity-related activities that are crucial to business strategy and service delivery;
- Prioritising investments for cybersecurity risk management;
- Assessment of how effective and efficient cybersecurity an organsiaiton’s standards, guidelines and practices are;
- Evaluation of cybersecurity results;
- Identification of priority areas for improvement.
The tool is adaptable to each organisation's needs rather than taking a one-size-fits-all approach. It hones in on specific characteristics and strategies connected to cybersecurity.
The tool highlights
areas such as how cybersecurity is deployed in leadership, strategy, customers,
workforce and operations in addition to results in each of these sections.
Its assessment rubric helps organisations ascertain what maturity level their cybersecurity level is at: reactive, early, mature or a role model.