Governance: Improving Security DocumentationNTT Security's Bonnie Goins Offers Insights
When it comes to governance, healthcare organizations need to do a far better job of documenting all their security policies and procedures, says Bonnie Goins of NTT Security.
"A lot of times we see information security policies are minimal," she says. "They don't necessarily cover all aspects of information security. We also see vulnerability programs and incident management programs that are really lacking. For example, they may have information on how to do technical recovery but they don't really have the guts of what needs to be done from a management perspective."
In this video interview at Information Security Media Group's recent Healthcare Security Summit in New York, Goins also:
- Discusses why senior executives need to be "on the hook" for ensuring security processes are well-documented.
- Emphasizes the need to make better use of standards from the National Institute of Standards and Technology, the SANS Institute and others.
Goins is governance, risk and compliance principal security consultant at NTT Security. She has more than 23 years of experience providing information security, risk management and regulatory compliance services to Fortune 500 companies and multinational organizations. She is an adjunct industry professor of information technology and a distinguished member of the Illinois Institute of Technology Center for Cybersecurity and Forensics Education. Goins works with security leaders to create comprehensive information security, risk management and compliance programs, specializing in business continuity/disaster recovery, incident response and policy, IT and risk management disciplines. Goins is also co-author of the "CISSP Common Body of Knowledge," the "SSCP Common Body of Knowledge" and the "Handbook of Information Security Management."