A Tool for Benchmarking InfoSec EffortsIn-Depth Report on New Survey Reveals Priorities, Budgets
What are your information security priorities and budget plans for this year? You can benchmark how your plans compare to your peers by checking out a new in-depth report that analyzes the findings of the 2014 Healthcare Information Security Today survey.
See Also: Creating a Culture of Security
The report is now available online.
Half of survey respondents say they have to achieve their goals with a security budget that's flat with last year's.
The new national survey of healthcare organizations, sponsored by (ISC)Â², shows top information security priorities for this year include improving regulatory compliance; improving security awareness and education for physicians, staff, executives and board; and preventing and detecting breaches.
But half of survey respondents say they have to achieve their goals with a security budget that's flat with last year's; only a third expect an increase. And more than half of respondents expect their information security budgets to amount to 6 percent or less of their total IT budgets.
Our new online handbook includes in-depth analysis from a large roster of privacy and security experts.
Plus, we're also offering a free webinar that summarizes the results and offers analysis by a panel of experts, including Michael Bruemmer, vice president of Experian Data Breach Resolution at Experian Consumer Services; Bob Chaput, CEO at consulting firm Clearwater Compliance; and Brian Evans, principal at security consulting firm Tom Walsh Consulting.
And you can learn even more by listening to interviews about the survey with Kate Borten, founder and president of The Marblehead Group; Jeff Cobb, CISO at Capella Healthcare; and Andrew Hicks, director and healthcare practice lead at Coalfire.
The Healthcare Information Security Today survey handbook, plus the related webinar and interviews, provide deep insights into a long list of information security and privacy trends for this year, including technology implementations, such as encryption and multi-factor authentication; mobile security; patient Web portals; and HIPAA Omnibus compliance challenges.
Even though so many large health data breaches have involved lost or stolen unencrypted devices or media, our survey found that less than half of organizations are applying encryption for mobile devices and media.
Encryption "is as close as you can get to a 'get-out-of-jail-free' card if, in fact, you do have a data breach," Bruemmer notes, because, for example, if an encrypted device is stolen, that's not considered a breach by the Department of Health and Human Services.
What's your reaction to our survey results? I encourage you to offer your insights in the space below.