Stephen Nardone is an industry-leading security expert with more than 35 years of experience in security program development and management, risk governance and oversight, architecture, service development and delivery, and security vulnerability management, assessment and testing. As Practice Director of Security and Mobility, Nardone leads the Company’s efforts to develop solutions and services that help customers reduce exposure to security threats. Prior to joining Connection, Nardone worked at the National Security Agency (NSA) for 15 years, where he ran NSA’s Commercial Trusted Product Evaluation Program. Nardone also served as CSO/CTO of the Commonwealth of Massachusetts, and held various leadership positions in the private sector on both the Professional Services and Operational Security side. He is a member of the International Information Systems Security Certification Consortium (ISC)2, Information Systems Security Association (ISSA), and Institute for Electrical and Electronics Engineers (IEEE). Nardone holds a BSEE in Electrical Engineering from the University of Lowell.
With each passing day, the frequency and complexity of security threat and breach is expanding. Last year, 170,000,000 identify records were compromised through a series of breaches - 112,000,000 from healthcare alone.
Managing threat and risk has become convoluted due to many factors such as:
- Traditional data boundaries no longer exist
- The concept of connectivity from any device, anytime, anywhere has expanded access control and business application connectivity challenges
- The concept of open access for today's "connected" devices (IoT), has opened up questions like - what am I actually connecting to, is it authorized and safe, and how am I sure the data exchange is meeting policy?
As a result, information security risk management has become a very difficult task, requiring a detailed understanding of threat and risk, a complete model to determine "real and measurable" risk, and a comprehensive program of risk governance.
We will discuss the current state of the threat, the types of attacks and techniques that are being executed, and review an information security risk management program strategy that can help healthcare organizations meet this threat head on and develop a plan for moving their existing risk into an acceptable range.