Name: Addressing Vendor Risk & Assurance Challenges in the Cloud
Start: 2020-10-28T13:20:00Z
End: 2020-10-28T13:20:58.000Z
Location: BrightTALK
Rating: 0

Assembling and maintaining all of the components of risk management and compliance programs comes with unique challenges. HITRUST understands and has built an integrated approach to solving these problems with components that are aligned, maintained, and comprehensive to support your organization’s goals.

Establishing trust with customers and stakeholders is crucial in today's rapidly evolving threat landscape, marked by frequent cybersecurity breaches and ransomware attacks. With technology advancing at an unprecedented pace, organizations must demonstrate their ability to safeguard sensitive data effectively within their own enterprise and among business partners and other stakeholders. How can an organization prove itself a reliable guardian of sensitive information and data generally?
 
Understanding the assurance mechanisms for data security that are available is the first step organizations must take. Choosing wisely has a direct impact on how effectively an organization can establish trust with its customers and stakeholders. Join us to discover the importance of adopting a widely accepted assurance mechanism to establish trust, differentiate between the mechanisms available for organizations across industries, and learn how to select between the HITRUST certification and the SOC 2 assertion report to provide a superior level of assurance.

Proper Assurance Mechanisms for Data Risk and Information Security Requirements

Health Information Trust Alliance, or HITRUST, was established to uphold the Common Security Framework (CSF). The framework was developed to integrate and harmonize the HIPAA, ISO 27001/27002, NIST 800-53, GDPR, and PCI DSS compliance standards. Thanks to this, the HITRUST CSF is an industry-neutral framework used by businesses in education, tourism, insurance, and other industries to simplify the choice, installation, assessment, and reporting of information security and privacy measures.

Recent additions to HITRUST's portfolio of evaluations have been created to offer various levels of confidence based on the requirements of an organization. However, knowing which appropriate evaluation is right for your organization might be challenging. 

In this webinar, we will be going over the following topics:
• What is HITRUST 
• The three assessments' differences
• How much work is needed for each
• The three assessments' certification procedures
• How the industry views each evaluation

Join us for this deep dive session as Ryan Sanders, VP of Healthcare & Advisory Services at 24By7Security, and Ryan Patrick, VP of Adoption at HITRUST, look to streamline the selection procedure. They will discuss the three assessments' advantages and disadvantages, the level of effort necessary to achieve them, and how each choice is regarded by their industry.

We hope to answer the question: Is HITRUST right for me? >>>> SAVE YOUR SPOT TODAY! 

Who Should Attend?
- CIOs
- Directors of Security
- Security Officers
- Sales and Marketing
- Anyone responsible for ensuring their organization maintains its HITRUST certification

Do you need CPE/ CEU Credits?
Attending this webinar may make you eligible for CEUs or CPE credits at some professional associations. Please check with your professional association and its policies to see if you may apply for CEUs or CPE credits for this webinar. After viewing the entire webinar, you can download a certificate of completion from BrightTALK.

Is HITRUST Right for Me? Your Path to Healthcare Compliance

Some privacy and data protection regulations require the data to be protected “appropriately” and according to “best practice” without specifying what this means. This leaves the burden on the organization seeking compliance to determine what controls should be implemented and then execute them.

The HITRUST i1 and r2 Validated Assessments are a set of security controls that incorporate the HITRUST approach and help organizations that work with sensitive data to become more secure.

These frameworks are designed to provide a flexible and configurable standard that organizations can use to develop cybersecurity strategies compliant with the HIPAA, ISO, NIST, SOC 2, CMMC, PCI-DSS, and many other data protection regulations.

Join Avertium and HITRUST for a discussion on the insurance continuum, assessment use cases, and stakeholder risk.

Moderator - Dara Gibson | Alliance Manager at Avertium
Andrew Ange | Managing Consultant - Governance, Risk, and Compliance at Avertium
Michael Parisi | VP of Adoption at HITRUST

How Do the New i1 and r2 Assessments Enable Security for More Businesses?

An introduction to the HITRUST i1 Implemented, 1-year Validated Assessment. Find out how the i1 meets the growing market need for a continuously relevant cybersecurity assessment that aligns and leverages the latest threat intelligence to mitigate information security risks and emerging cyber threats, such as ransomware. The design and selection of i1 controls puts it in a new class of information security assessment that is threat-adaptive – designed to maintain relevance over time as threats evolve and new risks emerge, while retiring controls no longer deemed material.

HITRUST Information Security Assessment Focuses on Continuous Cyber Relevance

A large majority of covered entities and business associates already partner with HITRUST to achieve and demonstrate compliance with HIPAA regulations. The purpose of this webinar is to share insights into the legal advantages of leveraging HITRUST in the face of audits or regulatory investigations, while briefly covering new resources and capabilities that promise to further streamline compliance reporting. 

Learning Points:
- Understanding of how HITRUST can be leveraged to achieve compliance objectives
- Explanation of the legal advantages for organizations that leverage HITRUST for their HIPAA risk management needs
- Tips on how to better position your organization if faced with audits or regulatory investigations
- Information on how to leverage HITRUST’s new Regulatory Assistance Center as well as the guide, The HITRUST Approach to Demonstrating HIPAA Compliance
- Preview of planned enhancements for the HITRUST MyCSF SaaS platform that will further streamline HIPAA compliance reporting and evidence presentation

Demonstrating HIPAA Compliance with HITRUST —Legal Advantages and New Resources

This webinar will cover the many benefits of leveraging HITRUST to effectively achieve global information risk management and compliance objectives. 

We will provide an overview, tips on getting started, and more information on how HITRUST’s integrated programs and services can offer global companies an efficient path to achieving compliance with any of the 44+ authoritative sources and regulations harmonized in the HITRUST CSF.

Adopting HITRUST for Global Risk Management and Compliance

An overwhelming number of businesses today are choosing the cloud to host software applications, govern IT workloads, and assist with facilitating rapid technology innovation. Unfortunately, along with the cloud comes ambiguity regarding data security responsibilities. How do you clearly delineate responsibilities, provide adequate security assurances to stakeholders, and remove the burden on teams that are tasked with information risk management for such a complex ecosystem? Traditional “IT Enterprise” methodologies are no longer fit for this purpose, but there is a way. 

This webinar will help organizations:
·     Understand the driving forces in the cloud that created the need for a new shared responsibility model 
·     Discover tools and methodologies that can be leveraged to establish cloud security as a joint obligation between cloud service providers and customers (i.e., the HITRUST Shared Responsibility Matrix)
·     Provide platform and hosting security assurances that are both comprehensive and efficient
·     Evaluate the right cloud service provider for your business based on security and privacy posture

Navigating Data Security in the Cloud

LEARNING OBJECTIVES:
- Articulate the purpose and value of a risk management framework (RMF)
- Identify key attributes of a good RMF
- Understand how an RMF can help provide an appropriate level of due diligence and due care for the protection of sensitive information and appropriate assurances about how well you protect sensitive information to internal and external stakeholders

Everything You Wanted to Know About Risk Management Frameworks & Data Protection

The purpose of this webinar is to provide instructional guidance on how to successfully access and adopt the newly released HITRUST Shared Responsibility Matrix.

Webinar participants will receive a/an:

- Understanding of the industry need for a vendor-neutral model for shared responsibility in the cloud
- Overview of the HITRUST Shared Responsibility Matrix – understanding how to access and customize matrix templates
- Understanding of what to expect post-release of the HITRUST Shared Responsibility Matrix
- Call to action: Ask CSPs and tenants alike to work with HITRUST to further the adoption of the Shared Responsibility Matrix

The HITRUST Shared Responsibility Matrix: Secure Adoption of Cloud Technologies

KEY LEARNINGS:
•Understand how the HITRUST Approach can be used to help organizations qualify their third parties for a new business relationship and requalify those with an existing one based on the inherent risk they pose to the organization
•Understand how the HITRUST Assessment XChange implements the HITRUST TPRM Methodology’s vendor qualification process
•Understand how to utilize the new Inherent Risk Questionnaire and Rapid Assessment and how to incorporate them into an organization’s TPRM, along with the Readiness and Validated Assessments

Third-Party Risk Management (TPRM) Methodology

What to Know, What to Do, and How HITRUST Can Help

LEARNING OBJECTIVES:
- To obtain an understanding of the California Consumer Privacy Act (CCPA), the related draft rules, and other updates
- To discover how to provide input on the CCPA draft rules
- To learn how HITRUST can help businesses comply and assess themselves against the CCPA

The California Consumer Privacy Act (CCPA)

Nearly every business today—big and small—is increasingly porting its IT solutions and operations to the cloud. Hear a CISO’s perspective on asking the right questions and other important considerations when it comes to managing risk with cloud service providers such as:

- Understanding your cloud service provider's stance on prioritizing their customer’s security and privacy.
- Leveraging the HITRUST Shared Responsibility Matrix when contracting with your cloud service provider
- How cloud vendors can provide sufficient platform and hosting security assurances, mindful of the shared ownership of applicable controls.
- How cloud vendors can demonstrate commitment to their customer’s security and privacy needs as a competitive advantage.

Updates to the HITRUST Shared Responsibility & Inheritance Program, including:

- Details about the HITRUST Shared Responsibility Matrix (SRM) V1.1 Update release.
- How the HITRUST SRM provides assurances to enable the business need for cloud adoption without undue levels of risk.
- How the HITRUST SRM can help fulfill ongoing third-party due diligence oversight requirements in the most cost-effective manner possible.

Addressing Vendor Risk & Assurance Challenges in the Cloud

Cloud

Cloud Security

Cloud Security Strategy

Cloud Compliance

Cloud Adoption

Cloud Control Matrix

Cloud Service Providers

Cloud Assurance

Information Risk

Supply Chain Risk Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Addressing Vendor Risk & Assurance Challenges in the Cloud

Presented by

About this talk

More from this channel