The success of any security initiative comes down to one crucial element: an educated, engaged workforce. And that requires the development of an effective security awareness program, says Mark Eggleston, chief information security and privacy officer at Health Partners Plans.
"Your people is what powers the security program, whether it's ... coming up with the regulatory interpretations, the policies, procedures; all those things require people to make sure that it works together," says Eggleston, who will be a featured speaker at Information Security Media Group's Healthcare Security Summit in New York, to be held November 14-15.
But how can you tell if your security awareness program is working? It requires the application of a variety of metrics, including, for example, tracking the click rates on phishing attacks, he says.
In this interview (see audio link below photo), he also discusses:
- The metrics he relies on to prove an awareness program is working;
- How he has engaged users throughout his organization;
- The importance of using standards and frameworks.
Eggleston is vice president and chief information security and privacy officer at Health Partners Plans, a managed care company. He previously served as director of security and business continuity at the company.
At the Healthcare Security Summit, Eggleston will discuss balancing the need for security and patient privacy with information sharing.