Pre-Conference Workshop: Critical Partners: Cybersecurity and Internal Audit: Speaker Mark Dill, T-W Security
Tracks
Track 4
Track 5
| Monday, September 9, 2024 |
| 2:00 PM - 3:50 PM |
Speaker
Mark Dill
T-W Security
Critical Partners: Cybersecurity and Internal Audit
2:00 PM - 3:50 PMSession Synopsis
Phishing, ransomware, theft and loss of device or media, data loss (human error or malicious) and biomedical asset compromise are core cyber threats to all healthcare organizations. However, many healthcare organizations have limited resources to address these evolving threats while still maintaining regulatory compliance. That is why it is crucial for internal auditors to ensure their organizations are achieving “prevailing practices,” to demonstrate “alignment” with named frameworks and take full advantage of the HIPAA Safe Harbor Act of 2021 (HR 7898).
This session shares research along with the professional experience of Mark W. Dill as a practicing CISO and consultant.
In particular, Mark will share ideas (for organizations of all sizes and complexities) on how to align a security program with business and clinical objectives, develop stronger relationships between security and audit teams, focus efforts on the most important safeguards to implement, measure and mature and share insights of how deficient polices are often used against an organization, in litigation
This session shares research along with the professional experience of Mark W. Dill as a practicing CISO and consultant.
In particular, Mark will share ideas (for organizations of all sizes and complexities) on how to align a security program with business and clinical objectives, develop stronger relationships between security and audit teams, focus efforts on the most important safeguards to implement, measure and mature and share insights of how deficient polices are often used against an organization, in litigation
Biography
Mark joined tw-Security in 2015 and was a longtime colleague of Tom Walsh since 2006.
The following are Mark’s bio highlights:
• Over 30 years of experience in IT and technical management, and 20 years of Information Security experience with a focus on strategic and tactical initiatives
• tw-Security, Partner, and Principal Consultant
• Certified Information Security Manager, Certified in Risk, and Information Systems Control, ISACA Cybersecurity Audit Certificate
• Providing cybersecurity advisory and CISO services for multiple covered entities and business associates
• Key areas of expertise:
o Enterprise risk analysis and risk management initiatives
o Cybersecurity assessments with multiyear strategic planning
o Security program maturity evaluations
o HICP [Cybersecurity Act of 2015 (CSA), Section 405(d)],
o NIST Cyber Security Framework (CSF)
o Aligns security programs cross-referenced to multiple standards and frameworks
o Prepares organizations to achieve SOC 2 with formal attestation, or attain ISO 27001 certificate of compliance
o HITRUST Certification
o Performs incident response preparation and breach management
o CISO mentoring
o Healthcare resilience program assessments
• Recognized in December 2016 and in December 2015 by Health Data Management magazine as one of the ‘50 Top Healthcare IT Experts’ and by HealthcareInfoSecurity.com as one of the most influential people in healthcare information security in 2014
• Former – Chief Information Security Officer for The Cleveland Clinic; responsible for the deployment of information security and disaster recovery best practices, and compliance with HIPAA, PCI, and Internal Control Effectiveness / SOX regulations and standards
• Known for developing a ‘Book of Evidence’ – guiding organizations on how to prepare for and pass an OCR audit
