HHS Cybersecurity Performance Goals – Your Most Important Cybersecurity Audit
Tracks
IT/Security
Information Technology
| Tuesday, September 10, 2024 |
| 12:50 PM - 2:40 PM |
Speaker
Johan Lidros
President
Eminere Group LLC
HHS Cybersecurity Performance Goals – Your Most Important Cybersecurity Audit
Session Synopsis
Cybersecurity and Infrastructure Security Agency (CISA) launched Cybersecurity Performance Goals (CPGs) as an essential tool and requirement for critical infrastructure industries in 2023, and in 2024, the Department of Health and Human Services (HHS) issued the specific CPGs for the healthcare sector. In its Healthcare Cybersecurity Strategy, HHS also plans to establish an incentive program (i.e., similar to meaningful use) for hospitals to implement “enhanced” CPGs.
This session will outline the CPG requirements, how to audit to meet the requirements, what reference standard may be most beneficial, and how measurements and metrics can further improve your information security and IT risk management programs. In addition, we will incorporate the updated HIPAA security requirements into the presentation and the related CPGs. Furthermore, we will show how the CPGs can further integrate into a healthcare system's quality and patient safety program.
This session will outline the CPG requirements, how to audit to meet the requirements, what reference standard may be most beneficial, and how measurements and metrics can further improve your information security and IT risk management programs. In addition, we will incorporate the updated HIPAA security requirements into the presentation and the related CPGs. Furthermore, we will show how the CPGs can further integrate into a healthcare system's quality and patient safety program.
Biography
Johan Lidros (CISA, CISM, CRISC, CDPSE, CGEIT, ITIL-F, HITRUST CCSFP), President of Eminere Group has a significant amount of experience working with higher education and healthcare, assessing, and auditing their IT Risks. He has led numerous IT Audits, risk assessments, HIPAA and Cybersecurity engagements at higher education institutions during the past 25 years and has a very comprehensive understanding of current IT governance and security standards such as: COBIT, HITRUST, NIST, CIS, and IS027002. Johan has performed dozens of speaking engagements over the past two decades on various IT/Cyber Security and risk management topics at conferences including ACUA, AHIA, EDUCAUSE, FHIMA, HCCA, and ISACA. Johan is an ISACA certified instructor and regularly teaches ISACA CISA, CRISC, CGEIT and CISM certification review classes. He regularly performs IT audit roundtable discussions for AHIA, IIA and local ISACA chapters.
