Registration and Intro
 

Information Governance and Cyber Securityin the real world - Cyber security as a strategic risk.

• Understanding your data – Information Asset Registers. Data flows.
• Understanding your risk: Information Asset Risk Assessments and Privacy Risk Assessments.
• Top 10 threats for health care organisations.
• Understanding and categorizing your cyber incidents.
• Managing cyber risks nationally and locally

Information Governance and Cyber Security in the real world -Understanding the 3rd parties risk.

• Trusting you supplier.
• 3rd party security assessments.
• Managing the risk.
• Contractual matters.
• Information Sharing Agreements and Data Processor Agreements.

Case studies/discussion sprints:

• Health Service risk registers
• National cyber security risk alerts
• Health care information and cyber security incidents.
   

Responding to cyber security incidents and data breaches.

• Challenges and guidancefor healthcare organisations:preparing for threats, Incident Response Process, Disaster Recovery Plans, Evidence Collection and Preservation, Incident Investigation, Root Cause Analysis and Incident Reporting.
• Building skilled resources to speeding up response capabilities, recovery and resilience.

National resilience units and healthcare. Notification to supervisory authorities, fines and embarrassment
Case studies/discussion sprints:

• Dosimetry Monitoring System incident: data processor cyber attack.
• Wannacry incident.
• Data disclosure incidents in health care organisations: email, social media, Patient Administration System
   

Improving cyber readiness and resilience in health care settings.

• Effective use of Cyber security and information governance standards in the real world.
• Frameworks and toolkits for healthcare organisations.
• Planning your ISMS for the future.
• National vs. local approaches.
• Monitoring effectiveness and national and local level.
   

Improving cyber readiness and resilience in health care settings.

• Architectural controls
• Data controls
• Hardware controls
• Network controls
   

Improving cyber readiness and resilience in health care settings.

• Software controls
• User controls
• ISO27001 Controls
   

Case studies/discussion sprints:

• IG Toolkit
• ISMS gap analysis tools.
• National Information Security Policy Framework.
• National resilience monitoring
• Archetype for National Critical Infrastructure Cybersecurity for Middle East region.

Regulatory Environment for Healthcare Organisations
Legislation, policies, code of practice and guidelines: Supervisory Authorities regulations, Data Protection (GDPR), Duty of Confidentiality, Freedom of Information, Integrated Health and Social Care, Access to Health Records, Public Records, Criminal Justice and Immigration, Data Handling, Health Service Operatin Frameworks, IG Assurance Frameworks, Human Rights, Computer Misuse, Privacy and Electronic Communication Regulations, PCI/DSS, Records management.

Case studies/discussion sprints:

• GPDR compliance assessment tools

Developing Cyber Security and IG Strategies.

• Fighting cybercrime in the 21st century. Modern approaches.
• Elements of effective Cyber Security and IG strategies.
• National vs Local strategies and policies.
• Strategic policy frameworks for health and social care.
   

Case studies/discussion sprints:

• National Cyber Security Strategy 2016 /2021 (UK)
• The DoD Cyber Strategry (USA)
   

Information Security Management Systems

• Governance.
• Continual improvement.
• The human factor in the cyber security safety chain. Training and awareness.
• Internal audit.
• Monitoring progress.

Case studies/discussion sprints:

• ISMS continual improvement plans.

Summary of the course

• Closing remarks
• Certificate distribution