Day 1 - Tuesday 09 April, 2019
Opening Session
Session One
Information Governance and Cyber Security in the real world - Cyber security as a strategic risk.
- Understanding your data – The value of healthcare information. Information Asset Registers. Data flows.
- Understanding your risk: Information Asset Risk Assessments and Privacy Risk Assessments.
- Managing cyber risks nationally and locally.
- Demo of tools for managing threats and risks in digital healthcare environments.
Morning Break & Networking
Session Two
Information Governance and Cyber Security in the real world -Understanding the 3rd parties risk.
- Trusting you supplier.
- 3rd party security assessments.
- Managing the risk.
- Contractual matters.
- Information Sharing Agreements and Data Processor Agreements
Case studies/discussion sprints:
- Health Service risk registers
- National cyber security risk alerts
- Health care information and cyber security incidents
Lunch Break & Networking
Session Three
Responding to cyber security incidents and data breaches. Challenges and guidance for healthcare organisations: preparing for threats, Incident Response Process, Disaster Recovery Plans, Evidence Collection and Preservation, Incident Investigation, Root Cause Analysis and Incident Reporting.
- Understanding and categorizing your cyber security incidents.
- The “Cyber incident” obsession Vs. holistic information security incident approaches
- Signification disruption of Healthcare as an essential service. NIS Directive.
- Security incidents vs. data breaches
- Is confidentiality really a big headache for HCOs? Taxonomy and trends of reported information security incidents within healthcare.
- Top 10 threats for health care organisations.
- Capabilities and motivations of HCOs adversaries.
- The healthcare attach model
- Typical response approaches: Tier 1 incidents, major incidents and National or Global incidents. Threat intelligence sharing.
Case studies/discussion sprints:
- Learning for incidents. Adjusting your risk.
- Building skilled resources to speeding up response capabilities, recovery and resilience.
Evening Break & Networking
Session Four
National resilience units and healthcare. Notification to supervisory authorities, fines and corporate embarrassment.
Case studies/discussion sprints:
- Dosimetry Monitoring System incident: data processor cyber attack.
- Wannacry incident.
- Data disclosure incidents in health care organisations: email, social media, Patient Administration System
Day 2 - Wednesday 10 April, 2019
Session One
Improving cyber readiness and resilience in health care settings.
- Effective use of Cyber security and information governance standards in the real world.
- Gap analysis tools.
- Choosing the right standards, frameworks and toolkits to work with in healthcare settings.
- Tools to manage multiple frameworks and standards compliance.
- Planning your ISMS for the future.
- Monitoring effectiveness and national and local level.
Morning Break & Networking
Session Two
Improving cyber readiness and resilience in health care settings.
- Architectural controls
- Data controls
- Hardware controls
- Network controls
Lunch Break & Networking
Session Three
Improving cyber readiness and resilience in health care settings.
- Software controls
- User controls
- ISO27001 controls
Evening Break & Networking
Session Four
Case studies/discussion sprints:
- IG Toolkit
- ISMS gap analysis tools.
- National Information Security Policy Framework.
- National resilience monitoring
Day 3 - Thursday 11 April, 2019
Session One
Legislation, policies, code of practice and guidelines.
Supervisory Authorities regulations, Data Protection (GDPR), Duty of Confidentiality, Freedom of Information, Integrated Health and Social Care, Access to Health Records, Public Records, Criminal Justice and Immigration, Data Handling, Health Service Operating Frameworks, IG Assurance Frameworks, Human Rights, Computer Misuse, Privacy and Electronic Communication Regulations, PCI/DSS, Records management.
Case studies/discussion sprints:
- Data Protection Law in Qatar. Scope and requirements
- IG and security in the health care sector in the Middle East
- The impact of GDPR on health care organisations in the Middle East. Use of data privacy shields.
- Pragmatic approaches: establishing a reasonable scope for “appropriate” safeguards for health data.
Morning Break & Networking
Session Two
Effective structures for decision making and managing information security.
- Common governance structures and models
- Key information assurance roles in healthcare organisations
- The human factor in the cyber security safety chain. Training and awareness.
Case studies/discussion sprints:
- IG model for health and social care (UK)
- IG model in the Middle East health care setting (participants)
Lunch Break & Networking
Session Three
Taking a holistic & pragmatic approach
- Strategy or strategies: cyber security, information security and information governance.
- Elements of and Information Assurance strategy
- Demonstrating value
- Road maps and continual improvement
Evening Break & Networking
Session Four
Information Security Management Systems
- ISMS vs. Value models
- Implementing your ISMS
- How and ISMS looks like in a healthcare organisation
- Benefits of ISO/IEC 27001 in HCOs
- Making your ISMS better. Monitoring progress. Using internal audit to improve your ISMS.
Case studies/discussion sprints:
- ISMS continual improvement plans and approaches in various HCOs.
Summary of the course
- Closing remarks and Certificate distribution