Day 1 - Sunday 18 March, 2018
Opening Session
Session One
Information Governance and Cyber Securityin the real world - Cyber security as a strategic risk.
- Understanding your data – Information Asset Registers. Data flows.
- Understanding your risk: Information Asset Risk Assessments and Privacy Risk Assessments.
- Top 10 threats for health care organisations.
- Understanding and categorizing your cyber incidents.
- Managing cyber risks nationally and locally
Morning Break & Networking
Session Two
Information Governance and Cyber Security in the real world -Understanding the 3rd parties risk.
- Trusting you supplier.
- 3rd party security assessments.
- Managing the risk.
- Contractual matters.
- Information Sharing Agreements and Data Processor Agreements.
Case studies/discussion sprints:
- Health Service risk registers
- National cyber security risk alerts
- Health care information and cyber security incidents.
Lunch Break & Networking
Session Three
Responding to cyber security incidents and data breaches.
- Challenges and guidancefor healthcare organisations:preparing for threats, Incident Response Process, Disaster Recovery Plans, Evidence Collection and Preservation, Incident Investigation, Root Cause Analysis and Incident Reporting.
- Building skilled resources to speeding up response capabilities, recovery and resilience.
Evening Break & Networking
Session Four
National resilience units and healthcare. Notification to supervisory authorities, fines and embarrassment
Case studies/discussion sprints:
- Dosimetry Monitoring System incident: data processor cyber attack.
- Wannacry incident.
- Data disclosure incidents in health care organisations: email, social media, Patient Administration System
Day 2 - Monday 19 March, 2018
Session One
Improving cyber readiness and resilience in health care settings.
- Effective use of Cyber security and information governance standards in the real world.
- Frameworks and toolkits for healthcare organisations.
- Planning your ISMS for the future.
- National vs. local approaches.
- Monitoring effectiveness and national and local level.
Morning Break & Networking
Session Two
Improving cyber readiness and resilience in health care settings.
- Architectural controls
- Data controls
- Hardware controls
- Network controls
Lunch Break & Networking
Session Three
Improving cyber readiness and resilience in health care settings.
- Software controls
- User controls
- ISO27001 Controls
Evening Break & Networking
Session Four
Case studies/discussion sprints:
- IG Toolkit
- ISMS gap analysis tools.
- National Information Security Policy Framework.
- National resilience monitoring
- Archetype for National Critical Infrastructure Cybersecurity for Middle East region.
Day 3 - Tuesday 20 March, 2018
Session One
Regulatory Environment for Healthcare Organisations
Legislation, policies, code of practice and guidelines: Supervisory Authorities regulations, Data Protection (GDPR), Duty of Confidentiality, Freedom of Information, Integrated Health and Social Care, Access to Health Records, Public Records, Criminal Justice and Immigration, Data Handling, Health Service Operatin Frameworks, IG Assurance Frameworks, Human Rights, Computer Misuse, Privacy and Electronic Communication Regulations, PCI/DSS, Records management.
Case studies/discussion sprints:
- GPDR compliance assessment tools
Morning Break & Networking
Session Two
Developing Cyber Security and IG Strategies.
- Fighting cybercrime in the 21st century. Modern approaches.
- Elements of effective Cyber Security and IG strategies.
- National vs Local strategies and policies.
- Strategic policy frameworks for health and social care.
Lunch Break & Networking
Session Three
Case studies/discussion sprints:
- National Cyber Security Strategy 2016 /2021 (UK)
- The DoD Cyber Strategry (USA)
Evening Break & Networking
Session Four
Information Security Management Systems
- Governance.
- Continual improvement.
- The human factor in the cyber security safety chain. Training and awareness.
- Internal audit.
- Monitoring progress.
Case studies/discussion sprints:
- ISMS continual improvement plans.
Summary of the course
- Closing remarks
- Certificate distribution