Extra than ever, provider and payer organizations note the price of analytics and data visualization, and bear change into adept at monitoring and reporting a galaxy of metrics and key efficiency indicators to be aware their scientific, financial and operational smartly-being.
Or now not it is equally crucial when working and adapting effective cybersecurity purposes, as Omar Khawaja, chief recordsdata security officer of Highmark Effectively being, will expose next week at the HIMSS Healthcare Cybersecurity Discussion board.
In his session, “Measuring Cybersecurity Program Metrics,” he’ll assert how he has overhauled his cybersecurity reporting and metrics communications – offering tips on win out an efficient reporting platform and giving examples of program templates which bear served him smartly.
“What’s measured is managed,” talked about Khawaja, quoting the famed enterprise maxim from consulting pioneer Peter Drucker.
Nonetheless dimension has its boundaries. And too many organizations utilize a haphazard or gratuitous ability to the KPIs they be aware.
“Don’t measure correct on legend of it is convenient, which is a mistake we on a conventional foundation compose,” talked about Khawaja. “Including me. I frail to have measuring more metrics changed into better. After which I seen that changed into now not truly a natty contrivance of occupied with it.”
“Metrics are most efficient precious when inserted correct into a task. In any other case, they’re treasure a stack of batteries – a total bunch doable, nonetheless exactly zero price.”
Omar Khawaja, Highmark Effectively being
As an change, for every measure, “it is super crucial to in point of fact establish who it is for, and the contrivance they truly idea to employ the facts,” he talked about. “Something treasure 70% of all reviews, now not a single person looks to be at them. That you just would possibly maybe must know who your viewers is after which utilize care of them accordingly.”
Or now not it is crucial, alternatively, to establish appropriate metrics as rapidly as that it is likely you’ll per chance per chance take into consideration.
“Don’t wait except later,” talked about Khawaja. To affirm “I’m now not truly sure where I travel and what to measure, nonetheless why don’t I travel initiate up my travel, after which I travel to resolve out alongside the components where I travel,” he outlined. “Within the event you are going to desire to travel east, nonetheless cease up driving west, now you correct wasted heaps of time.”
There are myriad doable trackable metrics, from intrusion makes an strive and unidentified devices to patching cadence and Third-occasion vendor bona fides. Or now not it is crucial too, pointless to claim, to be taught tabs on KPIs equivalent to indicate time to detection and backbone of security incidents.
Khawaja uses the MECE metric – “mutually abnormal, collectively exhaustive” – to again be sure every person related metrics are compiled and communicated to the stakeholders who must know them.
“It could per chance most likely per chance maybe be every little thing that they care about,” he talked about. “And there must be no two measures that truly overlap with every other.”
On the Cybersecurity Discussion board, Khwaja will additionally talk about pork up data visualization and dashboard presentation – and translate that data into motion.
“You would possibly maybe per chance per chance per chance first initiate up by correct exhibiting what the numbers are, then it is likely you’ll per chance per chance assert some roughly trending – how are we doing in comparison with sooner than, then it is likely you’ll per chance per chance overview against others.
“Nonetheless then it is likely you’ll per chance maybe bear got to integrate it in your task,” he added. “Within the event it is likely you’ll per chance maybe bear got heaps of measurements nonetheless you are now not truly doing the relaxation with them, then it is some distance now not truly precious. Metrics are most efficient precious when inserted correct into a task. In any other case, they’re treasure a stack of batteries – a total bunch doable, nonetheless exactly zero price.”
In phrases of spurring principal modifications from these metrics, Khawaja notes the price of the employ of gamification. “People treasure gamification, which truly outcomes in exact outcomes.”
Most importantly, when reporting metrics and KPIs, it is needed to be taught your viewers and their targets in mind.
“If I must meet with the board of directors to recount to them exactly how concerned they must be about cyber menace, I will put a dashboard collectively that talks about that,” he talked about.
“Or if I must put some metrics collectively to share with the capital committee, why I want more funds, that’s going to be an extraordinarily assorted situation of KPIs. Or if I must travel to the infrastructure crew and expose to them that they must be patching more on a conventional foundation, that would additionally be entirely assorted.”
Commercial leaders desire to explore metrics about enterprise menace, he talked about. “Nonetheless if someone’s in IT, or on the applying crew or a pattern engineer, I will talk about that.”
Omar Khawadja’s digital presentation, “Telehealth and Far away Affected person Care: Overcoming Facts Security Challenges,” is scheduled for 3: 40 p.m. ET on Tuesday, December 7, at the HIMSS Healthcare Cybersecurity Discussion board.
Twitter: @MikeMiliardHITN
E-mail the author: [email protected]
Healthcare IT Facts is a HIMSS publication.
