8 Tough Questions Every CISO Should Be Ready to Answer

8 Tough Questions Every CISO Should Be Ready to Answer

When a major security incident, such as the recent massive Equifax data breach, grabs headlines, CEOs start asking more questions about data security.

See Also: Addressing the Identity Risk Factor in the Age of ‘Need It Now’

CISOs need to be thinking about their answers to critical questions the CEO is likely to pose.

Information Security Media Group asked seven security experts what questions they believe CEOs should be asking CISOs, and what information CISOs should arm themselves with to be prepared to provide answers. Following are eight questions and the experts’ suggested responses.

We have been investing in cybersecurity for a few years now. Would you say our organization is secure?

Israel Bryski, vice president, technology risk, Goldman Sachs: To pre-empt this question, the CISO should have a conversation early on with the CEO to determine the organization’s risk appetite. This will allow the CISO to align and prioritize security initiatives accordingly.

We are in the business of information and technology risk management, so the “Are we secure?” question is somewhat misguided. The question should be: “Are we managing risk according to our risk profile?” To answer this, the CISO should be able to easily demonstrate, based on a recent risk assessment, how the various cybersecurity initiatives and projects are in fact reducing risk, shrinking the attack surface of the organization and aligning the security program with the firm’s overall risk profile.

We have a board meeting next week. Can you talk about cybersecurity in a way they will understand?

Mischel Kwon, former director of US-CERT and deputy CISO for the Department of Justice; currently CEO of MKACyber: CISOs should be able to confidently say “absolutely” to this question. They should be able to speak with the board in a very businesslike way and articulate what they are doing with the company’s money and how they are protecting the company and its assets.

The key to being able to speak to the board is to base their program on a business-focused model. That business model shows their capability founded on their maturity, and that maturity is based on the probability of detecting specific types of attacks. These are the type of attacks that are most likely to happen to them, and this is the risk to the business, its goals and its reputation that these attacks bring.

Do you have enough money to do what you need to do?

Tim Youngblood, CISO, McDonald’s: Depending on where CISO sits, this can be a hairy topic. That can be a difficult conversation to say “I’m not getting enough.” It’s not easy if the CIO is in the room.

The best way to answer that is, “We may have current risks we are really well-funded to address, but there may be future risks we’ll need to fund and we still have some work to figure that piece out.”

A CEO is not going to write you a blank check. The CEO is going to look at the CFO and CIO and say, “The CISO needs money. You take it out of your budget and make it happen.” There is not an extra pot of money waiting for anyone, so making the clear case for why it is needed is key.

Is this really worth the investment?

Heath Renfrow, CISO at U.S. Army Medicine: The best thing a CISO can do when asked this question is have multiple options they can present to the CEO. Explain to them: Here’s the full issue. This is the total cost to fix this issue. This is what we believe the cost will be if this issue doesn’t go away and how much it will be should the vulnerability be exploited.

As an example, we didn’t know not know where our protected health Information and personal identifying information resided across all systems when I first got to Army Medicine. It would be a huge HIPAA concern if we got hit on that, or if there was a leak or a violation. It could have cost millions of dollars and many jobs. I tied in the overall cost and broke it down to how much it would be per end-user device to address it and it came out to be an about $3.43 per end-user device. Then I tied in all the results of HIPAA violations in the past few years and the fines associated with them. You get your senior leaders attention real quick with that approach.

Rick Howard, CSO, Palo Alto Networks, adds: Questions like this are sure to arise as corporate leadership attempts to understand the business risk associated with a cyberattack. As a result, CIO/CISOs should be prepared to explain the total cost of a potential breach. Everything from business disruption and loss of customers to consequential legal fees and remediation can rack up the bill more quickly than leadership may realize.

Read More: http://snip.ly/q0zie#https://www.bankinfosecurity.com/8-tough-questions-every-ciso-should-be-ready-to-answer-a-10357

Ensuring the accuracy, reliability and consistency of analytical data in laboratories

Ensuring the accuracy, reliability and consistency of analytical data in laboratories

The basic reason for which analytical methods and procedures need to be validated is to ensure that analytical data have consistency, accuracy and reliability. This becomes possible when laboratories employ proper scientific methods and procedures and validate analytical methods and procedures. This is the only means to ensure that the analytical data are reliable, consistent and accurate.

The aim of doing so is to substantiate the suitability of intended use of a particular test. It also confirms that the quality, purity, identity and strength parameters required for a product produced in the laboratory are fulfilled in the required and set measure.

The acute need for validation of analytical data

A number of reasons can be ascribed for why analytical data has to be validated for the criteria described above:

  • The quality of the data is best indicated and assessed by validation;
  • This is a means to ensure the trustworthiness of the analytical data;
  • All these steps – validation, verification and transfer of analytical methods -are set out by regulatory the different regulatory bodies such as the FDA and the EMA, and standards such as the USP and ICH requirements, and are thus part of regulatory requirements.

Method validation and compendial methods

Ensuring the accuracy, reliability and consistency of analytical data in laboratories3

Lately, regulatory agencies and industry task forces have been taking a more than cursory interest in method validation. The FDA, as well as the EMA, have recently come up with guidelines on method validation and transfer. Also, USP has proposed new chapters for approaches to the following important areas:

  • Integrated validation
  • Verification and transfer of analytical procedures
  • Equivalency testing and for statistical evaluation.

Compendial methods

That compendial methods are verified needs to be demonstrated in two aspects:

  • The suitability of laboratories to successfully run the method, and
  • To demonstrate through testing that transfer of methods, when carried on between laboratories, is successful. When a laboratory intends to use an alternative method in place of a compendial method, verification of compendial measures should establish the equivalency of the alternative method.

Complete learning on validation, verification and transfer of analytical methods

Ensuring the accuracy, reliability and consistency of analytical data in laboratories1

All the issues relating to validation, verification and transfer of analytical methods will be taught during a two-day seminar from GlobalCompliancePanel, a leading provider of professional trainings for all the areas of regulatory compliance. Ludwig Huber, the director and editor of Labcompliance, the global online resource for validation and compliance and highly respected author of several books on compliance, will be Director at this seminar.

Interested in gaining complete knowledge of all areas relating to validation, verification and transfer of analytical methods? Then, please register for this seminar by visiting Ensuring the accuracy, reliability and consistency of analytical data in laboratories.

This course has been pre-approved by RAPS as eligible for up to 12 credits towards a participant’s RAC recertification upon full completion.

Meaningful learning over two days

Ensuring the accuracy, reliability and consistency of analytical data in laboratories4

Dr. Huber will familiarize participants of this event with the background needed for getting a proper understanding of the requirements that need to go into validation, verification and transfer of analytical methods. The strategies needed for this, which he will explain, will constitute an even more significant learning.

The Director of this seminar will provide tools to implement most critical requirements, along with templates and examples for developing inspection-ready documentation. At this highly interactive seminar, Dr. Huber will augment the workshop with exercises into and between the presentations. Around half of the total time will be dedicated to practical sessions with real life examples.

Participants will also be offered a variety of tools that the Director of this seminar will offer them, such as SOPs, validation examples and checklists. All of these will be made readily available on a dedicated website, and can be used to easily implement the learning gained in the course.

 

Ensuring the accuracy, reliability and consistency of analytical data in laboratories

Ensuring the accuracy, reliability and consistency of analytical data in laboratoriesThe basic reason for which analytical methods and procedures need to be validated is to ensure that analytical data have consistency, accuracy and reliability. This becomes possible when laboratories employ proper scientific methods and procedures and validate analytical methods and procedures. This is the only means to ensure that the analytical data are reliable, consistent and accurate.

The aim of doing so is to substantiate the suitability of intended use of a particular test. It also confirms that the quality, purity, identity and strength parameters required for a product produced in the laboratory are fulfilled in the required and set measure.

The acute need for validation of analytical data

Ensuring the accuracy, reliability and consistency of analytical data in laboratories3

A number of reasons can be ascribed for why analytical data has to be validated for the criteria described above:

  • The quality of the data is best indicated and assessed by validation;
  • This is a means to ensure the trustworthiness of the analytical data;
  • All these steps – validation, verification and transfer of analytical methods -are set out by regulatory the different regulatory bodies such as the FDA and the EMA, and standards such as the USP and ICH requirements, and are thus part of regulatory requirements.

Method validation and compendial methods

Lately, regulatory agencies and industry task forces have been taking a more than cursory interest in method validation. The FDA, as well as the EMA, have recently come up with guidelines on method validation and transfer. Also, USP has proposed new chapters for approaches to the following important areas:

  • Integrated validation
  • Verification and transfer of analytical procedures
  • Equivalency testing and for statistical evaluation.

Compendial methods

That compendial methods are verified needs to be demonstrated in two aspects:

  • The suitability of laboratories to successfully run the method, and
  • To demonstrate through testing that transfer of methods, when carried on between laboratories, is successful. When a laboratory intends to use an alternative method in place of a compendial method, verification of compendial measures should establish the equivalency of the alternative method.

Complete learning on validation, verification and transfer of analytical methods

All the issues relating to validation, verification and transfer of analytical methods will be taught during a two-day seminar from GlobalCompliancePanel, a leading provider of professional trainings for all the areas of regulatory compliance. Ludwig Huber, the director and editor of Labcompliance, the global online resource for validation and compliance and highly respected author of several books on compliance, will be Director at this seminar.

Interested in gaining complete knowledge of all areas relating to validation, verification and transfer of analytical methods? Then, please register for this seminar by visiting Ensuring the accuracy, reliability and consistency of analytical data in laboratories.

This course has been pre-approved by RAPS as eligible for up to 12 credits towards a participant’s RAC recertification upon full completion.

Meaningful learning over two days

Ensuring the accuracy, reliability and consistency of analytical data in laboratories1

Dr. Huber will familiarize participants of this event with the background needed for getting a proper understanding of the requirements that need to go into validation, verification and transfer of analytical methods. The strategies needed for this, which he will explain, will constitute an even more significant learning.

The Director of this seminar will provide tools to implement most critical requirements, along with templates and examples for developing inspection-ready documentation. At this highly interactive seminar, Dr. Huber will augment the workshop with exercises into and between the presentations. Around half of the total time will be dedicated to practical sessions with real life examples.

Participants will also be offered a variety of tools that the Director of this seminar will offer them, such as SOPs, validation examples and checklists. All of these will be made readily available on a dedicated website, and can be used to easily implement the learning gained in the course.

 

Flu vaccine: NHS patients wanted to test ‘universal’ jab

Flu vaccine NHS pa

Researchers are seeking about 500 NHS patients to try out a new “universal” vaccine against seasonal flu.

The experimental vaccine works differently from the one currently available, which has to be remade each year based on a “best guess” of what type of flu is likely to be about.

The new jab targets part of the virus that does not change each year.

This means the vaccine should work against human, bird and swine flu, say the team at University of Oxford.

It will offer people better protection, they believe.

Extra protection

Immunisation is the best defence we have against flu but it is not always effective.

Last winter’s vaccine cut the risk of flu in adults under the age of 65 by about 40%, but barely worked in people over 65, despite being a good match for the type of flu in circulation.

As people age, their immune systems are often weaker and their bodies may not respond as well to a vaccine as younger people’s bodies.

Prof Sarah Gilbert and colleagues believe that using their vaccine alongside the current one could help.

It is the world’s first widespread human testing of such a vaccine, according to the National Institute for Health Research, which is supporting the project.

 

Flu vaccine.jpg

Patients aged 65 or older and living in Berkshire and Oxfordshire will be invited to take part in the trial.

Half of the 500 volunteers will receive the usual seasonal flu jab and a placebo or dummy jab, while the other half with get the regular vaccine plus the new experimental one.

Read More: http://snip.ly/dqyht#http://www.bbc.com/news/health-41467097

Program for parents improves ADHD behaviors in young children

Program for parents improves ADHD beha

A program that focuses on strengthening parenting skills also improves symptoms of Attention Deficit/Hyperactivity Disorder (ADHD) in 3-8 year-olds, according to researchers at the at the University of North Carolina at Chapel Hill. FPG scientists completed a rigorous review of evidence that demonstrated the effectiveness of the “Incredible Years Basic Parent Program.”

“Prior research already has shown that this program improves behavior difficulties in young ,” said Desiree W. Murray, FPG’s associate director of research. “This review provides new evidence specifically about its effectiveness for ADHD symptoms.”

Murray explained that not only reported sustained improvements for their children’s ADHD behaviors, but also for their social skills and interactions with peers.

She said effective early intervention is crucial for young children with ADHD, due to the unfavorable short-term and long-term outcomes associated with the disorder.

“ADHD in preschoolers can bring conflict with family members, and it carries elevated risk of physical injuries and suspension or expulsion from child care settings,” Murray said. “Negative trajectories over time can include the development of other psychiatric disorders and difficulties with social adjustment.”

Previous studies have also shown that children with ADHD struggle academically, with lower test scores and higher risk of dropping out of high school.

“We can help to prevent the wide array of negative outcomes that are associated with ADHD,” Murray said. “We believe the most effective intervention approaches may be those that target preschoolers with symptoms of ADHD but who have not yet met the full criteria for diagnosis with ADHD.”

Murray and her team, which included FPG research scientist Doré R. LaForett and UNC doctoral student Jacqueline R. Lawrence, screened 258 studies and narrowed their list to 11 studies that met stringent criteria for rigor and methodology. The evidence—primarily parent reports—showed the effectiveness of the Incredible Years Basic Parent Program for ADHD behaviors in young children. The Journal of Emotional and Behavioral Disorders recently published the results of the team’s review.

The Incredible Years Basic Parent Program is designed for parents of high-risk children and those who display behavioral problems. It focuses on helping parents strengthen relationships with their children, providing praise and incentives, setting limits, establishing ground rules, and effectively addressing misbehavior.

Read More: http://snip.ly/kj65u#https://medicalxpress.com/news/2017-10-parents-adhd-behaviors-young-children.html

 

With Macy Foundation Grant, Drexel Teams with 12 Institutions to Enhance Professionalism in Medical Education

Professionalism in Medica.jpg

The Josiah Macy Jr. Foundation has awarded a grant to Drexel University faculty to support the dissemination and enhancement of an online resource for teaching future health care providers about professionalism in medicine — including empathy, compassion, honesty, ethics and social justice.

Dennis Novack, MD, associate dean of medical education at the College of Medicine, was previously awarded a grant to create ProfessionalFormation.org (PFO), an online resource for professionalism learning, assessment, remediation and research in clinical education. With the support of the Macy Foundation, Novcack and Kymberlee Montgomery, DNP, chair of the Department of Advanced Practice Nursing in the College of Nursing and Health Professions, are working with a variety of institutions to disseminate and enhance this resource for over 30 health care education schools across the country.

“This generous grant will enable us to address the challenge of generating new educational resources for the entire health care education community. We will also publish educational research that contributes to a growing national understanding of the components of effective teaching and learning of professionalism and interprofessional care,” Novack said.

Teaming up with Drexel University are 12 institutions including: Alabama College of Osteopathic Medicine, Albert Einstein College of Medicine, Commonwealth Medical College, Duquesne University, Indiana University, Jefferson College, Ohio State University, Southeastern Louisiana University, Stony Brook, University of Pennsylvania, University of Texas – Rio Grande Valley and Western Michigan University School of Medicine. Each of these institutions is affiliating with colleges, such as nursing, pharmacy, physician assistants, dentistry and others for this unique collaboration.

“Leaders in health professions education have worried about the professional image of health care clinicians, and the public’s declining trust in health professionals. Managed care has grown, clinical care has become more fragmented, and there has been adverse publicity about errors in care,” Montgomery said. “A new paradigm for care demands commitments to professional values, and skills in working in teams. We are partnering with these institutions to enhance and expand their education in professionalism and interprofessional care. To practice together, it is essential to learn together.”

The American Board of Medical Specialties defines medical professionalism as a “belief system in which group members declare to each other and the public the shared competency standard and ethical values they promise to uphold in their work and what the public and individual patients can and should expect from medical professionals.” Central to those decelerations is a focus on an ethical value system, the knowledge and technical skills necessary for good medical practice and the interpersonal skills necessary for working with patients and colleagues.

Read More: http://snip.ly/4km9u#http://drexel.edu/now/archive/2017/September/Macy-Foundation-Grant-Professionalism/

Rise in HIV diagnoses among people over 50 in Europe

Rise in HIV dia

Between 2004 and 2015, the number of new HIV diagnoses increased by 2.1% each year among this age group, with people over 50 accounting for 17.3% of new HIV cases diagnosed in Europe in 2015.

Experts argue sexual health programs should increasingly target this demographic, as well as the younger population.

“Our findings suggest a new direction in which the HIV epidemic is evolving,” said Lara Tavoschi, a scientific officer at the European Center for Disease Prevention and Control (ECDC), who led the study published Tuesday in the medical journal Lancet HIV. “We see a steady increase in the number of new (HIV) diagnoses among older adults in the region.”

The route of transmission was mostly heterosexual, Tavoschi confirmed.

“We need to increase awareness campaigns among older age groups,” she told CNN.

Rise for some, fall for others

Using routine annual surveillance data from 31 countries, reported to the European Surveillance System between 2004 and 2015, the team at the ECDC analyzed new HIV diagnoses among people aged 15 and above.

The rate of HIV diagnosis among people over 50 increased in 16 countries, including Germany, Ireland and Belgium, and decreased in just one country, Portugal.

Rates were highest in Estonia, Latvia and Malta, where more than seven new cases were diagnosed per 100,000 older people by 2015. Numbers also increased among younger people in these countries, aged 15 to 49 years.

In certain countries, however, such as the United Kingdom and Norway, new diagnoses went down among young people, but increased in the over-50 population, with more than a 3.6% increase in newly diagnosed HIV cases each year in both of these nations.

“This is a result of successful awareness campaigns that may not have targeted older adults enough,” Tavoschi said, speculating on one reason behind the trend.

England has a national HIV prevention program in place, for example, using local activities and social marketing to promote national HIV testing weeks and a campaign called “It starts with me” to increase testing and condom use, reduce stigma and inform people about sexually transmitted infections and practicing safe sex.

Previous studies have shown a stigma attached to older people having a sex life being at play, added Tavoschi, and the lack of sex assumed among this age group “is not a real reflection of what is happening in this group today,” she said, preventing health care providers from discussing sexual health with older patients.

The data also showed that while diagnoses among men are rising among younger and older people across Europe, the numbers are decreasing among younger women, but increasing among older ones. For now, “it’s unknown why,” Tavoschi told CNN.

 

Read More: http://snip.ly/hhins#http://edition.cnn.com/2017/09/26/health/hiv-increase-among-older-50s-europe-study/index.html