Professional Documents
Culture Documents
Health Sector Cybersecurity Strategic Plan - VF
Health Sector Cybersecurity Strategic Plan - VF
RUI GOMES
Head of Information Systems, SPMS
30.11.2016
+ +
Centralize Optimize Rationalize
10 Million People
50 Public Hospitals
60 ICT solutions
The Challenge
MIM@UF WEBGDH
Presentation Goals
A common
strategy is
challenging to
implement since it
can’t be imposed
The Challenge
Acknowledge
Example
Make sure everyone
Trojans are used by criminals and encrypt
acknowledges the situation and
some or all hard drives
understands the risks and impact
Ransomware encryption
Lock Screen
Solution
Solution
Awareness and
Daily Backups Good Endpoint
Training for Users
Keep systems and Protection Solutions
programs updated Using Network
Protections
Solution
Remaining Risk
Look at security in a
different way
Effective Collaboration
Special Partners
Solution – Program Management
Q1 Q2 Q3
Track 00 Program Coordination
Out of Scope
Solution – Program
2015 2016 2017
Q4 Q1 Q2 Q3 Q4 Q1 Q2
Following eSIS Risk & Security Continuous Improvement Program
TRACK 00
Program Identifying Security commitments and activities assumed by PE
Coordination
Defining the Information Security Initiative Protection’s Scope
Elaborating a Risk and Crytical Services Analisys Prototype Adopting a Identity Management System at SPMS
Adopting a Information Security Incident Registration System Disaster Recovery Implementation
Adopting Procedures for Business Continuity
Ongoing Quick-Fix
Resources
3. Information Security Policies, standards and Services, Infrastructure & People and
Information Applications
Risks Associated Competences
Data/Information Architecture
Critical Security Control #1: Critical Security Control #2 Critical Security Control #3 Critical Security Control #4
Inventory of authorized and Inventory of authorized and Secure Configurations for Continuous Vulnerability
Unauthorized Devices Unauthorized Software Hardware and Software Assessment and Remediation
Critical Security Control #17 Critical Security Control #19 Critical Security Control #20
Critical Security Control #18
Security Skills Assessment and Incident Response and Penetration Tests and Red Team
Application Software Security
Appropriate Training to Fill Gaps Management Exercises
Based on “The Center for Internet Security Critical Security Controls for Effective Cyber Defense Version 6.0. SANS”
Solution
? !
eSIS 21
3 34
HEALTH SECTOR
GLOBAL MATURITY
83%
94%
39%
?
28%
46%
17% SPMS
2
3
01 10
Solution – Risk and Security Dashboards
Good Practices
and Guidelines SPMS Local Local Local Local Local Local Local TOTAL
Inst. Inst. Inst. Inst. Inst. Inst. Inst.
Security Related 92% 88% 66% 79% 98% 87% 94% 91% 86%
Guidelines
Goals
Governance and
Management Guidelines 42% 5% 17% 3% 27% 9% 21% 9% 19%
Enablers
Operational
Resources & Guidelines 69% 52% 60% 41% 89% 51% 48% 59% 58%
Practices
Continuous
TOTAL 71% 48% 47% 41% 71% 49% 54% 53% 57% Improvement
Overview
Solution
Thank You
rui.gomes@spms.min-saude.pt
Risk and Security Management Strategy
VIDEO