Information Governance and Risk Management:
Policy, Procedures and Guidelines, Roles and Responsibilities, Risk Management Methodology: Qualitative & Quantitative, Information Risk Management Life Cycle, Risk Management Activities: Risk Assessment, Business Impact Analysis, and Risk Registers.
Regulatory Environment for Healthcare Organisations:
Identify Applicable regulations: Information Commissioner’s Office (ICO), Data Protection Act 1998/GDPR, Common Law Duty of Confidentiality, Freedom of Information Act 2000, Health and Social Care Act 2012, Access to Health Records 1990, Access to Medical Record Act 1988, Public Records Act 1958, Criminal Justice and Immigration Act 2008, Data Handling Review, Annual IG Toolkit, NHS Operating Framework, IG Assurance Framework, Human Rights Act 1998, Computer Misuse Act 1990, Privacy and Electronic Communication Regulations, PCI/DSS.
Healthcare Data Security:
Confidentiality, Integrity, Availability, Authentication and Accountability, Change Management, Access control, Password Management, Audit and Monitoring, Cyber Threat Identification and Management, Privacy Impact Assessment, Information Security Standard: ISO 27001, Asset Security: Asset Register, Information and asset classification, Ownership, Retention, Data security controls, Handling requirements (i.e. markings, labels, storage).
Third-Party and Supply chain Risk Management:
Definition of Third-Parties in Healthcare Context: Managed Service, Cloud Services, Suppliers, Third-Party Assessments and Audits, Third-Party Requirements, Remediation Efforts, Due Diligence and Due Care, Compliance.
Change Management, Business Continuity and Disaster Recovery Plan, Defence-in-depth, Network Security, Vulnerability and Patch Management, Training and Awareness.
Incident Response Management:
Understand the Cyber Threat, Prepare for the Cyber threat, Prepare Response Plan, Responding to a Cyber Incident, Incident Response Process, Evidence Collection and Preservation, Incident Investigation, Incident Reporting, and Root Cause Analysis.