Third-Party Risk Considerations During COVID-19 CrisisFormer CISO Brenda Ferraro on Key Risk Management Steps
As healthcare organizations navigate the COVID-19 crisis, they should take critical steps to improve their security posture and third-party security risk governance, says consultant Brenda Ferraro, the former CISO at Meritain Health, an Aetna subsidiary.
"You need to start thinking about the different security controls that are important for the way we are living today," says Ferraro, who now serves as a vice president at risk management firm Prevalent.
That means keeping in mind the surge in employees - including those at third-party providers - who now work from home, she says in an interview with Information Security Media Group. "You have to now step up your game in how you are protecting the network. ... Are you putting controls on certain ways that information is coming in and going out of your network based on all of these work-at-home environments?"
All work platforms in all locations that handle sensitive information "need to have key security controls implemented in an effort to make sure we're not weak and vulnerable based on the new way of working," she adds.
In the interview (see audio link below photo), Ferraro also discusses:
- Other critical supply chain and third-party risk management and governance considerations;
- The importance of strong business resilience plans during the coronavirus outbreak.
- Security lessons emerging so far from the COVID-19 crisis.
Ferraro is a vice president at risk management firm Prevalent. She previously led a number of organizations through control standardization, incident response, process improvements, data-based reporting and governance issues, including as CISO of Meritain, a subsidiary of Aetna that provides third-party administrator services. She also worked at Coventry, Arrowhead Healthcare Centers and PayPal/eBay.