Post on 06-Aug-2020
1 855.HITRUST (855.448.7878) www.HITRUSTAlliance.net
© 2016 HITRUST Alliance
CyberRX 2.0- Health Plans Cyber Simulation Exercise April 2016
2 855.HITRUST (855.448.7878) www.HITRUSTAlliance.net
© 2016 HITRUST Alliance
Presenters
• Pete Renneker: Senior Manager, Cyber Risk Deloitte & Touche
• Dennis Palmer: Senior Security Analyst, HITRUST
3 855.HITRUST (855.448.7878) www.HITRUSTAlliance.net
© 2016 HITRUST Alliance
1) Introduction 2) What is CyberRX? 3) CyberRX History 4) CyberRX Purpose 5) CyberRX Design 6) Exercise execution – Pete Renneker-
Deloitte 7) Exercise results, lessons learned –Pete
Renneker- Deloitte 8) What’s next for CyberRX 9) Q&A
Agenda
4 855.HITRUST (855.448.7878) www.HITRUSTAlliance.net
© 2016 HITRUST Alliance
What Is CyberRX • CyberRX
– A series of no cost exercises to assess the cyber security response preparedness of healthcare organizations
– Participants include HITRUST, DHHS, Industry Partners
– Guidance includes government and industry leaders
5 855.HITRUST (855.448.7878) www.HITRUSTAlliance.net
© 2016 HITRUST Alliance
CyberRX History • CyberRX Originated in 2013
– First exercise in early 2014
• CyberRX 2.0 Developed in mid 2014 – Included lessons learned from CyberRX 1.0
• CyberRX 2.0 Playbook released late 2014 • CyberRX 2.0 Exercises run from October 2014-Feb 2016
6 855.HITRUST (855.448.7878) www.HITRUSTAlliance.net
© 2016 HITRUST Alliance
CyberRX Purpose
• CyberRX is designed to provide feedback to leadership concerning corporate preparedness for a Cyber Event.
• Completing a CyberRX scenario will result in the knowledge that event recovery and mitigation efforts are functioning properly.
7 855.HITRUST (855.448.7878) www.HITRUSTAlliance.net
© 2016 HITRUST Alliance
CyberRX Design • CyberRX is designed to allow companies to select the size and complexity that provides the greatest benefit. Smaller organizations may chose a level one scenario, with basic inputs and expected response sets. Larger or more mature organizations may select a level two or level 3 scenario which allows them to exercise the full scale of responses to a cyber event.
8 855.HITRUST (855.448.7878) www.HITRUSTAlliance.net
© 2016 HITRUST Alliance
CyberRX
• Pete Renneker: Senior Manager, Cyber Risk Deloitte & Touche
9 855.HITRUST (855.448.7878) www.HITRUSTAlliance.net
© 2016 HITRUST Alliance
CyberRX- What’s Next
• Level II and Level III exercises offer more mature organizations the opportunity to take their Level I successes and continue to refine their processes, and coordinate with other organizations at the Level II and Level III exercises.
• Requires successful completion of Level I (Certificate )
10 855.HITRUST (855.448.7878) www.HITRUSTAlliance.net
© 2016 HITRUST Alliance
CyberRX- Q&A
• Q&A • Audience Comments
11 855.HITRUST (855.448.7878) www.HITRUSTAlliance.net
© 2016 HITRUST Alliance
Visit www.HITRUSTAlliance.net for more information
To view our latest documents, visit the Content Spotlight