This year, healthcare information security professionals faced a dilemma: whether to attend RSA 2014 in San Francisco or the annual HIMSS conference in Orlando, put on by the Healthcare Information and Management Systems Society. Usually the two events are held on separate weeks - often back-to-back - but this year they are scheduled concurrently.
See Also: Rethinking Endpoint Security
It's possible, of course, to split your week and attend parts of both events. For those healthcare security pros attending RSA 2014 - in whole or in part - there are plenty of meaty topics of appeal. A review of the RSA 2014 agenda shows several seminars, panels and speakers of particular interest to healthcare-focused attendees. Some of my recommendations:
Mobile Device Security
Because so many major health data breaches involve lost or stolen mobile devices, healthcare security pros might consider taking advantage of a mobile security tutorial being offered by the SANS Institute.
The two-day course, called simply "Mobile Device Security" takes place Sunday, Feb. 23, and Monday, Feb 24, from 9 a.m. to 5 p.m. in Moscone West, Room 3008. This offering is designed to teach attendees about the threats mobile devices pose. The hands-on class will offer lectures, labs and real-world insights. Larry Pesce, a SANS certified instructor, is leading the course. FYI, he's now a senior security analyst with InGuardians, but he previously worked in security and disaster recovery in healthcare, performing penetration testing, wireless assessments and hardware hacking.
Medical Device Hacks
If you'll be attending RSA later in the week, consider the session: "Turning Medical Device Hacks into Tools for Defenders," scheduled for Thursday, Feb. 27, from 10:40 a.m. to 11:40 a.m. in Moscone West, Room 3006. The session will be led by consultants Jamie Gamble and Tim West of Accuvant Inc. They'll discuss research that compiles cybersecurity threats and vulnerabilities into guidelines for the security community for hardening or assessing medical devices. "Our hope is to help manufacturers, clinicians and practitioners in securing their environments," the presenters say.
Another session of interest to healthcare security pros is: "Anatomy of a Data Breach: What You Say (or Don't Say) Can Hurt You," that's taking place on Tuesday, Feb. 25, from 2:40 p.m. to 3:40 p.m. in Moscone West, Room 2020. The session will look at the critical do's and don't's for post-breach communication, including what to say (and what not to say), who to involve and when and how to inform customers, regulators and the media. Panel participants include Tom Field, vice president of editorial at Information Security Media Group; Alan Brill, senior managing director, Kroll; Michael Bruemmer, vice president of Experian Data Breach Resolution; and Ronald Raether, partner at law firm Faruki Ireland & Cox P.L.L.
Privacy vs. Security
Health data security professionals seeking a better understanding of privacy issues should consider attending the seminar, "Privacy Intensive for Security Professionals: Are You Prepared?" that's slated for Monday Feb. 24, from 1:30 p.m. to 5:30 p.m. in Moscone West, Room 2002. The event, hosted by the International Association of Privacy Professionals, will help attendees understand why privacy is an increasingly bigger concern and a growing requirement in an information security professional's day-to-day job responsibilities.
Finally, healthcare security leaders might want to check out a session that could prove helpful to their own career advancement. "Information Security Leadership Development: Surviving as a Security Leader" is slated for Monday, Feb. 24, from 8:30 a.m. to 11:30 a.m. in Moscone West, Room 3018. A panel of security, risk management and privacy experts will discuss topics ranging from "making regulations and audit work for you" to "developing cross-functional leadership skills." Among the panelists: Doug Graham, senior director, risk management, EMC Corp.; Robert West, chief security officer, Intelligent ID; and Dennis Devlin, CISO, CPO and senior vice president of privacy practice, SAVANTURE.
There's plenty more to experience at RSA 2014, of course - we haven't even scratched the surface. I look forward to hearing from you about all the highlights of the event.