3rd Party Risk Management , Business Continuity Management / Disaster Recovery , Governance & Risk Management

Third-Party Risk Considerations During COVID-19 Crisis

Former CISO Brenda Ferraro on Key Risk Management Steps
Third-Party Risk Considerations During COVID-19 Crisis
Brenda Ferraro, vice president, Prevalent

As healthcare organizations navigate the COVID-19 crisis, they should take critical steps to improve their security posture and third-party security risk governance, says consultant Brenda Ferraro, the former CISO at Meritain Health, an Aetna subsidiary.

"You need to start thinking about the different security controls that are important for the way we are living today," says Ferraro, who now serves as a vice president at risk management firm Prevalent.

That means keeping in mind the surge in employees - including those at third-party providers - who now work from home, she says in an interview with Information Security Media Group. "You have to now step up your game in how you are protecting the network. ... Are you putting controls on certain ways that information is coming in and going out of your network based on all of these work-at-home environments?"

All work platforms in all locations that handle sensitive information "need to have key security controls implemented in an effort to make sure we're not weak and vulnerable based on the new way of working," she adds.

In the interview (see audio link below photo), Ferraro also discusses:

Ferraro is a vice president at risk management firm Prevalent. She previously led a number of organizations through control standardization, incident response, process improvements, data-based reporting and governance issues, including as CISO of Meritain, a subsidiary of Aetna that provides third-party administrator services. She also worked at Coventry, Arrowhead Healthcare Centers and PayPal/eBay.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.