AttackingWithout a standard set of security guidelines in the healthcare industry, companies determine their risk management process individually. Franciscan Health System, part of Catholic Health Initiatives, adopted the HiTrust Common Security Framework (CSF) and conducted a risk assessment across the organization. To meet the HiTrust control requirements, an IT security committee composed of CISOs and business leaders was formed to analyze risks as they were identified and determined who the stakeholders and sponsors of the action would be. This allowed Gregg Braunton, regional information security officer, to address risks as disparate as vendor management, USB encryption and email security. Join this session to learn how an agreed upon control framework and risk management process simplify the conversation to get business support for IT risks.