Cris Ewell, Chief Information Security Officer (CISO) at Seattle Children’s Hospital, discussed how organizations can protect their sensitive information against cyber threats during his presentation at the 2015 CISO Leadership Forum in San Francisco on May 19. In his presentation, Ewell noted that exploring data protection from a cybercriminal's perspective can help an organization find the best ways to safeguard its sensitive information at all times.
According to Ewell, traditional security practices are no longer acceptable for organizations that want to safeguard their data. Instead, Ewell said organizations should consider all of the IT security technologies that are available to find the best solutions. By doing so, Ewell pointed out that organizations can move beyond simple passwords to secure their sensitive information: "We’ve got to get over passwords. ... That’s not [a] good practice. We have to figure out what are those things that we should not do anymore and replace that with things that actually impact the risk of the organization."
In addition, Ewell said risk management is key for organizations of all sizes. If an organization deploys the proper steps to minimize risk, he said, it can protect its sensitive information for years to come: " Risk management, it’s the absolute center of everything I do. ... IT cannot solve this problem by [itself]. This is an enterprise-wide program and it starts at the very top. We see that it's organizational authority up here in the yellow, that is absolutely critical."