Ronald Mehring, Chief Information Security Officer at Texas Health Resources, discussed what it takes to build a risk-driven security program during his presentation at the 2015 Chief Information Security Officer Leadership Forum in Dallas on Oct. 21. In his presentation, Mehring pointed out that obsolete security infrastructures often prevent organizations from developing effective security programs.
According to Mehring, addressing regulatory concerns and technology requirements is a major concern for many organizations. However, he noted that data can help organizations find the best possible ways to secure their sensitive information and address various requirements: "I want to implement control A, I want to implement process A, whatever it is, it’s easy to say that and it’s easy to put it on a piece of paper. It’s a whole different thing to justify and then execute that. It really required us to drive through this complexity with data."
In addition, Mehring said linking security and compliance together can help organizations deploy successful security programs. If organizations consider the benefits of evidence-based practices as well, Mehring said, they can protect their sensitive information at all times: "The only way to bring leadership into this equation is by giving them something that they all can link into and a lot of times, the data is the common denominator. It’s one thing to be a passionate leader. That will get you only so far. The next thing, there will be those who want to see the data and want to see the evidence. So evidence-based practices."