Clearwater Presents:

2019 CISO Virtual Cybersecurity Symposium™

During this 5-session workshop designed for healthcare CISOs, we will discuss the current risk landscape and the steps that organizations are taking to assess, respond and monitor information risks effectively.


Faced with an onslaught of threats these days, healthcare chief information security officers (CISOs) need to take a deep breath and focus on cybersecurity best practices. The number and frequency of these threats—ransomware, cryptocurrency mining, data-stealing malware, advanced persistent threats, malicious insiders, and careless employees, to name a few—can be overwhelming. It can feel like healthcare CISOs and their teams are always one step behind the well-funded bad guys.

Join Clearwater's experienced faculty of presenters for in-depth insights and earn CEUs!

Session Details: 

August 1 | Session 1

Module 1 - The Evolving Cyber Risk Landscape: True Stories from the Field 

Using relevant healthcare Cyber Risk Management case studies, this module will set the foundation for the key learning objectives of the Symposium.  Key topics explored include how cyber risk is evolving from Compliance Risk to Security Risk to Patient Safety Risk to Medical Professional Liability  Risk and, as a result, how CIOs must lead their organizations to take a much more strategic, business-oriented and architectural approach to Cyber Risk Management.

Presenter: Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US,  Executive Chairman, Clearwater LinkedIn



Module 2 - OCR Enforcement: Past, Present, and Future

This presentation will examine OCR HIPAA enforcement. Trends over time in enforcement activity and violations will be discussed. In addition, we will discuss what OCR is currently focused on and discuss the future of enforcement.

Presenter: Jon Moore, MS, JD, HCISPP, Chief Risk Officer & SVP, Professional Services, Clearwater LinkedIn



August 8 | Session 2

Module 3 - A Framework for Analyzing Cyber Risk

The healthcare industry continues to trail behind other industries in cyber preparedness, making this important part of our critical infrastructure a top target.  After years of working to comply with HIPAA and spending hundreds of millions to recover from attacks and breaches, how do we get our arms around this?  This module will focus on the benefits of using a framework to analyze your cyber risk, identify exposures and structure your program to improve your overall information risk management posture.

Presenter: Cathie Brown, CGEIT, PMP, CISM, CISSP, VP of Professional Services, Clearwater LinkedIn



Module 4 - Common Risk Analysis Failures

Attendees will hear directly from former OCR Deputy Director, Both provide insight into why so many healthcare organizations struggle to meet the HIPAA Security Rule, particularly Risk Analysis requirements.  Additionally, they will explain the specific top reasons why organizations are failing to meet the OCR standard for a comprehensive risk analysis.

Co-Presenter: Jon Moore, MS, JD, HCISPP, Chief Risk Officer & SVP, Professional Services, Clearwater LinkedIn



Co-Presenter: Iliana Peters, JD, CISSP, Former Deputy Director of OCR/HHS, Shareholder, Polsinelli Law LinkedIn



August 15 | Session 3

Module 5 – Developing an OCR-Proof Risk Management Plan 

Every CISO lives with the need to stay within budgets, comply with regulations, and protect the organization’s sensitive information, however when OCR knocks at the door will your risk assessment and ongoing risk management plan pass the test?  Get guidance on what is expected for the HIPAA Security Risk Analysis.  Learn the benefits of a Risk Management Plan that really meets the expectations of OCR rather than an approach that just ‘checks the box’.

Presenter: Cathie Brown, CGEIT, PMP, CISM, CISSP, VP of Professional Services, Clearwater LinkedIn



Module 6 – Developing An Executable Plan of Action and Milestones

The POAM is a very flexible and structured approach to risk mitigation efforts that most information security and information technology teams can readily adapt to their respective toolkits. This module will provide a simplistic overview of using the POAM to help navigate risk analysis mitigation.

Presenter: Blaine Hebert, MSIT, CISSP, HCISPP, Principle Consultant, Clearwater LinkedIn



August 22 | Session 4

Module 7 – Rethinking Cybersecurity Governance 

This presentation will offer a framework to more effectively define, organize, implement and manage organizational cybersecurity policy expectations. We will discuss the establishment of governance principles that are based on well-established and mature cybersecurity control standards and address the requirements necessary to implement a principal-based policy framework.

Co-Presenter: Wes Morris, CHPS, CIPM, HCISPP, Managing Consultant, Professional Services Clearwater LinkedIn



Co-Presenter: Adam Nunn, Principal Consultant, Clearwater LinkedIn



Module 8 – Making the Case for Cyber Risk Management Investment

The rapidly growing ecosystem of organizations supporting the healthcare industry and the increasing number of attack surfaces has made healthcare a soft target for those focused on exploiting our vulnerabilities.  The challenge is the lack of funding for identifying, prioritizing and implementing necessary safeguards and controls to reduce the risks to health information.  Investment in those safeguards and controls is an investment in damage control to the reputation, financials, and data of the organization.  Learn tips, tools and methodology that have proven to be successful to obtain funds for data protection.

Presenter: Baxter Lee, CFO, Clearwater LinkedIn



August 29 | Session 5

Module 9 – Addressing New Threats: Medical Device and IoT Risk Management

Many hospitals and health systems do not have the tools or processes in place to find and profile all of the medical devices within their network.  As a result, healthcare providers are not assessing vulnerabilities, performing risk analyses, or taking appropriate steps to reduce risks these devices to acceptable levels. In order to keep up with the vast amount of medical devices, a medical device security solution has to be more than the traditional vulnerability assessment.

Presenter: Mark Sexton, MPA, CISSP, HCISPP, CISA, CCSK, Principal Consultant LinkedIn



Module 10 – Assessing Cyber Risk Management Program Maturity

Cybersecurity program management provides the bedrock for all other cybersecurity risk management efforts. An analysis of cybersecurity program governance can identify whether the program is going to be effective in its mission and survive for the long-haul, or if it will be plagued by unfunded projects and staffing, lack of strategic and tactical vision, persistent interruption of efforts, absence of organizational workforce and peer support, and regular security staff turnover. We will discuss how assessing cyber risk management program maturity can identify weaknesses in governance substructures that reduce program effectiveness, stability, and robustness. We will also show how assessing program management maturity can be used to establish a roadmap for long-term, well-governed, successful, and engaged cybersecurity programs.

Co-Presenter: Jon Moore, MS, JD, HCISPP, Chief Risk Officer & SVP, Professional Services, Clearwater LinkedIn



Co-Presenter: Adam Nunn, Principal Consultant, Clearwater LinkedIn




*View Full Program Syllabus

Attendance Certificates to apply towards CEUs will be issued to all attendees who complete the Symposium.

Attendees will be requested and expected to:

  • Engage in live polls conducted in each session
  • Post questions and comments for Faculty to address
  • Complete an evaluation after each session

*Attendance to each session is encouraged, but recordings will be available within 48 hours after the completion of each session for easy catch-up.