(Healthcare) Security Metrics: Selection and Interpretation

Venue: Online Event

Location: Palo Alto, California, United States

Event Date/Time: Apr 05, 2013 / 10:00 am - (PST) End Date/Time: Apr 05, 2013 / 11:20 am - (PST)
Report as Spam


Why Should You Attend:

Historically the Security or IT departments have been either hard-pressed or reluctant to discuss the cost-benefit; some would call it the "ROI" of security investments. Instead of justifying a particular step or technology or device based on a cost-comparison with an option or alternative, the justification was often made through a description of the threat it would counteract: meaning use of a fear-factor or threat of legal or compliance consequences if the request to act fails. But today, they are calling for accountability and justification along the same lines as the other areas of the organization.

This presentation will address the concepts of security metrics and what they are intended to show. We will talk about Security ROI, and what it really means. We will discuss cost-benefit analysis, cost-justification, architectural integration, LC-TCO as part of the equation. We will touch on the justification process and why security that is "good enough" is both sufficient.

Areas Covered in the Webinar:

  • What metrics are and what they should be measuring
  • Types and methods of measuring
  • Assessing your environment and selecting the proper metrics to represent it accurately
  • How to approach the problem: the goal, approaches, breaking down the process, and getting started
  • Getting Management Buy-in for Action Before and After
  • Lies, Damn Lies, and Statistics - The Limits of Informational Content: What they tell you and what they can't or don't tell you


Online Event
2600, E. Bayshore road
Palo Alto
United States

Conference Speakers

 Ross A Leo

Mr. Leo, has been in Information System for 35 years, and an Information Security professional for over 30 years. He has worked internationally as a Systems Analyst/Engineer, and as a Security and Privacy Consultant. His past employers include IBM, St. Luke's Episcopal Hospital, Computer Sciences Corporation, and Rockwell International. A NASA contractor for 22 years, he was from 1998 to 2002 Director of Security Engineering for the International Space Station and Chief Security Architect for Mission Control at the Johnson Space Center. From 2002 to 2006 Mr. Leo was the Director of Information Systems and Chief Information Security Officer for the Managed Care Division of the University of Texas Medical Branch in Galveston, Texas.

Since 2002, Mr. Leo has been intimately involved with HIPAA consulting, training and compliance programs. From 2002 until 2006, his role at the University of Texas required be become an expert at HIPAA requirements in order to successfully lead the institution through a complete HIPAA compliance program.