Q&A: The Philosophical Shift True Security Requires

Tom Sullivan, | Government Health IT | August 28, 2014

If you knew that assailants or robbers had continuous access to your house, how would that change the way you manage home security? And if the door and window locks, fences, even the big-ticket alarm systems were not enough? One option: You might assume every time you walk inside that someone is lying in wait.

That’s a core tenet of the Assumption of Breach methodology that Seattle Children’s Hospital Chief Information Security Officer Cris Ewell intends to delve into at the HIMSS Media and Healthcare IT News Privacy and Security Forum in Boston Sept. 8-9.  Ewell spoke with Executive Editor Tom Sullivan about AOB, what he considers the three types of adversaries to guard against, and the need for balancing both risk and federal regulations.

Q: The title of your session is The New Security Reality: Assume the Breach and Reduce Your Risk, wherein you are slated to discuss the Assumption of Breach concept. What is AOB all about?
A: In today’s world, security controls just are not enough to protect an organization against the cyber threats that are out there, both internal and external, and if you solely rely on the very prescriptive controls, whether you believe in NIST, ISO, HIPAA or any of those things, it’s the wrong philosophy to take from a very strategic point...