May 11-12, 2017 | San Francisco, CA

Using Offense to Inform the Defense

May 12, 2017
11:25am - 12:00pm
Grand Ballroom

For small and medium healthcare institutions developing security controls that meet the requirements of the HIPAA Security Rule can be a daunting task. What's more, is addressing the requirements of the HIPAA Security Rule even sufficient to secure your patient’s data? 

To help organizations create an effective security program and begin to meet the needs of the HIPAA Security Rule, in this session, CERT Senior Cyber Security Engineer Matt Trevors explains how to use the Center for Internet Security’s Critical Security Controls (CIS CSC). 

He'll also discuss the Cyber Resilience Review (CRR), a free assessment tool that can be used by any organization to evaluate their security program.

Key takeaways:

  • Obtain a high level understanding of the CIS CSC and where to find them.
  • Know how the CIS CSC can help you address the HIPAA Security Rule requirements.
  • Gain a high level understanding of the DHS Cyber Resilience Review and how to schedule an assessment.


Senior Cybersecurity Engineer, Cybersecurity Assurance Team
CERT, Software Engineering Institute, Carnegie Mellon University

Learn more about the 2020 Event


Subscribe for updates