Beruflich Dokumente
Kultur Dokumente
Three circles to
improve health care
cyber security
This is how we do it in Finland
Perttu Halonen, NCSC-FI
#FIRSTCON19
By Visit Lakeland
Three circles to improve health care cyber security 21 June, 2019
Three circles of
health care cyber
security
Trusted circle of
experts
Circle of Circle of
devoted common
organisations guidelines
S.O.S.
NCSC-FI
ICT
Health
service
ISAC
provider
Health
CERTs
Three circles to improve health care cyber security 21 June, 2019
Trusted circle of
experts
Health sector
Circle of
devoted
Circle of
common information
organisations guidelines sharing and
analysis centre
Three circles to improve health care cyber security 21 June, 2019
Finnish Health ISAC
Autonomous
10
Rules:
Voluntary- Membership
organisations
based
TLP, CHR
1 3-5 year action Active and open Solution centric Promotes Value recognised
plan, active information analysis of projects outside the ISAC.
participation, sharing also incidents, important for Annual report
strong mandate between common society's cyber shared to sector
from senior meetings, validation of security. organisations.
management. common sharing reports prior Common cyber
methods. publication. security
exercises.
0 Initial terms of reference Mutual trust, ad hoc Incidents experienced by Ad hoc commitment to Value for members,
and action plan. information sharing the members are discussed projects. reactive operations, annual
Chairperson nominated between meetings. within the ISAC. report shared to members.
from sector.
Coordinated cyber
Circle of
devoted
Circle of
common security projects
organisations guidelines
Implementation of HCCR
National cyber
Circle of
devoted
Circle of
common preparedness
organisations guidelines guidelines
Ministry of Social Affairs and Health official guidelines for care providers
and authorities, updated in 2018
For the first time, a cyber security specific section was included
Cooperative effort by national level stakeholders
Review comments by Health ISAC members and Cyber-Health project
partners improved the quality
Everyday preparedness
Binding cyber risk management to generic risk management
Resilience of organisation to disturbances in cyber environment
A model for incident response and escalation
References for best cyber security practices
Trusted circle of
experts