Guest: Christopher Frenz, Information Security Officer and AVP of IT Security at Mount Sinai South Nassau

In this episode, Christopher and Jonathan discuss the zero trust security model and look at how to achieve an evidence-based security program by adopting a threat-informed defense in the hospital sector. Hospitals and healthcare organizations are under siege in cyberspace following an increase in ransomware attacks and the broader pressures of the coronavirus pandemic. After decades of work in cybersecurity, Christopher understands how continuous testing and the MITRE ATT&CK framework can help organizations get ahead. “A lot of the metrics used today are not fine grained enough,” he says. “Looking at MITRE ATT&CK, the different tactics and techniques that can be used against us provides an effective way to identify what we need to be protecting, and what we need to be detecting. We use this as a basis for testing and evaluating the security that is in place within our organizations.” He takes a scientific approach to security by measuring the efficacy of the controls through real-time testing and uses data to improve his organization’s overall security posture.

Tune in and listen to one of the cybersecurity industry’s leading advocates of a threat-informed defense. For more on this subject, check out Christopher’s recent article in Healthcare IT News:https://www.healthcareitnews.com/blog/achieving-evidence-based-security-threat-informed-defense

Click here to read the transcript: https://www.attackiq.com/podcasts/adopting-a-threat-informed-defense-christopher-frenz/#transcript