Sager, Center for Internet Security’s senior vice president, has shared insights on how to simplify health data security. He refers to the subject as a fog of war, which is a term describing the chaotic nature of battles, when it is hard to understand what is actually happening during combat.
He explained that there are many conflicting consulting opinions in today’s world of data security. According to him, the defenders have to work with limited time as well as a limited budget, so setting priorities becomes increasingly important.
Sager uses a term called defender’s dilemma, which consists of three parts. The first part is to figure out what to do, the second is actually doing it, and the third part is explaining your course of action to auditors, regulators, and supply chain partners, etc.
He suggests tackling the problem of data security threats by identifying the commonalities between organisations in different industries. He believes that by focusing on what is different, the job of figuring out threats simply becomes too difficult.
Sager suggests collaboration between enterprises. He believes in sharing and translating millions of data points into actions, putting emphasis that a defender does not have the time needed to analyse millions of data points a day, a week, or even a month. The defender needs a concrete way to deal with it.
The Center for Internet Security combines the knowledge of large communities and then translates it into controls. Sager noted they are translating what is happening into positive steps and publishing their findings.