3.3.7 Strengthen privacy and cybersecurity capabilities
Investing in our cyber security capability to improve our security posture and build a cyber aware culture for the protection of our patients, staff and organisations. Strengthening our data security capabilities to ensure the privacy of our patients records.
Initiative
High Level Description
Expected Benefits
Implementation considerations
Leading Entity
Continue to uplift cybersecurity and privacy capabilities, including people, processes and technology, to protect the LHD against cyber attacks and prevent privacy breaches. Example actions to help achieve this outcome include: ► Continuing to deliver upon the actions defined in our Cyber Security Action Plan
Reduced likelihood of cyber and privacy breaches Improved response times to cyber threats, incidents, and privacy breaches Reduced risks to adverse clinical outcomes due to cyber attacks Optimised cyber spend by ensuring roadmap is agreed and coordinated.
Identify local Crown Jewel assets and apply appropriate controls based on critically Increase maturity against the Essential 8 and ensure mandatory 25 controls are applied, to comply with state and national Cyber Security frameworks and policies Uplift the capability and capacity of cybersecurity within the ICT function by leveraging statewide investments in the cyber area Assess eHealth NSW security offerings to replace existing tools and align with state security operations. For example, if a log aggregator service becomes available through statewide bodies, consider leveraging that instead of duplicating investments Prioritise the local cybersecurity initiatives according to a risk based mitigation.
Northern Sydney LHD in partnership with eHealth NSW
►
►
7.1 Uplift cybersecurity and privacy capability
►
►
►
►
Investigating the use of a log aggregator for archiving and reporting outside of the statewide HSOC use case Enhancing network and perimeter controls, monitoring capability, threat protection software, and information security management systems
►
►
►
►
► Continuing to review and set security controls and invest in security tools to improve cybersecurity and privacy standards
Continuing to review the physical security and access of our buildings and equipment
►
►
► Clarifying roles and responsibilities between the LHD and the eHealth NSW security function, including clarifying security related KPIs and SLAs.
Page 54
Made with FlippingBook - professional solution for displaying marketing and sales documents online