[ISN] UMC Health System Security Officer discusses user awareness

http://healthitsecurity.com/2014/04/01/umc-health-system-security-officer-discusses-user-awareness/ By Patrick Ouellette Health IT Security April 1, 2014 With 14 years under his belt working with government entities in IT security, Phil Alexander, Information Security Officer at University Medical Center (UMC) Health System, certainly has a unique outlook on IT security in the healthcare sector. Based on those experiences at the federal level and his one year at UMC, Alexander talked with HealthITSecurity.com about his current focuses and where he thinks healthcare IT security is headed. UMC Health System, which includes our all its clinics in the local area, is the major regional provider in the West Texas area, so Alexander has a lot to keep track of. What are you concentrating on security-wise at UMC at the moment? When I got here, we were doing the typical basic cybersecurity and information assurance, nothing out of the ordinary. So I split my team into two: one dedicated to beefing up information assurance and the other being our computer security incident response team (CSIRT). The CSIRT team does a lot of traffic monitoring, packet analysis and forensics. And then on the other side of the house we’re increasing user awareness training this year. I have a different philosophy on security awareness