• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Hartman Executive Advisors

Hartman Executive Advisors

Business & IT Strategy Consulting Firm

  • Business Strategy Consulting
  • IT Management Consulting
  • IT Strategy Consulting
  • Risk Management Consulting
  • Telehealth
  • About
    • Careers
    • Community
    • Our Team
    • Testimonials
  • Services
    • Business Strategy Consulting
      • CIO Consulting Services
      • CISO Consulting Services
      • Interim Executive Placement Services
      • M&A Advisory
      • Telehealth Consulting Services
      • IT Coaching & Mentoring
      • Organizational Development
      • Process Engineering
    • Risk Management Consulting
      • CMMC Compliance Services
      • Cyber Risk Assessment
      • Governance, Risk and Compliance
      • Incident Response Planning
      • IT Due Diligence
    • IT Management Consulting
      • Change Management
      • IT Portfolio Management
      • Vendor Selection & Management
    • IT Strategy Consulting
      • Core Banking System Selection
      • FinTech Consulting Services
      • IT Strategy Assessment
      • Software Evaluation
      • Software Selection
      • Virtual Event Technology
  • Industries
    • Construction
    • Education
    • Financial Services
    • Government Contracting
    • Healthcare
    • Human Services
    • Manufacturing, Retail & Distribution
    • Nonprofit & Association
    • Real Estate
    • State & Local Government
  • Resources
    • Blog
    • Case Studies
    • eBooks
    • Executive Technology Survey Results
    • Maryland CIO Roundtable
    • Speaking Engagements
  • Contact Us
(410) 587-0064 Request a Consultation
(410) 587-0064 Request a Consultation

Client Spotlight: Q&A with Bezawit Sumner, Director of Security and Compliance at CRISP

October 29, 2020 by Alison Krempa

To round out National Cybersecurity Awareness Month, we interviewed our client, Bezawit Sumner, Director of Security and Compliance at CRISP, Maryland’s formally designated healthcare information exchange.

Bezawit Sumner, Director of Security and Compliance at CRISP
Bezawit Sumner, Director of Security and Compliance at CRISP

Due to increased pressure from regulators requiring healthcare organizations to maintain stronger data controls, CRISP and Hartman worked together to look for a more systematic method for maintaining the organization’s information risk management and regulatory compliance systems. Working with Hartman, CRISP implemented the controls, policies and processes necessary to achieve the HITRUST certification, one that is intended specifically for the healthcare environment.

We talked to Bezawit about her role within the organization, CRISP’s cybersecurity training efforts, and how they are adapting to the “new normal” as a result of COVID-19.

Broadly, what is CRISP doing related to cybersecurity?
CRISP has implemented a risk-based security management program. We adopted the HITRUST Common Security Framework (CSF) a few years back and continue to use the maturity model to strengthen our security posture. This approach allows CRISP to consistently measure the effectiveness of our controls and adjust as needed to further enhance security and manage risk.

From a technical controls standpoint, we have a patch and vulnerability management program and security tools such as a next-gen web application firewall (WAF), a Security Information and Event Management (SIEM) tool with a managed service provider providing tier 1 support, File Integrity Monitoring (FIM), next-gen firewall, and data loss prevention (DLP). As part of our maturity model, we are currently engaged in a proof of concept to deploy a network monitoring tool.

CRISP is also aligned with the industry standard Electronic Healthcare Network Accreditation Commission (EHNAC), which focuses on data security, data transmission and resource capability. Finally, as a state designated health information exchange (HIE), we undergo various assessments including SOC-2, HIPAA, COMAR and cybersecurity testing, all in accordance with federal and state regulatory requirements.

Who is in charge of cybersecurity at CRISP?
As the Director of Security and Compliance, I lead the cybersecurity program at CRISP. Our team is made up of a Senior Cybersecurity Analyst, Junior Security Analysts, a Privacy Project Manager, a Security Program Manager and a CISO advisor from Hartman Executive Advisors. Previously, I was responsible for the internal security and privacy audit activity and developed a broad understanding of the CRISP environment and its requirements for in depth security management. When the leadership role opened, I was selected to assume that position. I believe that the key characteristics that influenced my selection were my understanding of CRISP’s mission and programs, my organization and attention to detail and discipline, and my ability to communicate effectively.

How important is employee training related to cybersecurity? What successes have you had? Any surprises?
Employee training is integral to an effective cybersecurity program since employees are the first line of defense, the “human firewall” so to speak. And as an organization, we are only as strong as our weakest link. To mobilize this effort, we require robust cybersecurity training when we onboard new employees and send additional cybersecurity training exercises throughout the year. We configured a “report phish” button in the email task bar that makes it easy for employees to report suspicious emails. Additionally, we send out various types of phishing campaign tests both internally and from independent third-party vendors to test employees on an ongoing basis.

How has COVID-19 affected your cybersecurity efforts? What changes had to take place?
The sudden change to accommodate full remote work as a result of COVID created an urgency to address a much broader set of security requirements because of our inability to rely on in-person structure and services, as well as the significantly increased need to support BYOD. Like many others in the industry, we are exploring a Zero Trust strategy. In this strategy, nothing will be trusted to connect to our systems until verified. This will continue to offer all employees an optimal working environment, while maintaining the security and privacy standards that our stakeholders expect.

Hartman’s risk management professionals have extensive experience working with clients to assess their cybersecurity risks and determine which risk mitigations are most effective for their organization’s security goals. Learn more about our risk management consulting services (link to services page) or request a consultation.

Filed Under: COVID-19,  Leadership

Primary Sidebar

Types

  • Article
  • Press
  • Vlog
  • Webinar

Topics

  • Associations & Nonprofits
  • Construction
  • COVID-19
  • Cybersecurity
  • Digital Transformation
  • Education
  • Featured
  • Financial Services
  • Hartman News
  • Healthcare
  • Human Services
  • Interim Executive Placement
  • IT Due Diligence
  • IT Management
  • IT Strategy
  • Leadership
  • Manufacturing
  • Mergers & Acquisitions
  • Real Estate
  • Risk Management Consulting
  • State & Local Government
  • Strategic Services
  • Systems & Software
  • Telehealth

Related Blogs

Workforce technology

How Technology Can Bridge The Gap Between Different Generations In The Workforce

January 5, 2023

Today’s workforce is more generationally diverse than ever before, as many people work well past traditional retirement ages, often taking on second[...]
Read More

Hartman Education Industry

Industry Spotlight:
Karen Bull, Ph.D.
Education Industry

November 14, 2022

Dr. Karen Bull is Hartman’s Education Industry Lead. Karen is an accomplished and dynamic education executive with experience in designing and [...]
Read More

Local Government

Industry Spotlight:
David J. Elges
State & Local Government Industry

October 28, 2022

David J. Elges is Hartman’s State and Local Government Industry Lead. David is a driven technologist with more than 35 years of experience in [...]
Read More

Footer

It's Time to Reach Out
Are you ready for independent IT Leadership?
Contact Us

Hartman Executive Advisors

1954 Greenspring Drive Suite 320 Timonium, MD 21093
410-587-0064

Services

  • Business Strategy Consulting
  • Risk Management Consulting
  • IT Management Consulting
  • IT Strategy Consulting

Resources

  • Blog
  • Case Studies
  • eBooks
  • Executive Technology Survey Results
  • Maryland CIO Roundtable
  • Speaking Engagements
Sign Up for Our Newsletter
Subscribe to Hartman Executive Insights
  • This field is for validation purposes and should be left unchanged.

© 2023 Hartman Executive Advisors · Powered by 321 Web Marketing · Website Privacy Policy & Terms of Use