Podcast

Summary

Cybersecurity is only as strong as the security of an organization's vendors. Randall Frietzsche, chief information security officer (CISO) of Denver Health, a level one trauma center in Denver, has his organization's information security assessments down to a science. On today’s show, Randall joins Change Healthcare’s John Zuziak to share how Denver Health conducts security assessments, and how Randall's team assesses new vendors and monitors for vulnerabilities.

Today's panel: John Zuziak, Change Healthcare's Security and IT Risk Management Practice director; and Randall “Fritz” Frietzsche, MS, CISSP, CHPC, C|EH, C|HFI, ISSA distinguished fellow, and enterprise chief information security officer (CISO) at Denver Health, Denver, Colo.

Here’s what they talked about:

  • Frameworks for building security programs and assessments
  • Assessing security risk with third-party vendors
  • Creating a risk management policy
  • Conducting risk stratification analysis
  • Assigning risk tiers to third-party vendors
  • Keeping an eye on control gaps
  • Bucketing risks: financial, reputational, patient safety
  • Addressing vendors’ security gaps
  • Allowing for exceptions to the rules
  • The security check as part of the purchasing workflow
  • Top 10 security control objectives in every contract
  • The annual third-party review

Episode Resources

  1. Randall Frietzsche’s bio
  2. John Zuziak's bio
  3. Denver Health
  4. Change Healthcare Consulting Services
  5. Change Healthcare Consulting Services Resources
  6. COVID-19 Updates and Resources

Related Insights

View all Insights