Deck 5 Flashcards
(21 cards)
What are our key milestones?
Immediate MFA implementationyear-one foundational security enhancementsand year-three optimization and operationalization
How do we measure the success of this investment?
Improved NIST scoresKPIsquicker threat detection and response
How does this compare to industry benchmarks?
Brings UHG to industry average cybersecurity spend (7% of IT budget)aligning with mid-tier industry standards
How will these improvements impact operations?
Minimal disruption planned; backend enhancements and carefully managed stakeholder processes
Can current staffing manage this transformation?
Noadditional FTEs and specialized roles are funded within the plan
What is our recovery readiness strategy?
Standardized backup protocolsregular testing
What specific KPIs track improvement?
Asset coverageprivileged access violationsrecovery success rates
What contingencies are planned for resource gaps?
Strategic staffing investmentsmanaged security services
How will this align with cloud migration initiatives?
Security improvements are designed to complement and accelerate cloud adoption securely
Are third-party vendor risks being addressed?
Yesthrough enhanced third-party monitoring and automated vulnerability scanning
What role is Mandiant playing?
External advisory and validation of cybersecurity approach and implementation oversight
How will we address outdated IT systems?
Modernization initiatives including zero-trust frameworks and endpoint anomaly detection
What training enhancements are proposed?
Immersiverole-specific cybersecurity training with gamification and real-world scenarios
What are the compliance risks without funding?
Regulatory penaltiesfinesand increased scrutiny from bodies like HHS OCR
How does this align with our risk appetite?
Directly reduces risks identified as unacceptable in UHG’s formal risk tolerance framework
What are our future cybersecurity trends?
Increased AI/ML-based detectionzero trust adoption
What critical healthcare operations were disrupted?
Insurance verificationclaims processing
What were the legal implications of the breach?
Multiple federal lawsuitsregulatory investigationsand ongoing litigation
What are the governance improvements planned?
Unified policiesclarified roles and responsibilitiesexecutive simulations
What’s unique about our governance framework?
Multi-layered governance from board-level oversight through executive and operational management
How is recovery prioritized across critical functions?
Business Impact Analysis ensuring prioritization based on mission-critical operations and validated recovery times
