Exec Questions Flashcards
Risk Framework and Governance (7 cards)
Why is our governance score so low at 1.1?
Post-Change Healthcare acquisition integration challenges. Inconsistent policies across subsidiaries. New unified governance structure addresses this gap.
How does 2.5 NIST score compare to industry peers?
Target 2.5 puts us above healthcare industry average of 2.2. Leading health systems typically score 2.3-2.7.
What’s the Board’s role in cybersecurity oversight?
Quarterly briefings, approval of investments over $5M, direct ownership of risk appetite statements. Enhanced with Mandiant advisory support.
How do we ensure accountability across all subsidiaries?
Standardized cybersecurity charters, defined roles, clear escalation protocols. Executive Security Council ensures enterprise-wide alignment.
What happens if we don’t meet the 2.5 target by FY2026?
Increased regulatory scrutiny, higher breach probability, potential business restrictions. Roadmap includes milestones to ensure we stay on track.
How does this governance model prevent another Change Healthcare situation?
Unified visibility, standardized controls, mandatory compliance across all entities. No more subsidiary autonomy on critical security controls.
