Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

What CISOs Can Learn from ER Doctors

By Working Together and Sharing Missteps, Defenders Can Gain Crucial Security Insights and Prevent the Spread of Attacks

By Working Together and Sharing Missteps, Defenders Can Gain Crucial Security Insights and Prevent the Spread of Attacks

One of the areas that is still a major sore point in the security industry is cross-organization knowledge sharing. Most organizations operate in silos, unwilling to discuss their approach to security with any others for a variety of reasons. Part of this is to maintain security in itself – if others know what they are doing to protect themselves, potentially that knowledge could be exploited. But more often, it’s a fear of judgment or retribution that prevents companies from openly discussing their security tactics with others.

When a company faces a breach or another form of security failure, they are often vilified and “breach-shamed” by others, many of whom either claim they could have stopped such an attack or dissect the targeted organization’s supposedly poor security tactics or procedures. To avoid this potential criticism, too often these failures are whispered about in corners or hidden from broader view because organizations are worried about the repercussions to their financial performance or public perception, or worse, a legal ramification.

The fact is, every organization will be the target of an attack at some point. Instead of pointing fingers at one another when this happens, the best approach would be for security organizations to come together to discuss their learnings and move forward, to prevent the same thing from happen to others.

A great example of this in another industry is in healthcare. Doctors hold Morbidity and Mortality (M&M) conferences to learn from complications and errors, modify behavior based on previous experiences and prevent repetition of errors. The goal is to improve patient care and discuss learnings without fear of punishment or legal ramifications, and the meetings are held on a regular basis, often weekly or monthly.

M&M conferences are generally moderated by a senior physician and attended by all hospital residents, select attendees and other staff who may have intimate knowledge of the case, such as nurses, other physicians or lab personnel. The resident in charge of the patient will spend thirty minutes to an hour discussing the case, including the process, outcome, any potential errors that occurred and anything unique that they learned from the experience. Their peers then ask questions, discuss the case and decide on alternate approaches moving forward.

In addition to being a valuable way for physicians to understand cases other than their own and receive learnings from other doctors, these conferences benefit the healthcare industry and future patients. By sharing their learnings broadly, doctors can help ensure these mistakes aren’t made in the future.

These peer review conferences are effective largely because their proceedings are kept confidential by law. Certain states provide protection which prevents compelled disclosure of a peer review committee’s records or proceedings in a court case. So, in the event that a court case arises over the medical care discussed at one of these meetings, none of the meeting attendees can be forced to disclose any of the information that was discussed in court. This protects the physicians and allows them to speak freely about their cases, mistakes and learnings, without fear of legal ramifications.

Advertisement. Scroll to continue reading.

In the security industry, we could do well to adopt our own version of M&M conferences. Rather than protecting our own security practices to a fault or targeting other organizations who have been breached, we should be working collaboratively in a similar way to better benefit the security industry as a whole. If we took a page from our physicians and worked together to share our missteps and move forward, we could provide crucial security learnings and prevent the spread of attacks.

Learn More at SecurityWeek’s CISO Forum

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem