Based on an analysis of HITRUST CSF Assessment data collected over a 10-year period, HITRUST has concluded that when an organization’s security controls within scope of a CSF Assessment are operated at or above a HITRUST CSF maturity level of 79, there is a 99% likelihood these controls will continue to operate in a similar manner going forward.
HITRUST has pioneered a new approach to security control maturity scoring. The failure of security controls in recent high-profile breaches highlights the importance and urgency of the problem, re-emphasizing why self-attestations, rudimentary third-party assessments, and reputational risk evaluation scoring methods are limited, often inaccurate and subjective while not providing a means to evaluate or predict future control effectiveness.
Every organization should study the HITRUST CSF and determine if the path to certification is the appropriate foundation for its cybersecurity program. What we do understand is that an organization that successfully implements security control capabilities such that its maturity level scores are greater than 79% has significantly mitigated cyber risk. This provides confidence to all the stake-holders, both inside (senior executives and the Board of Directors) as well as outside (business associates, third party vendors).
Bottomline: Organizations with higher HITRUST CSF maturity scores have fewer control failures, posing less cyber risk to their customers.
Get Started: Understand the HITRUST CSF standard and acquire the CHNS Credential. To learn more about the journey to HITRUST CSF certification, join me on October 3, 2019 in Irvine, California for the one-day Certified HITRUST | NIST CsF Specialist (CHNS) Program. Contact me at Ali.Pabrai@ecfirst.com for about complimentary access to the certification training.
Date: August 12, 2019