Feb. 23, 2016 – Apprio Inc.’s Sallie Sweeney was a featured speaker at the Center for Medicare and Medicaid Services’ (CMS’) Security Control Oversight Update Training conference, known as CSCOUT. The technical forum is attended by information systems security and privacy professionals from CMS and its contractor community nationwide.
Discussing the topic of “Sticking With the Basics: Cover the Basics Before Implementing the New Shiny Toys,” Sweeny examined the use case of organizations which work in silos and therefore pursue IT purchases in a fragmented and uncoordinated effort.
Organizations which lack communications and structural processes for review of their IT needs—and ultimately their purchases—can do more harm than good for their operations, she emphasized. Such an IT management scenario can result in an organization having redundant toolsets, being inundated with “pet” projects that are not in alignment with the organization’s IT plan, and implementing security strategy and tools that end up in the “land of abandoned tools.” Additionally, security and IT staff members can become frustrated as they are pulled off higher priority projects that involve solving real business problems in order to implement the latest and greatest tool which was not really needed in the first place, she said.
As part of her participation in the CMS forum, Sweeney made recommendations to the group to form a committee of all key stakeholders in their organizations to discuss the IT and security strategy and align their purchases to meet current and future strategic goals. This approach will result in reducing wasteful spending, she said, and it enables multiple groups to possibly leverage tool purchases across the organization. This methodology also promotes transparency across a siloed organization, which increases awareness of upcoming new security controls, federal mandates and other requirements.
The CSCOUT forum provides an opportunity for open discourse to address ground-breaking topics in cyber security, information privacy, best practices and current CMS initiatives, according to CMS.