Unifying Cybersecurity Strategies

The Challenge

One of the nation’s largest health care payers found itself burdened by a diverse approach to federal, state, and industry regulatory compliance. IT security and risk management is a complex program, developed in distinct parts over many years. As a result, the organization struggled to with how to allocate resources and where to make investments.

The Solution

Through a series of workshops, Level Nine helped the program define a shared vision that would act as the primary motivation for all security and privacy decisions. We developed a holistic view of security and privacy capabilities required by the business using this baseline. Next, we conducted a comprehensive review of the program, including a gap analysis against HIPAA Security and Privacy Rules, NAIC Model Audit Rules, and CoBIT. Using the gap analysis and Level Nine’s prioritization methodology, we developed a five-year roadmap and project portfolio strategy for the systematic development of each capability.

After The Engagement

Since adopting the roadmap, the client unified diverse approaches to implementing information security controls, established a common vocabulary across the enterprise for IT security risk, and successfully achieved and maintained regulatory compliance at a reduced cost.

Have a similar project?

© 2019 Level Nine Group