Chief Information Security Office (CISO)
As one of our primary points to support the drive of uplifting the HSE’s cybersecurity maturity, we have established the Chief Information Security Officer’s (CISO) office. The team takes a proactive approach by focusing on eight work pillars aimed at increasing cybersecurity maturity levels.
Within the CISO office, different teams cover one or more Enterprise Security Architecture pillars, providing a comprehensive framework for addressing identified risks and planning for the future.
- Cyber Strategy, Programmes and Governance: Focuses on developing and implementing the HSE’s long-term cybersecurity strategy, overseeing investment planning, program maturity monitoring and security metrics reporting.
- Data Protection, Standards and Policies: Manages data protection agreements, security awareness programs, compliance with data protection regulations and ensuring that policies and procedures related to information and cybersecurity are kept up to date.
- Cyber Risk Management: Oversees the development, implementation and maintenance of a comprehensive Cyber Risk Management framework. Identifies, assesses and manages cybersecurity risks, oversees regulatory compliance and audit management.
- Business Information Security Officer (BISO): Focuses on managing the security of the Regional Health Areas (RHAs) and Voluntary Healthcare Organisations connected to the National Health Network (NHN), providing support for regulatory compliance and wider HSE security risk management.
- Computer Security Incident Response Team (CSIRT): Manages the HSE’s preparation and response to cybersecurity incidents, taking proactive measures to detect and address cybersecurity threats, and coordinates with third-party incident response teams.
- Cyber Defence: Develops and implements security management frameworks, security compliance and assurance frameworks, manages the Threat and Vulnerability Management (TVM) and Offensive Security processes to detect and address potential threats.
- Security Operations: Provides support for security solutions, maintenance for security platforms, develops and implements SecOps procedures, oversees physical security audits.
- Cyber Architecture and Engineering: Manages cybersecurity systems and solutions, ensuring alignment with industry standards, best practices and implementing security controls.
To bolster the Enterprise Security Architecture of the HSE, we have established fundamental cybersecurity principles that serve as the framework for our approach. These principles are as follows:
- Privacy by Design.
- Security by Design.
- Least Privilege.
- Regulatory Compliance.
- Mesh Architecture.
- Performance Measurement and Reporting.
- Information Confidentiality, Integrity and Availability.
- Enabling a Cyber Security Skilled and Capable Workforce.
Publication of Health Service Executive (HSE) Cybersecurity Statement of Strategic Intent (CSSI).
For more information, please contact CISO@hse.ie