Episode 151: Trust, But Verify: How HITRUST is Reshaping Assurance with Chris Shaffer

Описание: In this episode of the Virtual CISO Podcast, host John Verry and guest Chris Schaeffer discuss the HITRUST framework, its evolution, and its significance in the cybersecurity landscape. They delve into the Common Security Framework (CSF), the different assessment models (E1, I1, R2), and how HITRUST compares to other frameworks like SOC 2 and ISO 27001. The conversation also touches on the future of HITRUST, including potential reciprocity with other standards and the impact of emerging technologies like AI.

Takeaways:
• HITRUST was founded to help organizations demonstrate security and compliance.
• The Common Security Framework (CSF) is central to HITRUST 's offerings.
• HITRUST assessments are categorized into E1, I1, and R2 models.
• E1 is a good entry point for organizations new to HITRUST.
• HITRUST assessments are rigorous and require a high level of detail.
• The CSF is updated annually to remain relevant to current threats.
• HITRUST aims to provide consistency across different organizations.
• Reciprocity between frameworks could simplify compliance for organizations.
• The future of HITRUST may involve more integration with AI and other standards.
• Smaller organizations may find HITRUST assessments burdensome without reciprocity.