Listening to Dr. Barbara Endicott-Popovsky and Dr. Amir Shaygan created for me a sense of self-care. Understanding and internalizing the information required a lot of attention and concentration. I now have an overview of the main ideas and have developed some personal insights by applying the information in their talks. I will summarize two talks. The first was by Dr. Barbara Endicott-Popovsky and dealt with cybersecurity. The second is by Dr. Amir Shaygan, who discussed a technology management maturity assessment model for healthcare. With both presentations in mind, I will give an overview of cybersecurity practices and risks in Thailand, and speak to healthcare insurance for international students in the U.S. In the end, I propose applying the Hierarchical Decision Model (HDM) to strengthen Thai cybersecurity infrastructure, and to reconsider insurance options for students at Portland State University (PSU).
Dr. Endicott-Popovsky began with a model of cybersecurity using Figure 1 as a suite of behaviors that provide several types and layers of protection for an organization. Then she described an overview of the global cybersecurity situation. The cybersecurity migration model starts with declaring the organization’s goals. For example, a company wants to keep secret the private information of nuclear scientists who have nuclear training. To do that, the company needs to prioritize which data in their databases are important and confidential compared to the kinds of data that present lower risk of damage to the people and the organization. After setting a goal, the organization selects technologies, procedures, and practices and establishes a new organization agreement for how information security is maintained. One method might be to require employees to change to new passwords every few months. Since security awareness training is part of the program, employees are more likely to adopt best practices when they are given context and understand the consequences of deviating from the plan. At the same time as the data systems are being secured through technical protections, and while the users are being trained, the organization needs to audit their system on an ongoing basis. They can help ensure a safer future by reviewing the model often and rewriting and verifying the processes often enough to ensure that the organization will be resilient to cyber attacks.