HITRUST OVERVIEW: What, How, and Why. w/ Ryan Patrick | Thursday Meeting

Опубликовано: 02 Май 2025
на канале: Study GRC

123

Ryan from HITRUST ( / ryan-patrick-3699117a ) pulls back the curtain on the HITRUST CSF. In this fast-paced, metrics-heavy session you’ll discover:

📉 Less than 1% Breach Rate
Compare certified environments to the 40–60% industry baseline and understand the power of proactive control implementation.

🧩 Threat-Adaptive Tiering
Explore the three levels of HITRUST assessments:
E1 – 44 baseline controls
I1 – 182 integrated controls
R2 – ~379 rigorous controls

Discover why R2 is often called a “significant emotional event” and what five-level maturity really means in practice.

🔍 Unmatched QA Process
6-layer quality assurance
21.5% of audits rejected
95%+ accuracy in validation
This isn’t checkbox compliance—it’s precision assurance.

💰 Insurance-Backed Credibility
R2 certification can reduce premiums by 25% with Lloyd’s of London, making it not just security—but a business advantage.

🧠 Dynamic, Threat-Informed Updates: Quarterly (soon monthly) updates aligned with MITRE ATT&CK, mapped to 61+ frameworks .

Chapters

00:00 Introduction to GRC Community and Collaboration
08:18 Evolution of High Trust and Its Relevance
12:42 Framework Updates and Industry Standards
20:24 Types of High Trust Assessments
26:05 Evidence Collection and Quality Assurance
30:08 Validation Process and Quality Checks
39:19 Quality Assurance Levels in High Trust
49:03 Conclusion and Future of High Trust
51:19 Understanding Bias in Cybersecurity Assessments
52:30 The Importance of High Trust in Various Industries
53:57 Framework Updates and Their Impact on Assessments
55:20 Quality Assurance in Cybersecurity Assessments
58:53 The Mobility of Certifications and Their Implications
01:00:16 Internal vs External Audit Findings
01:01:31 Continuous Assurance and Threat Intelligence
01:04:34 Getting Started with High Trust Certification
01:06:27 The Value of High Trust in Cyber Insurance
01:07:40 Navigating Multiple Compliance Standards
01:10:11 The Role of External Assessors in High Trust
01:12:22 Maintaining Audit Readiness and Best Practices
01:15:32 Benchmarking and Transparency in Cybersecurity
01:18:35 The Importance of External Assessors in Certification
01:21:44 High Trust's Relevance Beyond Healthcare
01:24:34 The Evolution of High Trust Across Industries
01:25:46 Trust and Organizational Accountability
01:27:10 Frameworks and Implementation Challenges
01:28:42 The Future of Structured Data Reporting
01:30:50 Training and Involvement in High Trust
01:34:38 Understanding Client Needs and High Trust Pursuit
01:36:36 The Importance of Prescriptiveness in Security
01:40:47 Rapid Research and AI Security Assessments
01:49:28 Final Thoughts on High Trust and Community Engagement

-
💬 Leave a comment with your thoughts, requests, and questions!

✅ Is this your vibe? Consider liking and subscribing to see more of it!

🚀 Join the Study GRC community:
Website: https://studygrc.org
Discord: https://discord.studygrc.org