The execution of the risk analysis thus far was based on inquiry and examination of methods, including policies, previous assessment results, and audit reports. Additionally, nontechnical testing of several key risk areas was also executed. This generated more current and tangible information to incorporate into the risk analysis. Solidifying the risk analysis, as shown in Figure 10-1, through cybersecurity program and control management and targeted testing, enriches the risk information used in decision making. Technical tests were chosen ...
© Eric C. Thompson 2017
Eric C. Thompson, Building a HIPAA-Compliant Cybersecurity Program, https://doi.org/10.1007/978-1-4842-3060-2_10
10. Targeted Technical Testing
Eric C. Thompson1
(1)Lisle, Illinois, USA
Get Building a HIPAA-Compliant Cybersecurity Program: Using NIST 800-30 and CSF to Secure Protected Health Information now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
