After everything completed thus far, it is a good time to pause and update the risk analysis. At this point, several circumstances have changed, based on what was learned during the testing phase. Most of the initial iteration was completed using what is known about the environment. This was followed by testing several key areas, to understand deeper characteristics of the IT systems. This means that several adjustments to risk severity are required. This is the process outlined from the beginning. As new details are learned about the environment ...
© Eric C. Thompson 2017
Eric C. Thompson, Building a HIPAA-Compliant Cybersecurity Program, https://doi.org/10.1007/978-1-4842-3060-2_11
11. Refreshing the Risk Register
Eric C. Thompson1
(1)Lisle, Illinois, USA
Get Building a HIPAA-Compliant Cybersecurity Program: Using NIST 800-30 and CSF to Secure Protected Health Information now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.