After everything completed thus far, it is a good time to pause and update the risk analysis. At this point, several circumstances have changed, based on what was learned during the testing phase. Most of the initial iteration was completed using what is known about the environment. This was followed by testing several key areas, to understand deeper characteristics of the IT systems. This means that several adjustments to risk severity are required. This is the process outlined from the beginning. As new details are learned about the environment ...
© Eric C. Thompson 2017
Eric C. Thompson, Building a HIPAA-Compliant Cybersecurity Program, https://doi.org/10.1007/978-1-4842-3060-2_11
11. Refreshing the Risk Register
Eric C. Thompson1
(1)Lisle, Illinois, USA