© Eric C. Thompson 2017

Eric C. Thompson, Building a HIPAA-Compliant Cybersecurity Program, https://doi.org/10.1007/978-1-4842-3060-2_11

11. Refreshing the Risk Register

Eric C. Thompson

(1)Lisle, Illinois, USA

After everything completed thus far, it is a good time to pause and update the risk analysis. At this point, several circumstances have changed, based on what was learned during the testing phase. Most of the initial iteration was completed using what is known about the environment. This was followed by testing several key areas, to understand deeper characteristics of the IT systems. This means that several adjustments to risk severity are required. This is the process outlined from the beginning. As new details are learned about the environment ...

Get Building a HIPAA-Compliant Cybersecurity Program: Using NIST 800-30 and CSF to Secure Protected Health Information now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.