© Eric C. Thompson 2017

Eric C. Thompson, Building a HIPAA-Compliant Cybersecurity Program, https://doi.org/10.1007/978-1-4842-3060-2_17

17. Customizing the Risk Analysis

Eric C. Thompson

(1)Lisle, Illinois, USA

Risk analysis is customizable, if the required elements exist. It is thorough and covers the entire enterprise. Here, it is possible to show an example of a risk analysis customized using Monte Carlo simulations when assigning values to the likelihood and impact ratings for given risks. Risk analysis is part art, part science. The art to risk analysis is to achieve results that reflect the true state of the environment. Qualitative risk assessments can suffer if careful thought is not given to assigning likelihood and impact values, yet ...

Get Building a HIPAA-Compliant Cybersecurity Program: Using NIST 800-30 and CSF to Secure Protected Health Information now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.