To this point, the risk analysis was executed by conducting through inquiry and the examination documents such as policies, previous assessment results, and audit reports. A limited amount of current, tangible information derived through direct testing was incorporated into the analysis thus far. This is not atypical for the initial phase of the analysis and assessment. Establishing baseline risks, as shown in Figure 9-1, through documenting and correlating current information and known capabilities into a list of risks needing treatment, ...
© Eric C. Thompson 2017
Eric C. Thompson, Building a HIPAA-Compliant Cybersecurity Program, https://doi.org/10.1007/978-1-4842-3060-2_9
9. Targeted Nontechnical Testing
Eric C. Thompson1
(1)Lisle, Illinois, USA
Get Building a HIPAA-Compliant Cybersecurity Program: Using NIST 800-30 and CSF to Secure Protected Health Information now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.