Monday, July 29, 2019

Building a HIPAA-Compliant Cybersecurity Program (Free PDF)

File Size: 4.57 Mb

The first goal of this book is to lead professionals responsible for risk analysis and risk management through the risk analysis process from beginning to end, highlighting several benefits of performing the analysis while simplifying the process. The second goal is to emphasize the importance of moving beyond thinking of this exercise in terms of just meeting compliance requirements, of going a step further in mitigating risk.

The first three chapters focus on information released by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), highlighting the difficulties entities experience with risk analysis. Examples of organizations cited by the OCR for not having a compete risk analysis at the time a breach occurred and feedback from proactive audits are illustrated. Chapters 4 through 8 lead readers through each of the necessary components of the risk analysis. Chapter 4 outlines the process of identifying instances of electronic protected health information (ePHI). Chapter 5 focuses on threats and threat actors. Chapter 6 is where documenting vulnerabilities are discussed. Chapters 7 and 8 illustrate how likelihood and impact ratings are assigned, so that risks can be documented.

About the Author
About the Technical Reviewer
Part I: Why Risk Assessment and Analysis?
Chapter 1: Not If, but When
Chapter 2: Meeting Regulator Expectations
Chapter 3: Selecting Security Measures
Part II: Assessing and Analyzing Risk
Chapter 4: Inventory Your ePHI
Chapter 5: Who Wants Health Information?
Chapter 6: Weaknesses Waiting to Be Exploited
Chapter 7: Is It Really This Bad?
Chapter 8: Increasing Program Maturity
Chapter 9: Targeted Nontechnical Testing
Chapter 10: Targeted Technical Testing
Part III: Applying the Results to Everyday Needs
Chapter 11: Refreshing the Risk Register
Chapter 12: The Cybersecurity Road Map
Part IV: Continuous Improvement
Chapter 13: Investing for Risk Reduction
Chapter 14: Third-Party Risk: Beyond the BAA
Chapter 15: Social Media, BYOD, IOT, and Portability
Chapter 16: Risk Treatment and Management
Chapter 17: Customizing the Risk Analysis
Chapter 18: Think Offensively
Appendix A: NIST CSF Internal Controls
Appendix B: NIST CSF to HIPAA Crosswalk
Appendix C: Risk Analysis Templates

Author Details
"Eric C. Thompson"

Download Drive-1

You May Also Like These E-Books:-

No comments:

Post a Comment