View allAll Photos Tagged cybersecurity
UMBC held a one-day workshop on Innovations in Cybersecurity Education on June 24, 2014. See bit.ly/icew14
Learn more at kirkpatrickprice.com/
Planning Your Risk Analysis
What Does A Complete Risk Analysis Planning Process Look Like?
In this session, we’ll discuss the five key elements of planning a HIPAA risk analysis.
Goal
There are several goals to have in mind during your organization’s risk analysis. You should aim to create a thorough, complete planning process so that you don’t end with incomplete results. You should also aim to measure risk instead of strict compliance. Our goal for you is to teach the differences between a HIPAA risk analysis and a HIPAA gap analysis. A risk analysis asks, ““How much exposure do we have to unauthorized access or disclosure of ePHI? What else do we need to do to reduce risk?” But a gap analysis asks, “How are we doing compared to what the regulations require?”
Resources
During the planning process, you should assess your resources by asking: Who will lead the project? Do they have proper experience in conducting risk analyses? Do they have leadership support? Have they reviewed past risk analyses?
Scope
Risk Analysis applies to all electronic PHI; created, received, maintained, or transmitted. We believe that when assessing scope, you need to think in terms of ePHI processing as opposed to systems. Where does PHI enter and leave your entity? We also believe that creating an ePHI workflow is key in having a complete risk analysis. The issue with ranking risks and implementing controls without a flow is that you may leave gaps between systems.
Information Gathering
There are many places to look when gathering information: information gathered in ePHI flow research, past and present ePHI projects, information security incidents, interview with key staff, documentation review, etc. It may seem obvious, but we’ll say it anyways: document your information gathering. The OCR has indicated in its security series that entities should document information on ePHI during this information collection phase
Perspectives
When you’ve completed the planning process, you might wonder: How do we ensure that we’ve accurately captured all of the information we need to properly complete a risk analysis? There are two ways to check yourself: internal and external resources. This is an appropriate time to bring in individuals who aren’t leading the project and present your findings to them. Or, you could find a third party who has expertise and who can help you decide whether you’re ready to conduct a risk analysis.
Download the full webinar to hear Mark Hinely’s case study breakdown and the Q&A portion.
29 May 2018 - OECD Forum 2018 – Cybersecurity
Cyrille Lachèvre, Macroeconomics Reporter, L’Opinion, France
Renata Avila, Senior Digital Rights Advisor, World Wide Web Foundation
Shane Curran, Founder, Muon
Casper Klynge, Tech Ambassador, Denmark
David Martinon, Ambassador for Cyberdiplomacy and the Digital Economy, France
Tarah Wheeler, Principal Security Advisor and Cybersecurity Policy Fellow, New America, United States
Photo: OECD/Mariano Bordon
UMBC held a one-day workshop on Innovations in Cybersecurity Education on June 24, 2014. See bit.ly/icew14
11/11/21, Jakarta, Indonesia. Foreign Secretary Liz Truss is pictured with Hinsa Siburian, Head of the BSSN, Indonesia's National Cyber and Cryptography Agency, after a meeting to open the first UK-Indonesia cyber dialogue. Picture: Russell Watkins / Foreign Commonwealth and Development Office.
Shawn Henry, FBI Executive Assistant Director, FBI - FedScoop’s 2nd Annual CyberSecurity Summit, Feb. 24, 2011, Washington, DC
29 May 2018 - OECD Forum 2018 – Cybersecurity
Cyrille Lachèvre, Macroeconomics Reporter, L’Opinion, France
Renata Avila, Senior Digital Rights Advisor, World Wide Web Foundation
Shane Curran, Founder, Muon
Casper Klynge, Tech Ambassador, Denmark
David Martinon, Ambassador for Cyberdiplomacy and the Digital Economy, France
Tarah Wheeler, Principal Security Advisor and Cybersecurity Policy Fellow, New America, United States
Photo: OECD/Mariano Bordon
UMBC held a one-day workshop on Innovations in Cybersecurity Education on June 24, 2014. See bit.ly/icew14
(left to right) Robert Carey, Deputy CIO and Deputy Assistant Secretary of Defense for Information Management, U.S. Department of Defense; Gary Galloway, Deputy Director of the Office of Information Assurance (IRM/IA), U.S. State Department; Roberta Stempfley, U.S. Department of Homeland Security, National Cybersecurity Division Director - FedScoop’s 2nd Annual CyberSecurity Summit, Feb. 24, 2011, Washington, DC
Hackers Could Turn Pre-Installed Antivirus App on Xiaomi Phones Into Malware, Elizabeth Warren wants jail time for CEOs in Equifax-style breaches, Researchers trick radiologists with malware-created cancer nodes, Hacker Eva Galperin Has a Plan to Eradicate Stalkerware, and Millions of Facebook Records Found on Amazon Cloud Servers.
Vance Hitch, CIO, U.S. Department of Justice - FedScoop’s 2nd Annual CyberSecurity Summit, Feb. 24, 2011, Washington, DC
Bob Gourley, Editor, CTOvision.com; Founder and Chief Technology Officer of Crucial Point LLC - FedScoop’s 2nd Annual CyberSecurity Summit, Feb. 24, 2011, Washington, DC
UMBC held a one-day workshop on Innovations in Cybersecurity Education on June 24, 2014. See bit.ly/icew14