Risk Assessments: a Foundation for Improved Information Security in US Healthcare
Many of the healthcare organisations that have experienced large-scale data breaches in recent years failed to conduct a thorough information risk management (IRM) assessment beforehand. Some healthcare providers conduct their own risk assessments, but they seldom rise to the level of the ‘gold standard’: the National Institute of Standards and Technology (NIST) 800-39 framework. A bona fide IRM assessment is more than a technical roadmap; it is a process whereby the organisation determines where critical data resides and what financial/reputational costs would be incurred if that data gets compromised. A rigorous IRM program is a company-wide commitment which cannot be relegated solely to the compliance or IT department. The C-suite, board of directors, legal staff and public relations team also need to be actively involved. A rigorous IRM assessment provides the benchmark/baseline information needed to keep making improvements. This is then accomplished using a maturity model that measures program enhancements (or setbacks) in a variety of vital categories.
Please sign in or register for FREE
Sign in to E&T Cyber Security Hub
Register to E&T Cyber Security Hub
E&T Cyber Security Hub brings together engineers and cyber security specialists to share practical know-how. With content created ‘by engineers, for engineers,’ it provides peer-reviewed technical information, real-world insights, lessons learnt and case studies, as well as tools for networking and knowledge-sharing, profiles of experts and the opportunity for companies to showcase their expertise.