This session will present the background of the regulations that call for information security risk analysis and show how it fits in to an overall information security management process. The risk analysis process will be presented within the context of the overall risk prioritization and risk mitigation process, using an example.
Areas of high risk, as identified by respected industry organizations, will be identified to ensure that the most significant risks are discovered and adequately prioritized. The risk analysis process will be applied to a simplified example in order to relate the process to a real situation and drive home the usefulness of the process.
Attendees will gain insights into the management of risks and reduction of exposure to breaches and penalties, and will be able to implement new procedures that will reduce risks immediately.
Areas Covered in the Seminar:
* The requirements for Risk Analysis in the Security Rule and for Meaningful Use.
* Definitions of Risk Analysis.
* How to define the scope of a Risk Analysis?
* What goes into a Risk Management process?
* How flexibility should be used in analysis and mitigation of risks?
* Federal guidance on Risk Analysis.
* The NIST Risk Assessment process.
* A non-technical approach to Risk Analysis.
* Typical risk issues and breach causes.
* New enforcement categories and penalties.
* Risk Analysis requirements for Certified EHRs.
* Developing a risk management plan.
* The importance of documentation.
* A Risk Analysis example will be provided, examining a hospital function and one of its systems.