PDF Archive

Easily share your PDF documents with your contacts, on the Web and Social Networks.

Share a file Manage my documents Convert Recover PDF Search Help Contact

essentials of a risk analysis1464 .pdf

Original filename: essentials of a risk analysis1464.pdf

This PDF 1.4 document has been generated by / iTextSharp™ 5.4.1 ©2000-2012 1T3XT BVBA (AGPL-version), and has been sent on pdf-archive.com on 15/02/2018 at 06:09, from IP address 146.148.x.x. The current document download page has been viewed 144 times.
File size: 3 KB (1 page).
Privacy: public file

Download original PDF file

Document preview

essentials of a risk analysis
There are many methods of performing risk analysis and there is no separate process or "best
practice" that guarantees observance with the Security Rule. A few examples of steps that might
be practical in a risk analysis process are printed in NIST SP 800-30.6. The rest of this guidance
article explains several fundamentals a risk analysis must have, apart from of the means used.
Scope of the Analysis
The scope of risk analysis that the Security Rule encompasses consists of the probable risks and
vulnerabilities to the secrecy, availability and integrity of all e-PHI that an institute makes, gets,
maintains, or transmits. (45 C.F.R. § 164.306(a).) This comes with e-PHI in all styles of electronic
storage devices, such as hard drives, floppy disks, CDs, DVDs, smart cards or other storage
devices, PDAs, transmission
media, or portable electronic media. Electronic media involves a lone workstation as well as
complicated networks coupled between numerous locations. Like so, an organization's risk
analysis must take into account all of its e-PHI, regardless of the precise electronic mode in that it
is formed, received, maintained or transmitted or the source or locality of its e-PHI.
Data Collection
An association should identify where the e-PHI is kept, received, maintained or transmitted. An
association can collect pertinent figures by: reviewing past and/or existing projects; performing
interviews; reviewing documentation; or using extra numbers get together techniques. The data
on e-PHI gathered by means of these methods be required to be accepted. (See 45 C.F.R. §§
164.308(a)(1)(ii)(A) and 164.316(b)(1).) Discover and Document Probable Risks and
Organizations ought to spot and write down logically anticipated threats to e-PHI. (See 45 C.F.R.
§§ 164.306(a)(2) and 164.316(b)(1)(ii).) Organizations might discover different risks that are rare
to the conditions of their environment. Organizations should also make out and record
vulnerabilities that , if triggered or exploited by a danger, would craft a peril of inappropriate
admission to or revelation of e-PHI. (See 45 C.F.R. §§164.308(a)(1)(ii)(A) and 164.316(b)(1)(ii).)
Clicking Here

Document preview essentials of a risk analysis1464.pdf - page 1/1

Related documents

essentials of a risk analysis1464
elements of a risk analysis1090
fundamentals of a risk analysis1484
essentials of a risk analysis1589
basics of a risk analysis1330
cyber security threats

Related keywords