PDF Archive

Easily share your PDF documents with your contacts, on the Web and Social Networks.

Share a file Manage my documents Convert Recover PDF Search Help Contact



fundamentals of a risk analysis1484 .pdf


Original filename: fundamentals of a risk analysis1484.pdf

This PDF 1.4 document has been generated by / iTextSharp™ 5.4.1 ©2000-2012 1T3XT BVBA (AGPL-version), and has been sent on pdf-archive.com on 15/02/2018 at 06:02, from IP address 104.223.x.x. The current document download page has been viewed 129 times.
File size: 3 KB (1 page).
Privacy: public file




Download original PDF file









Document preview


fundamentals of a risk analysis
There are plentiful methods of performing risk analysis and there is no particular technique or
"best practice" that ensures fulfillment with the Security Rule. Various examples of tips that might
be practical in a risk analysis process are made public in NIST SP 800-30.6. The remainder of
this guidance paper explains some elements a risk analysis must have, not considering of the
mode utilized.
Scope of the Analysis
The scope of risk analysis that the Security Rule employs comprises the potential risks and
vulnerabilities to the secrecy, availability and integrity of all e-PHI that an group produces, gets,
maintains, or transmits. (45 C.F.R. § 164.306(a).) This features e-PHI in all types of electronic
storage devices, such as hard drives, floppy disks, CDs, DVDs, smart cards or other storage
devices, PDAs, transmission
media, or portable electronic media. Digital media involves a lone workstation as well as complex
networks associated between several locations. Thus, an organization's risk analysis ought to
take into account all of its e-PHI, not considering of the exact electronic mode in that it is formed,
received, maintained or transmitted or the source or position of its e-PHI.
Data Collection
An establishment should identify where the e-PHI is saved, received, maintained or transmitted.
An establishment possibly will assemble applicable statistics by: reviewing former and/or existing
projects; performing interviews; reviewing documentation; or using extra records accumulating
means. The records on e-PHI gathered using these strategies be required to be acknowledged.
(See 45 C.F.R. §§ 164.308(a)(1)(ii)(A) and 164.316(b)(1).) Ascertain and Write down Prospective
Dangers and Vulnerabilities
Organizations be obliged to categorize and verify rationally anticipated terrors to e-PHI. (See 45
C.F.R. §§ 164.306(a)(2) and 164.316(b)(1)(ii).) Organizations possibly will see dissimilar risks that
are rare to the position of their location. Organizations be obliged to too make out and
authenticate vulnerabilities that , if triggered or exploited by a danger, would create a peril of
inappropriate entrance to or disclosure of e-PHI. (See 45 C.F.R. §§164.308(a)(1)(ii)(A) and
164.316(b)(1)(ii).) go!!


Document preview fundamentals of a risk analysis1484.pdf - page 1/1

Related documents


fundamentals of a risk analysis1484
basics of a risk analysis1330
essentials of a risk analysis1589
essentials of a risk analysis1464
elements of a risk analysis1090
cyber security threats


Related keywords