Conducting NIST-based Risk Assessments
Step-by-Step Guidance for Effective Risk Assessments

Conducting periodic security risk assessments is not only a requirement of HIPAA, PCI DSS and Meaningful Use, it is the foundation of any good information security program. Although conducting a proper risk assessment can be a daunting process, it doesn’t have to be with the proper tools and techniques.

In this webinar, you will learn how to conduct a risk assessment based on the National Institute of Standards and Technology’s (NIST) risk assessment framework and methodology, considered one of the most effective formats for conducting a risk assessment.

We’ll share how to conduct a “by-the-book” security risk assessment, outline the types of threats and vulnerabilities that put patient information at risk, and how to risk-rate those assets that create, receive, transmit or maintain patient and other sensitive information. We’ll also explain how to establish a baseline for your current risk profile, and how to measure progress in reducing your risks.

What You Will Learn

• The importance of conducting regular risk assessments and the potential impact of not doing so
• What comprises a complete security risk assessment to comply with HIPAA and PCI regulations
• Step-by-step instructions for conducting an effective, NIST-based risk assessment
• Specific risk assessment requirements outlined in HHS/OCR final guidance
• The nine essential steps to complete a comprehensive risk assessment
• How to use readily available tools, templates and forms