Conducting NIST-based Risk Assessments
Step-by-Step Guidance for Effective Risk Assessments
- Event Date:
- Event Time: Noon Central
Conducting periodic security risk assessments is not only a requirement of HIPAA, PCI DSS and Meaningful Use, it is the foundation of any good information security program. Although conducting a proper risk assessment can be a daunting process, it doesn’t have to be with the proper tools and techniques.
In this webinar, you will learn how to conduct a risk assessment based on the National Institute of Standards and Technology’s (NIST) risk assessment framework and methodology, considered one of the most effective formats for conducting a risk assessment.
We’ll share how to conduct a “by-the-book” security risk assessment, outline the types of threats and vulnerabilities that put patient information at risk, and how to risk-rate those assets that create, receive, transmit or maintain patient and other sensitive information. We’ll also explain how to establish a baseline for your current risk profile, and how to measure progress in reducing your risks.
What You Will Learn
- The importance of conducting regular risk assessments and the potential impact of not doing so
- What comprises a complete security risk assessment to comply with HIPAA and PCI regulations
- Step-by-step instructions for conducting an effective, NIST-based risk assessment
- Specific risk assessment requirements outlined in HHS/OCR final guidance
- The nine essential steps to complete a comprehensive risk assessment
- How to use readily available tools, templates and forms