SlideShare a Scribd company logo

2013 01-18 demonstration of the risk analysis software

Download as PPTX, PDF
E
Elaine Axum
TechnologyBusiness
1 of 37
Clearwater HIPAA Risk Analysis™ Software Demonstration Jon Stone, MPA, PMP 615-210-9612 Jon.Stone@ClearwaterCompliance.com 1
Your Presenter © 2012-13 Clearwater Compliance LLC | All Rights Reserved 2
Jon Stone, MPA, PMP • 25+ years in Healthcare in the provider, payer and healthcare quality improvement fields • Innovator | Strategic Program Manager | Consultant | Executive • 15+ years of strategic leadership for compliance and Healthcare information technology projects involving the most sensitive ePHI for companies such as CIGNA, Healthways and Ingenix. • PMP, MPA - Healthcare Policy and Administration Passion: Driving business, compliance and technology solutions for improving healthcare operations and outcomes © 2012-13 Clearwater Compliance LLC | All Rights Reserved 3
Session Objectives • Regulatory background • Product features • Software walkthrough • Product benefits © 2012-13 Clearwater Compliance LLC | All Rights Reserved 4
Completing a formal Security Risk Analysis is required by the HIPAA Security Rule and must follow HHS/OCR guidelines Stage 1 and Stage 2 Meaningful Use require completion of a HIPAA Security Risk Analysis © 2012-13 Clearwater Compliance LLC | All Rights Reserved
Security violations can be devastating to an organization’s reputation and finances © 2012-13 Clearwater Compliance LLC | All Rights Reserved
Without the benefit of a HIPAA compliant Risk Analysis approach… You don’t know your risks… You are probably making privacy and security investments in a vacuum, without facts and data to facilitate informed decision making… © 2012-13 Clearwater Compliance LLC | All Rights Reserved
Without the benefit of a HIPAA compliant Risk Analysis approach… You are at high risk in the face of increasing enforcement actions State AG Investigations OCR Investigations CMS Audits for MU © 2012-13 Clearwater Compliance LLC | All Rights Reserved
The threat landscape is constantly changing Organizations are struggling to identify threats… © 2012-13 Clearwater Compliance LLC | All Rights Reserved
Organizations don’t know their vulnerabilities Are critical systems encrypted? Are passwords strong enough? Are we prepared for disaster? Are our employees trained? © 2012-13 Clearwater Compliance LLC | All Rights Reserved
All this uncertainty means we don’t know our risks… Regulatory Risks Financial risks Legal risks Risks to our reputations Risks to operations and care © 2012-13 Clearwater Compliance LLC | All Rights Reserved
What do the regulations require? 45 C.F.R. §164.308(a)(1)(i) Standard: Security Management Process (1)(i) Standard: Security management process. Implement policies and procedures to prevent, detect, contain, and correct security violations. (ii) Implementation specifications: (A) Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity. 45 C.F.R. §164.308(a)(8) Standard: Evaluation. Perform a periodic technical and non-technical evaluation, based initially upon the standards implemented under this rule and subsequently, in response to environmental or operational changes affecting the security of electronic protected health information, which establishes the extent to which an entity's security policies and procedures meet the requirements of this subpart. © 2012-13 Clearwater Compliance LLC | All Rights Reserved 12
Three Dimensions of HIPAA Security Business Risk Management Complete a Complete a Security 1. Compliance Risk Analysis 2. Security Assessment to 45 CFR 164.308(a)(8) to Protect 45 CFR 164.308(a)(1)(ii)(A) Determine Sensitive Info Compliance Perform& Audit 3. Test Network and 164.308(a)(8) & OCR 45 CFR Penetration Audit Protocol Testing for a full Risk Program © 2012-13 Clearwater Compliance LLC | All Rights Reserved 13
Regardless of the Risk analysis methodology employed… The Health and Human Services Office of Civil Rights Recommends You include the following key components © 2012-13 Clearwater Compliance LLC | All Rights Reserved 14
1.Scope of the Analysis - all ePHI that an organization creates, receives, maintains, or transmits must be included in the risk analysis. (45 C.F.R. § 164.306(a)). 2.Data Collection - The data on ePHI gathered using these methods must be documented. (See 45 C.F.R. §§ 164.308(a)(1)(ii)(A) and 164.316 (b)(1).) 3.Identify and Document Potential Threats and Vulnerabilities - Organizations must identify and document reasonably anticipated threats to ePHI. (See 45 C.F.R. §§ 164.306(a)(2), 164.308(a)(1)(ii)(A) and 164.316(b)(1)(ii).) © 2012-13 Clearwater Compliance LLC | All Rights Reserved 15
4. Determine the Likelihood of Threat Occurrence - The Security Rule requires organizations to take into account the likelihood of potential risks to ePHI. (See 45 C.F.R. § 164.306(b)(2)(iv).) 5. Determine the Potential Impact of Threat Occurrence - The Rule also requires consideration of the “criticality,” or impact, of potential risks to confidentiality, integrity, and availability of ePHI. (See 45 C.F.R. § 164.306(b)(2)(iv).) 6. Determine the Level of Risk - The level of risk could be determined, for example, by analyzing the values assigned to the likelihood of threat occurrence and resulting impact of threat occurrence. (See 45 C.F.R. §§ 164.306(a)(2), 164.308(a)(1)(ii)(A), and 164.316(b)(1).) © 2012-13 Clearwater Compliance LLC | All Rights Reserved 16
7. Finalize Documentation - The Security Rule requires the risk analysis to be documented but does not require a specific format. (See 45 C.F.R. § 164.316(b)(1). 8. Periodic Review and Updates to the Risk Assessment - The risk analysis process should be ongoing. In order for an entity to update and document its security measures “as needed,” which the Rule requires, it should conduct continuous risk analysis to identify when updates are needed. (45 C.F.R. §§ 164.306(e) and 164.316(b)(2)(iii).) © 2012-13 Clearwater Compliance LLC | All Rights Reserved 17
Guidance on Risk Analysis Requirements under the HIPAA Security Rule Final © 2012-13 Clearwater Compliance LLC | All Rights Reserved 18
• NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments – DRAFT • NIST SP800-53 Revision 3 Final, Recommended controls for Federal Information Systems and Organizations • NIST SP800-34 Contingency Planning Guide for Federal Information Systems • NIST SP800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach • NIST SP800-39-final_Managing Information Security Risk • NIST SP800-53A, Rev 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans © 2012-13 Clearwater Compliance LLC | All Rights Reserved 19
Risk Analysis Myths1 HIPAA Security Risk Analysis Myths and Facts Myth Fact The security risk analysis is False. All providers who are “covered entities” under HIPAA are required to perform a risk analysis. In addition, all providers who want to receive HER incentive payments must optional for small providers. conduct a risk analysis. Simply installing a certified EHR fulfills the security risk False. Even with a certified EHR, you must perform a full security risk analysis. Security requirements address all electronic protected health information you maintain, not just analysis MU requirement. what is in your EHR. False. Your EHR vendor may be able to provide information, assistance, and training on My EHR vendor took care of the privacy and security aspects of the EHR product. However, EHR vendors are not everything I need to do about privacy and security. responsible for making their Products compliant with HIPAA Privacy and Security Rules. It is solely your responsibility to have a complete risk analysis conducted. False. It is possible for small practices to do risk analysis themselves using self-help tools such as the U.S. Department of Health and Human Services Office of the National I have to outsource the Coordinator for Health Information Technology’s (ONC) risk analysis tool. However, doing security risk analysis. a thorough and professional risk analysis that will stand up to a compliance review will require expert knowledge that could be obtained through services of an experienced outside professional. © 2012-13 Clearwater Compliance LLC | All Rights Reserved 1ONC Guide to Privacy and Security of Health Information 20
Risk Analysis Myths HIPAA Security Risk Analysis Myths and Facts Myth Fact A checklist will suffice for False. Checklists can be useful tools, especially when starting a risk analysis, but they fall the risk analysis short of performing a systematic security risk analysis or documenting that one has been requirement. performed. There is a specific risk False. A risk analysis can be performed in countless ways. OCR has issued Guidance on Risk Analysis Requirements of the Security Rule. This guidance assists organizations in analysis method that I must identifying and implementing the most effective and appropriate safeguards to secure e- follow. PHI. False. Review all electronic devices that store, capture, or modify electronic protected My security risk analysis health information. Include your EHR hardware and software and devices that can access only needs to look at my your EHR data (e.g., your tablet computer, your practice manager’s mobile phone). EHR. Remember that copiers also store data. Please see U.S. Department of Health and Human Services (HHS) guidance on remote use. False. To comply with HIPAA, you must continue to review, correct or modify, and update I only need to do a risk security protections. For more on reassessing your security practices, please see analysis once. http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_gov__privacy___securit y_frame-work/1173 © 2012-13 Clearwater Compliance LLC | All Rights Reserved 21
Risk Analysis Myths HIPAA Security Risk Analysis Myths and Facts Myth Fact Before I attest for an EHR False. The EHR incentive program requires addressing any deficiencies identified during incentive program, I must the risk analysis during the reporting period. fully mitigate all risks. Each year, I’ll have to False. Perform the full security risk analysis as you adopt an EHR. Each year or when changes to your practice or electronic systems occur, review and update the prior analysis completely redo my security for changes in risks. risk analysis. © 2012-13 Clearwater Compliance LLC | All Rights Reserved 22
What A Risk Analysis Is Not • A network vulnerability scan • A penetration test • A configuration audit • A network diagram review • Information system activity review • A questionnaire © 2012-13 Clearwater Compliance LLC | All Rights Reserved 23
Risk Analysis Is… …the process of identifying, prioritizing, and estimating risks to organizational operations… resulting from the operation of an information system… • Risk management incorporates threat and vulnerability analyses, • Considers mitigations provided by security controls planned or in place1. 1NIST SP800-30 © 2012-13 Clearwater Compliance LLC | All Rights Reserved 24
Clearwater HIPAA Risk Analysis™ Capabilities 25
© 2012-13 Clearwater Compliance LLC | All Rights Reserved 26
The Risk Analysis Dilemma Assets and Media Threat Agent Threat Actions Vulnerabilities NIST SP 800-53 Controls Anti-malware PS-6 a The organization ensures Backup Media Burglar/ Thief Burglary/Theft that individuals requiring access to Desktop Electrical Incident Corruption or Vulnerabilities organizational information and Disk Array Entropy destruction of Destruction/Disposal information systems sign appropriate access agreements Electronic Medical Fire important data Vulnerabilities prior to being granted access. Device Data Leakage Dormant Accounts PS-6 b The organization Flood reviews/updates the access Laptop Data Loss Endpoint Leakage Inclement weather agreements [Assignment: Denial of Service Vulnerabilities organization-defined frequency]. Pager Malware AC-19 a The organization Destruction of Excessive User Permissions Server Network Connectivity establishes usage restrictions and important data Insecure Network implementation guidance for Smartphone Outage Electrical damage to Configuration organization-controlled mobile Storage Area Power devices. equipment Insecure Software AC-19 b The organization Network Outage/Interruption Fire damage to Development Processes authorizes connection of mobile Tablet Etcetera… devices meeting organizational equipment Insufficient Application usage restrictions and Third-party service Information leakage Capacity implementation guidance to provider organizational information systems. Etcetera… Insufficient data backup Etcetera… AC-19 d The organization enforces Insufficient data validation requirements for the connection of mobile devices to organizational Approximately 170,000,000 Insufficient equipment information systems. redundancy AC-19 e The organization disables Permutations Insufficient equipment information system functionality that provides the capability for shielding automatic execution of code on Insufficient fire protection mobile devices without user direction; Issues specially Insufficient HVAC capability configured mobile devices to Insufficient power capacity individuals traveling to locations that the organization deems to be Insufficient power shielding of significant risk in accordance with organizational policies and Etcetera… procedures. Etcetera…569 © 2012-13 Clearwater Compliance LLC | All Rights Reserved 27
The Unique Clearwater Risk Algorithm™ © 2012-13 Clearwater Compliance LLC | All Rights Reserved 28
The Unique Clearwater Risk Algorithm™ © 2012-13 Clearwater Compliance LLC | All Rights Reserved 29
Software Demonstration Click Here to Go To Website © 2012-13 Clearwater Compliance LLC | All Rights Reserved 30
Clearwater HIPAA Risk Analysis™- Benefits © 2012-13 Clearwater Compliance LLC | All Rights Reserved 31
Clearwater HIPAA Risk Analysis™- Benefits Provides a “by-the-book” approach to meet HIPAA and Meaningful Use requirements Transforms risk management from “arts & crafts” to a mature, repeatable and sustainable process Facilitates informed risk management decision making by enabling prioritization and justification of security investments © 2012-13 Clearwater Compliance LLC | All Rights Reserved
Clearwater HIPAA Risk Analysis™- Benefits Captures a baseline for your current security risk profile and measures progress in treating identified risks Becomes a “living, breathing tool” for ongoing HIPAA security risk management Empowers your organization to become self- sufficient in meeting the requirement for a periodic risk analysis as defined in the HIPAA Security Rule 45 CFR 164.308(a)(1)(ii)(A) © 2012-13 Clearwater Compliance LLC | All Rights Reserved
Need help with resources or expertise? © 2012-13 Clearwater Compliance LLC | All Rights Reserved 34
Need help with resources or expertise? © 2012-13 Clearwater Compliance LLC | All Rights Reserved 35
Questions? © 2012-13 Clearwater Compliance LLC | All Rights Reserved 36
Get more info… Register For Upcoming Live HIPAA-HITECH Webinars at: http://abouthipaa.com/webi nars/upcoming-live- webinars/ View pre-recorded Webinars like this one at: http://abouthipaa.com/webin ars/on-demand-webinars/ © 2012-13 Clearwater Compliance LLC | All Rights Reserved

Recommended

2012 10 19 risk analysis training deck
2012 10 19 risk analysis training deck2012 10 19 risk analysis training deck
2012 10 19 risk analysis training deckElaine Axum
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016EnterpriseGRC Solutions, Inc.
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Patrick Florer
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_PackageRandy B.
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalPatrick Florer
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secureEnterpriseGRC Solutions, Inc.
 
Deconstructing the cost of a data breach
Deconstructing the cost of a data breachDeconstructing the cost of a data breach
Deconstructing the cost of a data breachPatrick Florer
 

Recommended

2012 10 19 risk analysis training deck
2012 10 19 risk analysis training deck2012 10 19 risk analysis training deck
2012 10 19 risk analysis training deckElaine Axum
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016EnterpriseGRC Solutions, Inc.
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Patrick Florer
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_PackageRandy B.
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalPatrick Florer
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secureEnterpriseGRC Solutions, Inc.
 
Deconstructing the cost of a data breach
Deconstructing the cost of a data breachDeconstructing the cost of a data breach
Deconstructing the cost of a data breachPatrick Florer
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™CPaschal
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5Patrick Florer
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
aPersona_EHR_Challenge_WhitePaper
aPersona_EHR_Challenge_WhitePaperaPersona_EHR_Challenge_WhitePaper
aPersona_EHR_Challenge_WhitePaperChris Reese
 
Erm talking points
Erm talking pointsErm talking points
Erm talking pointsEnterpriseGRC Solutions, Inc.
 
Preserving the Privilege during Breach Response
Preserving the Privilege during Breach ResponsePreserving the Privilege during Breach Response
Preserving the Privilege during Breach ResponsePriyanka Aash
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudHappiest Minds Technologies
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Happiest Minds Technologies
 
Screening Online powered by World-Check
Screening Online powered by World-CheckScreening Online powered by World-Check
Screening Online powered by World-CheckArzoo Edroos
 
World-Check One Brochure
World-Check One BrochureWorld-Check One Brochure
World-Check One BrochureMichel El Maalouly
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Marcello Marchesini
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
HSN Risk Assessment Report
HSN Risk Assessment ReportHSN Risk Assessment Report
HSN Risk Assessment ReportBelinda Edwards
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Riskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRiskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRahul Bhan (CA, CIA, MBA)
 
Riskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRiskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRahul Bhan (CA, CIA, MBA)
 
the impact of total risk management on company performance evidence in fuel a...
the impact of total risk management on company performance evidence in fuel a...the impact of total risk management on company performance evidence in fuel a...
the impact of total risk management on company performance evidence in fuel a...ihsan467
 
FMEA training for Healthcare - Sample
FMEA training for Healthcare - SampleFMEA training for Healthcare - Sample
FMEA training for Healthcare - SampleMark H. Davis
 
Failure Mode Effect Analysis (FMEA)
Failure Mode Effect Analysis (FMEA)Failure Mode Effect Analysis (FMEA)
Failure Mode Effect Analysis (FMEA)Abou Ibri
 

More Related Content

What's hot

RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™CPaschal
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
aPersona_EHR_Challenge_WhitePaper
aPersona_EHR_Challenge_WhitePaperaPersona_EHR_Challenge_WhitePaper
aPersona_EHR_Challenge_WhitePaperChris Reese
 
Preserving the Privilege during Breach Response
Preserving the Privilege during Breach ResponsePreserving the Privilege during Breach Response
Preserving the Privilege during Breach ResponsePriyanka Aash
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudHappiest Minds Technologies
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Happiest Minds Technologies
 
Screening Online powered by World-Check
Screening Online powered by World-CheckScreening Online powered by World-Check
Screening Online powered by World-CheckArzoo Edroos
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Marcello Marchesini
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
HSN Risk Assessment Report
HSN Risk Assessment ReportHSN Risk Assessment Report
HSN Risk Assessment ReportBelinda Edwards
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 

What's hot (19)

RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
aPersona_EHR_Challenge_WhitePaper
aPersona_EHR_Challenge_WhitePaperaPersona_EHR_Challenge_WhitePaper
aPersona_EHR_Challenge_WhitePaper
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Preserving the Privilege during Breach Response
Preserving the Privilege during Breach ResponsePreserving the Privilege during Breach Response
Preserving the Privilege during Breach Response
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
 
Screening Online powered by World-Check
Screening Online powered by World-CheckScreening Online powered by World-Check
Screening Online powered by World-Check
 
World-Check One Brochure
World-Check One BrochureWorld-Check One Brochure
World-Check One Brochure
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
HSN Risk Assessment Report
HSN Risk Assessment ReportHSN Risk Assessment Report
HSN Risk Assessment Report
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
Riskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRiskpro Legal And Compliance Audits
Riskpro Legal And Compliance Audits
 
Riskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRiskpro Legal And Compliance Audits
Riskpro Legal And Compliance Audits
 

Viewers also liked

the impact of total risk management on company performance evidence in fuel a...
the impact of total risk management on company performance evidence in fuel a...the impact of total risk management on company performance evidence in fuel a...
the impact of total risk management on company performance evidence in fuel a...ihsan467
 
FMEA training for Healthcare - Sample
FMEA training for Healthcare - SampleFMEA training for Healthcare - Sample
FMEA training for Healthcare - SampleMark H. Davis
 
Failure Mode Effect Analysis (FMEA)
Failure Mode Effect Analysis (FMEA)Failure Mode Effect Analysis (FMEA)
Failure Mode Effect Analysis (FMEA)Abou Ibri
 
FMEA Introduction.ppt
FMEA Introduction.pptFMEA Introduction.ppt
FMEA Introduction.pptbowerj
 
Failure Mode Effect Analysis (FMEA)
Failure Mode Effect Analysis (FMEA)Failure Mode Effect Analysis (FMEA)
Failure Mode Effect Analysis (FMEA)DEEPAK SAHOO
 
Risk Management and Insurance
Risk Management and InsuranceRisk Management and Insurance
Risk Management and InsuranceJohn Daniel
 

Viewers also liked (7)

the impact of total risk management on company performance evidence in fuel a...
the impact of total risk management on company performance evidence in fuel a...the impact of total risk management on company performance evidence in fuel a...
the impact of total risk management on company performance evidence in fuel a...
 
FMEA training for Healthcare - Sample
FMEA training for Healthcare - SampleFMEA training for Healthcare - Sample
FMEA training for Healthcare - Sample
 
Failure Mode Effect Analysis (FMEA)
Failure Mode Effect Analysis (FMEA)Failure Mode Effect Analysis (FMEA)
Failure Mode Effect Analysis (FMEA)
 
Ports In India
Ports In IndiaPorts In India
Ports In India
 
FMEA Introduction.ppt
FMEA Introduction.pptFMEA Introduction.ppt
FMEA Introduction.ppt
 
Failure Mode Effect Analysis (FMEA)
Failure Mode Effect Analysis (FMEA)Failure Mode Effect Analysis (FMEA)
Failure Mode Effect Analysis (FMEA)
 
Risk Management and Insurance
Risk Management and InsuranceRisk Management and Insurance
Risk Management and Insurance
 

Similar to 2013 01-18 demonstration of the risk analysis software

Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk AssessmentMichael Lines
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsSubhajit Bhuiya
 
HIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarHIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarCompliancy Group
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationShritam Bhowmick
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2Chris Baldwin
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
Catelas Webinar Session I 3rd Party Compliance & Risk Oversight 31 Oc...
Catelas Webinar Session I 3rd Party Compliance & Risk Oversight 31 Oc...Catelas Webinar Session I 3rd Party Compliance & Risk Oversight 31 Oc...
Catelas Webinar Session I 3rd Party Compliance & Risk Oversight 31 Oc...Eddie Cogan
 
The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysislearfield
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSathishKumar960827
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 
Case Study
Case StudyCase Study
Case Studylneut03
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
Operational Security for Transportation: Connectivity to Rails
Operational Security for Transportation: Connectivity to Rails Operational Security for Transportation: Connectivity to Rails
Operational Security for Transportation: Connectivity to Rails Ashley Finden
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report exampleIhor Uzhvenko
 
Audit and Compliance BDR Knowledge Training
Audit and Compliance BDR Knowledge TrainingAudit and Compliance BDR Knowledge Training
Audit and Compliance BDR Knowledge TrainingTory Quinton
 

Similar to 2013 01-18 demonstration of the risk analysis software (20)

Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk Assessment
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
 
HIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarHIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy Webinar
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise Infilteration
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
Catelas Webinar Session I 3rd Party Compliance & Risk Oversight 31 Oc...
Catelas Webinar Session I 3rd Party Compliance & Risk Oversight 31 Oc...Catelas Webinar Session I 3rd Party Compliance & Risk Oversight 31 Oc...
Catelas Webinar Session I 3rd Party Compliance & Risk Oversight 31 Oc...
 
The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysis
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdf
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Case Study
Case StudyCase Study
Case Study
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
Operational Security for Transportation: Connectivity to Rails
Operational Security for Transportation: Connectivity to Rails Operational Security for Transportation: Connectivity to Rails
Operational Security for Transportation: Connectivity to Rails
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report example
 
Audit and Compliance BDR Knowledge Training
Audit and Compliance BDR Knowledge TrainingAudit and Compliance BDR Knowledge Training
Audit and Compliance BDR Knowledge Training
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

2013 01-18 demonstration of the risk analysis software

  • 1. Clearwater HIPAA Risk Analysis™ Software Demonstration Jon Stone, MPA, PMP 615-210-9612 Jon.Stone@ClearwaterCompliance.com 1
  • 2. Your Presenter © 2012-13 Clearwater Compliance LLC | All Rights Reserved 2
  • 3. Jon Stone, MPA, PMP • 25+ years in Healthcare in the provider, payer and healthcare quality improvement fields • Innovator | Strategic Program Manager | Consultant | Executive • 15+ years of strategic leadership for compliance and Healthcare information technology projects involving the most sensitive ePHI for companies such as CIGNA, Healthways and Ingenix. • PMP, MPA - Healthcare Policy and Administration Passion: Driving business, compliance and technology solutions for improving healthcare operations and outcomes © 2012-13 Clearwater Compliance LLC | All Rights Reserved 3
  • 4. Session Objectives • Regulatory background • Product features • Software walkthrough • Product benefits © 2012-13 Clearwater Compliance LLC | All Rights Reserved 4
  • 5. Completing a formal Security Risk Analysis is required by the HIPAA Security Rule and must follow HHS/OCR guidelines Stage 1 and Stage 2 Meaningful Use require completion of a HIPAA Security Risk Analysis © 2012-13 Clearwater Compliance LLC | All Rights Reserved
  • 6. Security violations can be devastating to an organization’s reputation and finances © 2012-13 Clearwater Compliance LLC | All Rights Reserved
  • 7. Without the benefit of a HIPAA compliant Risk Analysis approach… You don’t know your risks… You are probably making privacy and security investments in a vacuum, without facts and data to facilitate informed decision making… © 2012-13 Clearwater Compliance LLC | All Rights Reserved
  • 8. Without the benefit of a HIPAA compliant Risk Analysis approach… You are at high risk in the face of increasing enforcement actions State AG Investigations OCR Investigations CMS Audits for MU © 2012-13 Clearwater Compliance LLC | All Rights Reserved
  • 9. The threat landscape is constantly changing Organizations are struggling to identify threats… © 2012-13 Clearwater Compliance LLC | All Rights Reserved
  • 10. Organizations don’t know their vulnerabilities Are critical systems encrypted? Are passwords strong enough? Are we prepared for disaster? Are our employees trained? © 2012-13 Clearwater Compliance LLC | All Rights Reserved
  • 11. All this uncertainty means we don’t know our risks… Regulatory Risks Financial risks Legal risks Risks to our reputations Risks to operations and care © 2012-13 Clearwater Compliance LLC | All Rights Reserved
  • 12. What do the regulations require? 45 C.F.R. §164.308(a)(1)(i) Standard: Security Management Process (1)(i) Standard: Security management process. Implement policies and procedures to prevent, detect, contain, and correct security violations. (ii) Implementation specifications: (A) Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity. 45 C.F.R. §164.308(a)(8) Standard: Evaluation. Perform a periodic technical and non-technical evaluation, based initially upon the standards implemented under this rule and subsequently, in response to environmental or operational changes affecting the security of electronic protected health information, which establishes the extent to which an entity's security policies and procedures meet the requirements of this subpart. © 2012-13 Clearwater Compliance LLC | All Rights Reserved 12
  • 13. Three Dimensions of HIPAA Security Business Risk Management Complete a Complete a Security 1. Compliance Risk Analysis 2. Security Assessment to 45 CFR 164.308(a)(8) to Protect 45 CFR 164.308(a)(1)(ii)(A) Determine Sensitive Info Compliance Perform& Audit 3. Test Network and 164.308(a)(8) & OCR 45 CFR Penetration Audit Protocol Testing for a full Risk Program © 2012-13 Clearwater Compliance LLC | All Rights Reserved 13
  • 14. Regardless of the Risk analysis methodology employed… The Health and Human Services Office of Civil Rights Recommends You include the following key components © 2012-13 Clearwater Compliance LLC | All Rights Reserved 14
  • 15. 1.Scope of the Analysis - all ePHI that an organization creates, receives, maintains, or transmits must be included in the risk analysis. (45 C.F.R. § 164.306(a)). 2.Data Collection - The data on ePHI gathered using these methods must be documented. (See 45 C.F.R. §§ 164.308(a)(1)(ii)(A) and 164.316 (b)(1).) 3.Identify and Document Potential Threats and Vulnerabilities - Organizations must identify and document reasonably anticipated threats to ePHI. (See 45 C.F.R. §§ 164.306(a)(2), 164.308(a)(1)(ii)(A) and 164.316(b)(1)(ii).) © 2012-13 Clearwater Compliance LLC | All Rights Reserved 15
  • 16. 4. Determine the Likelihood of Threat Occurrence - The Security Rule requires organizations to take into account the likelihood of potential risks to ePHI. (See 45 C.F.R. § 164.306(b)(2)(iv).) 5. Determine the Potential Impact of Threat Occurrence - The Rule also requires consideration of the “criticality,” or impact, of potential risks to confidentiality, integrity, and availability of ePHI. (See 45 C.F.R. § 164.306(b)(2)(iv).) 6. Determine the Level of Risk - The level of risk could be determined, for example, by analyzing the values assigned to the likelihood of threat occurrence and resulting impact of threat occurrence. (See 45 C.F.R. §§ 164.306(a)(2), 164.308(a)(1)(ii)(A), and 164.316(b)(1).) © 2012-13 Clearwater Compliance LLC | All Rights Reserved 16
  • 17. 7. Finalize Documentation - The Security Rule requires the risk analysis to be documented but does not require a specific format. (See 45 C.F.R. § 164.316(b)(1). 8. Periodic Review and Updates to the Risk Assessment - The risk analysis process should be ongoing. In order for an entity to update and document its security measures “as needed,” which the Rule requires, it should conduct continuous risk analysis to identify when updates are needed. (45 C.F.R. §§ 164.306(e) and 164.316(b)(2)(iii).) © 2012-13 Clearwater Compliance LLC | All Rights Reserved 17
  • 18. Guidance on Risk Analysis Requirements under the HIPAA Security Rule Final © 2012-13 Clearwater Compliance LLC | All Rights Reserved 18
  • 19. • NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments – DRAFT • NIST SP800-53 Revision 3 Final, Recommended controls for Federal Information Systems and Organizations • NIST SP800-34 Contingency Planning Guide for Federal Information Systems • NIST SP800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach • NIST SP800-39-final_Managing Information Security Risk • NIST SP800-53A, Rev 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans © 2012-13 Clearwater Compliance LLC | All Rights Reserved 19
  • 20. Risk Analysis Myths1 HIPAA Security Risk Analysis Myths and Facts Myth Fact The security risk analysis is False. All providers who are “covered entities” under HIPAA are required to perform a risk analysis. In addition, all providers who want to receive HER incentive payments must optional for small providers. conduct a risk analysis. Simply installing a certified EHR fulfills the security risk False. Even with a certified EHR, you must perform a full security risk analysis. Security requirements address all electronic protected health information you maintain, not just analysis MU requirement. what is in your EHR. False. Your EHR vendor may be able to provide information, assistance, and training on My EHR vendor took care of the privacy and security aspects of the EHR product. However, EHR vendors are not everything I need to do about privacy and security. responsible for making their Products compliant with HIPAA Privacy and Security Rules. It is solely your responsibility to have a complete risk analysis conducted. False. It is possible for small practices to do risk analysis themselves using self-help tools such as the U.S. Department of Health and Human Services Office of the National I have to outsource the Coordinator for Health Information Technology’s (ONC) risk analysis tool. However, doing security risk analysis. a thorough and professional risk analysis that will stand up to a compliance review will require expert knowledge that could be obtained through services of an experienced outside professional. © 2012-13 Clearwater Compliance LLC | All Rights Reserved 1ONC Guide to Privacy and Security of Health Information 20
  • 21. Risk Analysis Myths HIPAA Security Risk Analysis Myths and Facts Myth Fact A checklist will suffice for False. Checklists can be useful tools, especially when starting a risk analysis, but they fall the risk analysis short of performing a systematic security risk analysis or documenting that one has been requirement. performed. There is a specific risk False. A risk analysis can be performed in countless ways. OCR has issued Guidance on Risk Analysis Requirements of the Security Rule. This guidance assists organizations in analysis method that I must identifying and implementing the most effective and appropriate safeguards to secure e- follow. PHI. False. Review all electronic devices that store, capture, or modify electronic protected My security risk analysis health information. Include your EHR hardware and software and devices that can access only needs to look at my your EHR data (e.g., your tablet computer, your practice manager’s mobile phone). EHR. Remember that copiers also store data. Please see U.S. Department of Health and Human Services (HHS) guidance on remote use. False. To comply with HIPAA, you must continue to review, correct or modify, and update I only need to do a risk security protections. For more on reassessing your security practices, please see analysis once. http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_gov__privacy___securit y_frame-work/1173 © 2012-13 Clearwater Compliance LLC | All Rights Reserved 21
  • 22. Risk Analysis Myths HIPAA Security Risk Analysis Myths and Facts Myth Fact Before I attest for an EHR False. The EHR incentive program requires addressing any deficiencies identified during incentive program, I must the risk analysis during the reporting period. fully mitigate all risks. Each year, I’ll have to False. Perform the full security risk analysis as you adopt an EHR. Each year or when changes to your practice or electronic systems occur, review and update the prior analysis completely redo my security for changes in risks. risk analysis. © 2012-13 Clearwater Compliance LLC | All Rights Reserved 22
  • 23. What A Risk Analysis Is Not • A network vulnerability scan • A penetration test • A configuration audit • A network diagram review • Information system activity review • A questionnaire © 2012-13 Clearwater Compliance LLC | All Rights Reserved 23
  • 24. Risk Analysis Is… …the process of identifying, prioritizing, and estimating risks to organizational operations… resulting from the operation of an information system… • Risk management incorporates threat and vulnerability analyses, • Considers mitigations provided by security controls planned or in place1. 1NIST SP800-30 © 2012-13 Clearwater Compliance LLC | All Rights Reserved 24
  • 26. © 2012-13 Clearwater Compliance LLC | All Rights Reserved 26
  • 27. The Risk Analysis Dilemma Assets and Media Threat Agent Threat Actions Vulnerabilities NIST SP 800-53 Controls Anti-malware PS-6 a The organization ensures Backup Media Burglar/ Thief Burglary/Theft that individuals requiring access to Desktop Electrical Incident Corruption or Vulnerabilities organizational information and Disk Array Entropy destruction of Destruction/Disposal information systems sign appropriate access agreements Electronic Medical Fire important data Vulnerabilities prior to being granted access. Device Data Leakage Dormant Accounts PS-6 b The organization Flood reviews/updates the access Laptop Data Loss Endpoint Leakage Inclement weather agreements [Assignment: Denial of Service Vulnerabilities organization-defined frequency]. Pager Malware AC-19 a The organization Destruction of Excessive User Permissions Server Network Connectivity establishes usage restrictions and important data Insecure Network implementation guidance for Smartphone Outage Electrical damage to Configuration organization-controlled mobile Storage Area Power devices. equipment Insecure Software AC-19 b The organization Network Outage/Interruption Fire damage to Development Processes authorizes connection of mobile Tablet Etcetera… devices meeting organizational equipment Insufficient Application usage restrictions and Third-party service Information leakage Capacity implementation guidance to provider organizational information systems. Etcetera… Insufficient data backup Etcetera… AC-19 d The organization enforces Insufficient data validation requirements for the connection of mobile devices to organizational Approximately 170,000,000 Insufficient equipment information systems. redundancy AC-19 e The organization disables Permutations Insufficient equipment information system functionality that provides the capability for shielding automatic execution of code on Insufficient fire protection mobile devices without user direction; Issues specially Insufficient HVAC capability configured mobile devices to Insufficient power capacity individuals traveling to locations that the organization deems to be Insufficient power shielding of significant risk in accordance with organizational policies and Etcetera… procedures. Etcetera…569 © 2012-13 Clearwater Compliance LLC | All Rights Reserved 27
  • 28. The Unique Clearwater Risk Algorithm™ © 2012-13 Clearwater Compliance LLC | All Rights Reserved 28
  • 29. The Unique Clearwater Risk Algorithm™ © 2012-13 Clearwater Compliance LLC | All Rights Reserved 29
  • 30. Software Demonstration Click Here to Go To Website © 2012-13 Clearwater Compliance LLC | All Rights Reserved 30
  • 31. Clearwater HIPAA Risk Analysis™- Benefits © 2012-13 Clearwater Compliance LLC | All Rights Reserved 31
  • 32. Clearwater HIPAA Risk Analysis™- Benefits Provides a “by-the-book” approach to meet HIPAA and Meaningful Use requirements Transforms risk management from “arts & crafts” to a mature, repeatable and sustainable process Facilitates informed risk management decision making by enabling prioritization and justification of security investments © 2012-13 Clearwater Compliance LLC | All Rights Reserved
  • 33. Clearwater HIPAA Risk Analysis™- Benefits Captures a baseline for your current security risk profile and measures progress in treating identified risks Becomes a “living, breathing tool” for ongoing HIPAA security risk management Empowers your organization to become self- sufficient in meeting the requirement for a periodic risk analysis as defined in the HIPAA Security Rule 45 CFR 164.308(a)(1)(ii)(A) © 2012-13 Clearwater Compliance LLC | All Rights Reserved
  • 34. Need help with resources or expertise? © 2012-13 Clearwater Compliance LLC | All Rights Reserved 34
  • 35. Need help with resources or expertise? © 2012-13 Clearwater Compliance LLC | All Rights Reserved 35
  • 36. Questions? © 2012-13 Clearwater Compliance LLC | All Rights Reserved 36
  • 37. Get more info… Register For Upcoming Live HIPAA-HITECH Webinars at: http://abouthipaa.com/webi nars/upcoming-live- webinars/ View pre-recorded Webinars like this one at: http://abouthipaa.com/webin ars/on-demand-webinars/ © 2012-13 Clearwater Compliance LLC | All Rights Reserved

Editor's Notes

  1. Moving quickly, raise hand anytime
  2. Completing a formal Security Risk Analysis is required by the HIPAA Security Rule and must follow HHS/OCR guidelines
  3. Completing a formal Security Risk Analysis is required by the HIPAA Security Rule and must follow HHS/OCR guidelines
  4. You don’t know your risks…
  5. You are at high risk of non-compliance..
  6. Organizations are struggling to identify threats…
  7. Organization Don’t know their VulnerabilitiesAre critical systems encrypted?Are passwords strong enough?Are we prepared in the event of disaster?
  8. All this uncertainty means we don’t know our riskUnknownFinancial RisksUnidentified Legal RisksUnclearRegulatory RisksLittle understanding of the risks to our data to day operations.
  9. Facilitates informed decision making enables prioritization and justification of security investments based on quantifiable deficienciesTransforms risk management from “arts & crafts” to science & engineering with a mature, repeatable and sustainable processEquips ready access to your Information Asset Inventory and your Risk Profile for informed risk management decisions or presentation to auditors or potential clientsCaptures a baseline for your current security risk profile and enables quantitative measurement of your progress in implementing needed controlsEmpowers your organization to become self-sufficient in meeting the requirement for a periodic risk analysis as defined in the HIPAA Security Rule 45 CFR 164.308(a)(1)(ii)(A) Becomes a “living, breathing tool” for ongoing date security risk management
  10. Facilitates informed decision making enables prioritization and justification of security investments based on quantifiable deficienciesTransforms risk management from “arts & crafts” to science & engineering with a mature, repeatable and sustainable processEquips ready access to your Information Asset Inventory and your Risk Profile for informed risk management decisions or presentation to auditors or potential clientsCaptures a baseline for your current security risk profile and enables quantitative measurement of your progress in implementing needed controlsEmpowers your organization to become self-sufficient in meeting the requirement for a periodic risk analysis as defined in the HIPAA Security Rule 45 CFR 164.308(a)(1)(ii)(A) Becomes a “living, breathing tool” for ongoing date security risk management