Security Basics mailing list archives
Re: Risk Ranking...
From: "Brian Loe" <knobdy () gmail com>
Date: Tue, 29 Aug 2006 15:35:30 -0500
What kind of incidents are you talking about? HIPAA requirements should help, since you're in healthcare. You might look up DITSCAP for a guideline as well (military, DoD security requirements). Usually with HIPAA you'll have levels of disclosure for PHI incidents - but I'm not sure that they bother ranking them. Since "google" is now a verb, how do you spell googleing/googling? :) On 8/28/06, Barrick, Chanda B <cbbarric () iupui edu> wrote:
I am trying to figure out how to develop a risk ranking methodology for incident reporting in a healthcare environment. I don't even really know where to begin. I've been googleing, but I'm not finding much that is helpful. Anyone have any suggestions? Thanks Chanda
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Risk Ranking... Barrick, Chanda B (Aug 29)
- Re: Risk Ranking... Brian Loe (Aug 30)
- Re: Risk Ranking... Woods_Beau (Aug 31)
- <Possible follow-ups>
- RE: Risk Ranking... Kyle White (Aug 30)