Educause Security Discussion mailing list archives
Re: Implementing risk analysis process to meet HIPAA security requirements
From: "Gordon D. Wishon" <gwishon () ND EDU>
Date: Tue, 13 Jan 2004 12:38:42 -0500
The task force is pursuing an initiative with the Software Engineering Institute to assess the applicability of their OCTAVE risk assessment methodology to the higher ed environment. The initiative includes a series of pilots with a small but diverse set of institutions that will take place over the coming Winter/Spring. The project is still in the formative stage, so I can't predict when a product for general consumption might be available. In the meantime, the task force web site has pointers to this and other methodologies that some have found useful. See http://www.educause.edu/security/resources/risk.asp. Gordon Wishon Task Force Co-Chair At 08:54 AM 1/13/2004 -0500, you wrote:
David: I heard a rumor that the Educause Security task force will create and publish a risk analysis template early this year. Does anyone have further information on this? Craig David Grisham wrote:I would appreciate anyone who has already implemented a university wide or health science center level risk analysis process at their institution to send any observations about implementing the process. A fairly straightforward web form can be put into place. Where I anticipate the problems are in the education of the owners of Electronic Protected Health Information (EPHI) and the integration of the process throughout the IT enterprise. I will summarize all replies. Cheers. --grish David D. Grisham, Ph.D., CISM Adjunct Faculty, Computer Science Department, UNM Information Security Manager, UNM Hospitals, Ph: (505) 272-5657 FAX 272-3305 1650 University Blvd, suite 500 Albuquerque, NM 87102 e-mail business: <mailto:dgrisham () salud unm edu>dgrisham () salud unm edu other personal or academic: <mailto:dave () unm edu>dave () unm edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at <http://www.educause.edu/cg/>http://www.educause.edu/cg/.-- Craig Blaha Associate Director Information Policy, Security and Web Development The College of New Jersey PO Box 7718 Ewing, NJ 08628 <http://www.tcnj.edu>www.tcnj.edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Implementing risk analysis process to meet HIPAA security requirements David Grisham (Jan 12)
- <Possible follow-ups>
- Re: Implementing risk analysis process to meet HIPAA security requirements Craig Blaha (Jan 13)
- Re: Implementing risk analysis process to meet HIPAA security requirements Gordon D. Wishon (Jan 13)