Educause Security Discussion mailing list archives

Re: Implementing risk analysis process to meet HIPAA security requirements

From: "Gordon D. Wishon" <gwishon () ND EDU>
Date: Tue, 13 Jan 2004 12:38:42 -0500

The task force is pursuing an initiative with the Software Engineering
Institute to assess the applicability of their OCTAVE risk assessment
methodology to the higher ed environment.  The initiative includes a series
of pilots with a small but diverse set of institutions that will take place
over the coming Winter/Spring.  The project is still in the formative
stage, so I can't predict when a product for general consumption might be
available.

In the meantime, the task force web site  has pointers to this and other
methodologies that some have found
useful.  See  http://www.educause.edu/security/resources/risk.asp.

Gordon Wishon
Task Force Co-Chair


At 08:54 AM 1/13/2004 -0500, you wrote:

David:

I heard a rumor that the Educause Security task force will create and
publish a risk analysis template early this year. Does anyone have further
information on this?

Craig

David Grisham wrote:

I would appreciate anyone who has already implemented a university wide or
health science center level risk analysis process at their institution to
send any observations about implementing the process.  A fairly
straightforward web form can be put into place.
Where I anticipate the problems are in the education of the owners of
Electronic Protected Health Information (EPHI) and the integration of the
process throughout the IT enterprise.
I will summarize all replies.
Cheers. --grish
David D. Grisham, Ph.D., CISM
Adjunct Faculty, Computer Science Department, UNM
Information Security Manager,
UNM Hospitals, Ph: (505) 272-5657 FAX 272-3305
1650 University Blvd, suite 500 Albuquerque, NM 87102
e-mail business: <mailto:dgrisham () salud unm edu>dgrisham () salud unm edu
other personal or academic: <mailto:dave () unm edu>dave () unm edu
********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
<http://www.educause.edu/cg/>http://www.educause.edu/cg/.


--
Craig Blaha
Associate Director
Information Policy, Security and Web Development
The College of New Jersey
PO Box 7718
Ewing, NJ 08628
<http://www.tcnj.edu>www.tcnj.edu

********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Implementing risk analysis process to meet HIPAA security requirements David Grisham (Jan 12)
- <Possible follow-ups>
- Re: Implementing risk analysis process to meet HIPAA security requirements Craig Blaha (Jan 13)
- Re: Implementing risk analysis process to meet HIPAA security requirements Gordon D. Wishon (Jan 13)