Supplemental Materials – The Complete List

Program Syllabus

Session I:

1-1   Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management (Clearwater White Paper)

1-2   Banner Health’s Becky Havlisch and Bob Chaput on Nimble Cyber Risk Management

1-3   Cleveland Clinic’s Charles Kolodkin and Clearwater’s Bob Chaput Share Crucial Steps in Developing a Hospital Cyber Risk Management Strategy

1-4   National Children’s Rebecca Cady and Clearwater’s Bob Chaput discuss Managing Cyber Risk through an Insurance Captive

2-1  NISTIR 7298 Revision 2 Glossary of Key Information Security Terms

2-2  Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

2-3  Guidance on Risk Analysis Requirements under the HIPAA Security Rule

2-4  NIST SP800-39-final_Managing Information Security Risk 

2-5  NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments

2-6  NIST SP800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

2-7  NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

2-8  NIST SP800-115 Technical Guide to Information Security Testing and Assessment

2-9  HHS/OCR FAQ on 3rd Party Certifications

Session 2

3-1   The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security (ANSI)(PDF)

3-2   Cost of a Data Breach Model (Excel)

3-3   Links to Supplemental Guidance from OCR:

·       HIPAA Guidance Materials

·       OCR Resolution Agreements

·       OCR Complaint Data

·       OCR Breach Data

·       FACT SHEET: Ransomware and HIPAA

·       11 Ransomware Trends for 2018

·       HIPAA Privacy, Security and Breach Notification Audit Program

4-1  NIST SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations

4-2  California Data Breach Report (February 2016)

4-3  CIS Top 20 Critical Security Controls v7

Session 3

5-1   Framework for Improving Critical Infrastructure Cybersecurity v1.1 (NIST Cybersecurity Framework Version 1.1)

5-2   Choosing an Information Risk Management Framework: The Case for the NIST Cybersecurity Framework (CSF) in Healthcare Organizations (Clearwater White Paper)

5-3   NIST’s Matt Barrett’s recorded 4/27 video introducing Version 1.1: https://youtu.be/NOqLyXgPNms

5-4   NIST PPT version of slides: https://www.nist.gov/file/449511

5-5   Clearwater’s How to Adopt the NIST Cybersecurity Framework

5-6   NIST 12/21/2017 Webcast: Cybersecurity Framework 101

5-7   Slides for 12/21/2017 NIST Webcast: Cybersecurity Framework 101

6-1  Sample – HIPAA Security Risk Analysis FOR Report

6-2  Guidance on Risk Analysis Requirements under the HIPAA Security Rule

6-3  NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments

6-4  NIST SP800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

6-5  30-Minute Guide to Hiring The Best Risk Analysis Company | What to Look for in a HIPAA Risk Analysis Company & Solution

6-6  White Paper: How to Conduct a Bona Fide Risk Analysis (PDF)

6-7  PCI DSS Risk Assessment Guideline

6-8  Sarbanes-Oxley Section 404 A Guide for Small Business

6-9  Risk Analysis Cost Justification (PDF)

SESSION 4

7-1   Sample – HIPAA Security Risk Analysis FOR Report

7-2   Guidance on Risk Analysis Requirements under the HIPAA Security Rule

7-3   NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments

7-4   30-Minute Guide to Hiring the Best Risk Analysis Company

7-5   Clearwater recorded webinar – The Critical Difference: HIPAA Security Evaluation v HIPAA Security Risk Analysis

7-6    http://clearwatercompliance.com/wp-content/uploads/SP800-39-final.pdf

8-1   NACD Cyber-Risk Handbook

SESSION 5

9-1   AAMI TIR57, Principles for medical device security – risk management

9-2   Guidance on Risk Analysis Requirements under the HIPAA Security Rule

9-3   IEC 80001-1:2010 Application of risk management for IT-networks incorporating medical devices – Part 1: Roles, responsibilities and activities

9-4   ISO 14971 Medical devices — Application of risk management to medical devices

9-5   FDA Content of Premarket Submissions for Management of Cybersecurity in Medical Devices Guidance

9-6   FDA Postmarket Management of Cybersecurity in Medical Devices

9-7   Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

9-8   THE FDA’S ROLE IN MEDICAL DEVICE CYBERSECURITY

9-9   NIST SP1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations – DRAFT

9-10         NIST SP 800-30 Rev 1, Guide for Conducting Risk Assessments

9-11         NIST SP 800-37 Rev1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

9-12         NIST SP 800-39, Managing Information Security Risk Organization, Mission, and Information System View 2018_A

10-1         ARRA

10-2         HIPAA Omnibus Final Rule

10-3         OCR 2016 Audit Protocol

10-4         OCR Complaint Data

10-5         OCR Breach Data

10-6         OCR Resolution Agreements