Supplemental Materials – The Complete List

Program Syllabus

Session I:

1-1.   Clearwater White Paper: Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management

1-2.   Clearwater recorded webinar: How to Adopt the NIST Cybersecurity Framework

2-1.   NISTIR 7298 Revision 2 Glossary of Key Information Security Terms

2-2.   Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

2-3.   Guidance on Risk Analysis Requirements under the HIPAA Security Rule

2-4.   NIST SP800-39-final_Managing Information Security Risk 

2-5.   NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments

2-6.   NIST SP800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach 

2-7.   NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

2-8.   Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management

2-9.   NIST SP800-115 Technical Guide to Information Security Testing and Assessment

2-10. HHS/OCR FAQ on 3rd Party Certifications

3-1.   NIST SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations

3-2.   California Data Breach Report (February 2016)

3-3.   The CIS Critical Security Controls for Effective Cyber Defense Version 7

4-1. Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

4-2. Choosing an Information Risk Management Framework: The Case for the NIST Cybersecurity Framework (CSF) in Healthcare Organizations (Clearwater White Paper)

4-3. (Draft) Matt Barrett’s recorded 4/27 video introducing Version 1.1

4-4. NIST PPT version of slides: https://www.nist.gov/file/449511

4-5. Clearwater’s How to Adopt the NIST Cybersecurity Framework

4-6. NIST 12/21/2017 Webcast: Cybersecurity Framework 101

4-7. Slides for 12/21/2017 NIST Webcast: Cybersecurity Framework 101

Session 2

5-1.Clearwater blog post: “HIPAA Audit Tips – Don’t Confuse HIPAA Security Evaluation and Risk Analysis

5-2.NIST SP800-115 Technical Guide to Information Security Testing and Assessment

5-3.NIST SP800-53A Guide for Assessing the Security Controls in Federal Information Systems and Organizations

5-4. NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments

5-5. Sample – HIPAA Security Risk Analysis FOR Report

5-6. Guidance on Risk Analysis Requirements under the HIPAA Security Rule

5- 7.PTES Technical Guidelines

5-8. OWASP Testing Guide

5-9. OCR 2016 Audit Protocol

5-10. The Continuing Disconnect between the Health Care Industry and OCR on HIPAA’s Risk Analysis Requirement

5-11. Risk Analyses vs. Gap Analyses – What is the Difference?

 

6-1. AAMI TIR57, Principles for medical device security – risk management

6-2. Guidance on Risk Analysis Requirements under the HIPAA Security Rule

6-3. IEC 80001-1:2010 Application of risk management for IT-networks incorporating medical devices – Part 1: Roles, responsibilities and activities

6-4. ISO 14971 Medical devices — Application of risk management to medical devices

6-5. FDA Content of Premarket Submissions for Management of Cybersecurity in Medical Devices Guidance

6-6. FDA Postmarket Management of Cybersecurity in Medical Devices

6-7. Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

6-8. THE FDA’S ROLE IN MEDICAL DEVICE CYBERSECURITY

6-9. NIST SP1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations – DRAFT

6-10.        NIST SP 800-30 Rev 1, Guide for Conducting Risk Assessments

6-11.        NIST SP800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

6-12.       NIST SP 800-39, Managing Information Security Risk Organization, Mission, and Information System View

 

7-1. Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management (Clearwater White Paper)

7-2. NIST SP800-39-final_Managing Information Security Risk 

7-3. NIST SP800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach 

7-4. NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

7-5. Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

7-6. NIST Risk Management Framework 2009

Session 3

8-1. Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management (Clearwater White Paper)

8-2. NIST SP800-39-final_Managing Information Security Risk 

8-3. NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

8-4. Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

8-5. Sample – HIPAA Security Risk Analysis FOR Report

8-6. Guidance on Risk Analysis Requirements under the HIPAA Security Rule

8-7.NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments

8-8.NIST SP800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

89.  30-Minute Guide to Hiring The Best Risk Analysis Company | What to Look for in a HIPAA Risk Analysis Company & Solution (scroll down)

8-10.How to Conduct an OCR-Quality Risk Analysis-On Demand (Webinar)

9-1.NIST SP800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

9-2.NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

9-3.NIST Interagency Report 7756 CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture (Second Draft)

9-4.NIST Interagency Report 7799 Continuous Monitoring Reference Model, Workflow, and Specifications (Draft)

9-5.NIST Interagency Report 7800 Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains (DRAFT)

10-1.Connecting the Dots Between Cyber Risk and Patient Safety (Clearwater White Paper)

10-2.Hacking Hospitals (Independent Security Evaluators Research Report)

10-3.Top 10 Health Technology Hazards for 2016 (ECRI Institute Report)

10-4.Information Risk Management Capability Advancement Model (Clearwater White Paper)

Questions from Attendees:  You Asked, We Answered

These documents are not legal advice, please consult with your legal counsel on all such matters.

Some additional information related to potential future changes:

[/fusion_text]