Supplemental Materials

Program Syllabus

1-1.   Clearwater White Paper: Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management

1-2.   Clearwater recorded webinar: How to Adopt the NIST Cybersecurity Framework

2-1.   NISTIR 7298 Revision 2 Glossary of Key Information Security Terms

2-2.   Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

2-3.   Guidance on Risk Analysis Requirements under the HIPAA Security Rule

2-4.   NIST SP800-39-final_Managing Information Security Risk 

2-5.   NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments

2-6.   NIST SP800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach 

2-7.   NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

2-8.   Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management

2-9.   NIST SP800-115 Technical Guide to Information Security Testing and Assessment

2-10. HHS/OCR FAQ on 3rd Party Certifications

3-1.   Hacking Hospitals (Independent Security Evaluators Research Report)

3-2. Top 10 Health Technology Hazards for 2016 (ECRI Institute Report)

3-3. AAMI TIR57, Principles for medical device security – risk management

3-4. Guidance on Risk Analysis Requirements under the HIPAA Security Rule

3-5. IEC 80001-1:2010 Application of risk management for IT-networks incorporating medical devices – Part 1: Roles, responsibilities and activities

3-6. ISO 14971 Medical devices — Application of risk management to medical devices

3-7. FDA Content of Premarket Submissions for Management of Cybersecurity in Medical Devices Guidance

3-8. FDA Post-market Management of Cybersecurity in Medical Devices

3-9. Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

3-10.        NIST Cybersecurity Framework

3-11.       NIST SP 1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations – DRAFT

3-12.       NIST SP 800-30 Rev 1, Guide for Conducting Risk Assessments

3-13.       NIST SP 800-37 Rev1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

3-14.       NIST SP 800-39, Managing Information Security Risk Organization, Mission, and Information System View 

4-1.   NIST SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations

4-2.   California Data Breach Report (February 2016)

4-3.   The CIS Critical Security Controls for Effective Cyber Defense Version 6.1

5-1. Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

5-2. Choosing an Information Risk Management Framework: The Case for the NIST Cybersecurity Framework (CSF) in Healthcare Organizations (Clearwater White Paper)

5-3. (Draft) Cybersecurity Framework v1.1 (PDF) without markup

5-4. (Draft) Cybersecurity Framework v1.1 Core (Excel)

5-5. NIST Video: The Cybersecurity Framework

5-6. NIST Video: Cybersecurity Framework Shared

5-7. AEHIS CHIME Comments on NIST Cyber Framework 2017

5-8. HIMSS-Response-NIST-Cybersecurity-Framework

5-9. The Cybersecurity Framework | Implementation Guidance for Federal Agencies

5-10.        SP 800-37 Rev. 2 (DRAFT) Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy (Discussion Draft)

5-11.        NIST 12/21/2017 Webcast: Cybersecurity Framework 101

 6-1.   Clearwater blog post: “HIPAA Audit Tips – Don’t Confuse HIPAA Security Evaluation and Risk Analysis

6-2.   NIST SP800-115 Technical Guide to Information Security Testing and Assessment

6-3.   NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments

7-1. Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management (Clearwater White Paper)

7-2. NIST SP800-39-final_Managing Information Security Risk 

7-3. NIST SP800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach 

7-4. NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

7-5. Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

8-1.   Sample – HIPAA Security Risk Analysis FOR Report

8-2.   Guidance on Risk Analysis Requirements under the HIPAA Security Rule

8-3.   NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments

8-4.   White Paper: How to Conduct a Bona Fide Risk Analysis (PDF)

8-5.   PCI DSS Risk Assessment Guideline (PDF)

8-6.   30-Minute Guide to Hiring the Best Risk Analysis Company

8-7.   Clearwater recorded webinar – The Critical Difference: HIPAA Security Evaluation v HIPAA Security Risk Analysis

8-8.   Clearwater recorded webinar – How to Conduct an OCR-Quality Risk Analysis

9-1.   NIST SP800-39-final_Managing Information Security Risk 

9-2.   Guided Tour of the Clearwater IRM|Analysis™: Risk Response Module on 09/27/2016

10-1. HHS / OCR SAMPLE BUSINESS ASSOCIATE AGREEMENT PROVISIONS  (Word)

10-2. Business Associates References in HIPAA-HITECH (PDF)

10-3. Re: Conduit Exception (PDF)

10-4. Clearwater White Paper:  HIPAA Compliance | Now Even More Critical for Third Party Administrators (PDF)

10-5. Clearwater White Paper: HIPAA Privacy Rule for Business Associates (PDF)

10-6. Clearwater White Paper: HIPAA Security Rule for Business Associates (PDF)

10-7. Clearwater White Paper: HIPAA Primer for Business Associates (PDF)

11-1. Connecting the Dots Between Cyber Risk and Patient Safety (Clearwater White Paper)

11-2. Hacking Hospitals (Independent Security Evaluators Research Report)

11-3. Top 10 Health Technology Hazards for 2016 (ECRI Institute Report)

11-4. Information Risk Management Capability Advancement Model (Clearwater White Paper)

Additional Resource: The Financial Impact of Breached Protected Health Information: 2017 Update

 

 

[/fusion_text]