Supplemental Materials – The Complete List

Program Syllabus

Session I:

1-1.   Clearwater White Paper: Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management

1-2.   Clearwater recorded webinar: How to Adopt the NIST Cybersecurity Framework
2-1.   NISTIR 7298 Revision 2 Glossary of Key Information Security Terms

2-2.   Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

2-3.   Guidance on Risk Analysis Requirements under the HIPAA Security Rule

2-4.   NIST SP800-39-final_Managing Information Security Risk 

2-5.   NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments

2-6.   NIST SP800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach 

2-7.   NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

2-8.   Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management

2-9.   NIST SP800-115 Technical Guide to Information Security Testing and Assessment

2-10. HHS/OCR FAQ on 3rd Party Certifications

3-1.   NIST SP 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations

3-2.   California Data Breach Report (February 2016)

3-3.   The CIS Critical Security Controls for Effective Cyber Defense Version 7

4-1. Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

4-2. Choosing an Information Risk Management Framework: The Case for the NIST Cybersecurity Framework (CSF) in Healthcare Organizations (Clearwater White Paper)

4-3. (Draft) Matt Barrett’s recorded 4/27 video introducing Version 1.1

4-4. NIST PPT version of slides: https://www.nist.gov/file/449511

4-5. Clearwater’s How to Adopt the NIST Cybersecurity Framework

4-6. NIST 12/21/2017 Webcast: Cybersecurity Framework 101

4-7. Slides for 12/21/2017 NIST Webcast: Cybersecurity Framework 101

Session 2

 5-1.   Clearwater blog post: “HIPAA Audit Tips – Don’t Confuse HIPAA Security Evaluation and Risk Analysis

5-2.   NIST SP800-115 Technical Guide to Information Security Testing and Assessment

5-3.   NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments
6-1.    Resolution Agreements and Civil Money Penalties

6-2.    09-06-2017_Update on OCR’s Phase 2 HIPAA Audits by Linda Sanches

6-3.    NACD Cyber-Risk Oversight Handbook Executive Summary

6-4.    Symantec Healthcare Internet Security Threat Report

6-5.    Symantec Internet Security Threat Report

6-6.    Securing Hospitals: A research study and blueprint
7-1. Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management (Clearwater White Paper)

7-2. NIST SP800-39-final_Managing Information Security Risk 

7-3. NIST SP800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach 

7-4. NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

7-5. Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

Session 3

8-1. Clearwater White Paper: Harnessing the Power of NIST | Your Practical Guide to Effective Information Risk Management

8-2. NIST SP800-39-final_Managing Information Security Risk 

8-3. NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations

8-4. Framework for Improving Critical Infrastructure Cybersecurity  (NIST Cybersecurity Framework)

8-5. Sample – HIPAA Security Risk Analysis FOR Report

8-6. Guidance on Risk Analysis Requirements under the HIPAA Security Rule

8-7. NIST SP800-30 Revision 1 Guide for Conducting Risk Assessments

8-8. NIST SP800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach

8-9. 30-Minute Guide to Hiring The Best Risk Analysis Company | What to Look for in a HIPAA Risk Analysis Company & Solution (scroll down)

8-10.  How to Conduct an OCR-Quality Risk Analysis-On Demand (Webinar)

9-1.   NIST SP800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (link)

9-2.   NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations (link)

9-3.   NIST Interagency Report 7756 CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture (Second Draft)

9-4.   NIST Interagency Report 7799 Continuous Monitoring Reference Model, Workflow, and Specifications (Draft)

9-5.   NIST Interagency Report 7800 Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains (DRAFT)

9-6.   Using risk-based Metrics (pdf)

10-1. Connecting the Dots Between Cyber Risk and Patient Safety (Clearwater White Paper)

10-2. Hacking Hospitals (Independent Security Evaluators Research Report)

10-3. Top 10 Health Technology Hazards for 2016 (ECRI Institute Report)

10-4. Information Risk Management Capability Advancement Model (Clearwater White Paper)

You Asked, We Answered

These documents are not legal advice, please consult with your legal counsel on all such matters.

Some additional information related to potential future changes: