HCISPP

Course
Time
5 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:00
Hello again and welcome to the Hcs PP certification course with Sai Buri. Identify control, assessment process and procedures.
00:10
My name is Charlene Hutchins and I'll be your instructor today
00:16
in this module, we will cover assessment procedure requirements and framework mapping
00:26
to aid and ensuring security and privacy requirements are met. Many organizations adapt control frameworks to provide a governance program that is consistent, measurable, standardized, comprehensive and modular.
00:43
Let's review each requirement.
00:47
The government's programme must be consistent in how information, security and privacy is approached and apply.
00:55
If two similar situations or request result in different outcomes, stakeholders will lose faith in the integrity of the program and its usefulness
01:06
and many larger organizations with multiple business units. It is sometimes challenging to promote a consistent risk management process across multiple be used
01:17
communication must be consistent and the process must be explicitly defined.
01:22
It takes a team of people to ensure that everyone is on the same page and additionally, some program management organizations could assist the risk management function and getting this accomplished,
01:40
the government's programme must provide a way to determine progress and set goals.
01:45
Organizations who implement frameworks that can be measured are more likely to improve their security posture over time.
01:53
Most control frameworks contain an assessment standard or procedure to determine compliance and in some cases, risk as well.
02:04
One way to measure progress is to maintain metrics on the results of risk assessments that are performed.
02:10
How many corrective actions were remediation? Plans have been completed for the different control areas,
02:17
and as activities air completed, the risk posture shifts and changes.
02:23
As trends developed, they could be utilized to help strategic leaders make more informed decisions.
02:36
As with measurable above, ah controls framework should rely on standardization, so results from one organisation or part of an organization can be compared in a meaningful way.
02:49
If risk assessments aren't standardize, there's no meaningful way to communicate to leaders across an organization, how their risks are related and how accepting a risk and one area could potentially cause harm or create a vulnerability in another area.
03:10
A selective framework should cover the minimum legal and regulatory requirements of an organization and be extensible to accommodate additional organization specific requirements.
03:23
Working with the legal and compliance functions of an organization can support in ensuring the proper legal regulatory requirements are built into the risk management and risk assessment process.
03:42
A modular framework is more likely to withstand the changes of an organization as Onley, the controls or requirements needing modification are reviewed and updated.
03:53
An example of a control framework is the NIST SP 853. Revision for
04:01
this is the controls framework of over 250 controls in 18 categories or families.
04:10
The framework includes the ability to scope and Taylor controls toe on organizations, specific mission or requirements and is mandatory to be used for US federal agencies and their contractors
04:26
like this. A SP 853 Isil 27,001 is designed to cover organizations of all sizes and types.
04:36
The Annex A of Isil 27,001 contains the controls framework with objectives and specifics about each control.
04:47
Now, as you remember, we discussed in a previous module, Isil is a global framework that's been adapted by numerous industries. In most countries,
05:01
frameworks often map to each other. For example, missed 853 has been mapped to the Isil 27,001 standard.
05:13
While there is considerable overlap, there are some areas that are not an exact fit
05:18
the following chart is just a sample of control framework comparisons.
05:27
Let's still knowledge check
05:30
when similar situations have different outcomes.
05:32
That means the assessment process is not what
05:44
consistent,
05:46
correct,
05:47
next,
05:50
true or false. A framework that is measurable improves the security posture over time.
06:02
That answer is true.
06:05
One more
06:09
true or false
06:10
affect framework is more likely to look. Saying Changes oven organization
06:21
that that answer is false. The correct answer is that a modular framework will withstand changes of, um, organization.
06:32
So today be covered assessment, procedure requirements and framework mapping. Stay tuned for the next video.

Up Next

HCISPP

The HCISSP certification course provides students with the knowledge and skills to successfully pass the certification test needed to become a healthcare information security and privacy practitioner. The course covers all seven domains included on the exam.

Instructed By

Instructor Profile Image
Schlaine Hutchins
Director, Information Security / Security Officer
Instructor