NIST SP 800-30 Archives

Common Hazards in Risk Management: The Selfish Risk Assessment

2013

Information security laws and regulations are telling us to conduct cyber security risk assessments before we develop our security and compliance programs. They insist on this so our security goals are meaningful to each of us, rather than aspiring to a generic list of controls that were written by experts who never met us and […]

If HIPAA Compliance Seems Too Hard … Then You’re Doing it Wrong. Here are the Basics of Doing it Right.

2013

In April of 2013 the Office of Civil Rights, the branch of the Department of Health and Human Services that oversees compliance with the HIPAA Security Rule, started releasing analysis from their pilot audit of Security Rule compliance. In 2012, OCR and their audit partner KPMG set out to assess 115 organizations: hospitals, insurance companies, […]