There has been a lot of talk recently about cyber resilience. There is no doubt that the ability to bounce back from a security event is important, however, all of the resiliency banter seems to be happening at the peril of sound risk management processes.  It is safe to say that the path to resilience is paved with risk management.

Risk management can be a tricky endeavor. Too many security professionals have been ambushed in meetings with a risk manager who drifts into wild flights of fancy. These types of unbridled catastrophic imaginings miss the point of solid risk management. One way to reign in these “journeys of the unlikely” is with the use of a solid assurance framework. One of the most notable assurance frameworks for risk management is offered by HITRUST.

What is HITRUST?

Many people in the healthcare industry are familiar with HITRUST, but the approach is not specific, or limited to health care. In fact, it is industry agnostic. The different assurance approach offered is useful for all industries that need to address compliance and risk management. What makes it superior to the other available models? The answer lies in the way that it engages an organization’s risk profile.

Building upon the Capability Maturity Model (CMM), and NIST’s PRISMA, the HITRUST approach leverages best in class components for a comprehensive information risk management and compliance program that integrates and aligns the following:

  • HITRUST CSF – a robust privacy and security controls framework which harmonizes dozens of authoritative sources such as HIPAA, ISO 27001, and NIST 800-171.
  • HITRUST Assurance Program — a scalable and transparent means to provide reliable assurances to internal and external stakeholders.
  • HITRUST MyCSF — a HITRUST CSF compliance operations and audit management platform used by organizations adopting (Read more...)