Figure 1. Risk Concepts
Figure 2. General 4-Step Risk Management Process
Figure 3. Typical 7-Step Risk Analysis Process
Figure 4. Custom Control Specification Based on the Risk Analysis Process
Figure 5. Risk Analysis Supporting Specification of the NIST Minimum Security Control Baselines
Figure 6. Control Framework-based Risk Analysis
Figure 7. Qualitative Risk Matrix
Figure 8. Quasi-quantitative Risk Matrix
Figure 9. QQRRA Risk Ontology
Figure 10. Attenuating ARO with Motivation and Capability in the ALE Model
Figure 11. The HITRUST CSF – A Highly Tailored, Industry-level Control Framework Overlay
Figure 12. HITRUST CSF Control Framework Structure
Figure 13. Layered Structure of a HITRUST CSF Control
Figure 14. Segmenting the Organizational Environment for HITRUST CSF Implementation
Figure 15. Relationship of Features, Indicators, Attributes, and Dimensions
Figure 16. The HITRUST Approach
Figure 17. Notional Process Flow for the Risk Analysis of Alternative Controls
Figure 18. Relationship Between the NIST Core Functions and Control Functions
Figure 19. Relationship of the NIST Core Identify Function with Other NIST Core Functions
Figure 20. Control Function Decomposition Model
Figure 21. The Relationship of Information and Organizational Risk
Figure 22. NIST Cybersecurity Framework Structure
Figure 23. Using the HITRUST CSF to Support NIST Cybersecurity Framework Implementation
Figure 24. Generic Third-Party Risk Management Process Model
Figure 25. Generic Third-Party Qualification Process
Figure 26. The Threat Wheel
Figure 27. HITRUST Threat Ontology