Risk Management Handbook
1.1
  • 1.1
Table of Contents
Risk Management Handbook
  • 1.1
    • Risk Management Handbook — 1.1
GrabGrab
GrabGrab
  • Executive Summary
  • Table of Contents
    • List of Figures
    • List of Tables
  • Introduction
  • Risk Concepts
    • Risk and Risk Management
    • Risk Management Frameworks
      • Step 1- Identify Risks and Define Protection Requirements
      • Step 2- Specify Controls
      • Step 3- Implement and Manage Controls
      • Step 4- Assess and Report
  • The HITRUST Risk Management Framework
    • Step 1- Identify Risks and Define Protection Requirements
      • Risk Analysis
      • Control Framework-based Risk Analysis
      • Quasi-Quantitative Residual Risk Analysis
        • Background
        • Current Limitations
        • QQRRA Approach
    • Step 2- Specify Controls
    • Step 3- Implement and Manage Controls
    • Step 4- Assessment and Reporting
      • Assurance
        • Dimensions of Assurance
        • Attributes of Assurance
        • Indicators of Assurance
      • Assessment Approach
        • HITRUST CSF Control Maturity Model
        • Evaluating HITRUST CSF Controls
  • Final Thoughts
  • About the Author
  • About HITRUST
  • Appendix A – Special Topics
    • A-1. Alternate Controls
    • A-2. Compliance
    • A-3. Control Functions
    • A-4. Cyber Threat Adaptive Control Specification
      • Introduction
        • Approach
        • Disclaimer
    • A-5. Information Risk
    • A-6. Interoperability
    • A-7. NIST Cybersecurity Framework Implementation
      • Introduction
      • NIST Cybersecurity Framework Core
      • Implementing the NIST Cybersecurity Framework
    • A-8. Purposive Samples
    • A-9. Third-Party Risk Management
      • Introduction
      • Third-Party Risk Management
      • Third-Party Qualification
    • A-10. Threat Ontology
  • Appendix B – Acronyms and Abbreviations
  • Appendix C – Glossary of Terms
  • Appendix D – References
  • Appendix E – Summary of Changes
    • Version 1.0

Table of Contents

Executive Summary
List of Figures
  • Table of Contents
    • List of Figures
    • List of Tables
  • Introduction
  • Risk Concepts
    • Risk and Risk Management
    • Risk Management Frameworks
      • Step 1- Identify Risks and Define Protection Requirements
      • Step 2- Specify Controls
      • Step 3- Implement and Manage Controls
      • Step 4- Assess and Report
  • The HITRUST Risk Management Framework
    • Step 1- Identify Risks and Define Protection Requirements
      • Risk Analysis
      • Control Framework-based Risk Analysis
      • Quasi-quantitative Residual Risk Analysis
    • Step 2 – Specify Controls
    • Step 3 – Implement and Manage Controls
    • Step 4 – Assessment and Reporting
      • Assurance
      • Assessment Approach
  • Final Thoughts
  • About the Author
  • About HITRUST
  • Appendix A – Special Topics
    • A-1. Alternate Controls
    • A-2. Compliance
    • A-3. Control Functions
    • A-4. Information Risk
    • A-5. Interoperability
    • A-6: NIST Cybersecurity Framework Implementation
      • Introduction
      • NIST Cybersecurity Framework Core
      • Implementing the NIST Cybersecurity Framework
    • A.7. Purposive Samples
    • A-8. Third-Party Risk Management
      • Introduction
      • Third-Party Risk Management
      • Third-Party Qualification
    • A-9. Threat Ontology
  • Appendix B – Acronyms and Abbreviations
  • Appendix C – Glossary of Terms
  • Appendix D – References
  • Appendix E – Summary of Changes
    • Version 1.0
Executive Summary
List of Figures
© 2024 HITRUST All rights reserved. Reproduction, re-use, and creation of derivative works are prohibited.