Risk Management Handbook

1.1

Table of Contents

Risk Management Handbook

1.1
- Risk Management Handbook — 1.1

Executive Summary
Table of Contents
- List of Figures
- List of Tables
Introduction
Risk Concepts
- Risk and Risk Management
- Risk Management Frameworks
The HITRUST Risk Management Framework
- Step 1- Identify Risks and Define Protection Requirements
- Step 2- Specify Controls
- Step 3- Implement and Manage Controls
- Step 4- Assessment and Reporting
  - Assurance
  - Assessment Approach
    - HITRUST CSF Control Maturity Model
    - Evaluating HITRUST CSF Controls
Final Thoughts
About the Author
About HITRUST
Appendix A – Special Topics
- A-1. Alternate Controls
- A-2. Compliance
- A-3. Control Functions
- A-4. Cyber Threat Adaptive Control Specification
  - Introduction
    - Approach
    - Disclaimer
- A-5. Information Risk
- A-6. Interoperability
- A-7. NIST Cybersecurity Framework Implementation
- A-8. Purposive Samples
- A-9. Third-Party Risk Management
- A-10. Threat Ontology
Appendix B – Acronyms and Abbreviations
Appendix C – Glossary of Terms
Appendix D – References
Appendix E – Summary of Changes
- Version 1.0

Table of Contents

Executive Summary

List of Figures

Table of Contents
- List of Figures
- List of Tables
Introduction
Risk Concepts
- Risk and Risk Management
- Risk Management Frameworks
The HITRUST Risk Management Framework
Final Thoughts
About the Author
About HITRUST
Appendix A – Special Topics
Appendix B – Acronyms and Abbreviations
Appendix C – Glossary of Terms
Appendix D – References
Appendix E – Summary of Changes
- Version 1.0

Executive Summary

List of Figures

© 2024 HITRUST All rights reserved. Reproduction, re-use, and creation of derivative works are prohibited.