ISC2
Risk Management and Risk Assessment in a Healthcare Setting
ISC2

Risk Management and Risk Assessment in a Healthcare Setting

Gain insight into a topic and learn the fundamentals.
Beginner level

Recommended experience

3 hours to complete
Flexible schedule
Learn at your own pace
Gain insight into a topic and learn the fundamentals.
Beginner level

Recommended experience

3 hours to complete
Flexible schedule
Learn at your own pace

See how employees at top companies are mastering in-demand skills

 logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the ISC2 Healthcare Certificate Specialization
When you enroll in this course, you'll also be enrolled in this Specialization.
  • Learn new concepts from industry experts
  • Gain a foundational understanding of a subject or tool
  • Develop job-relevant skills with hands-on projects
  • Earn a shareable career certificate

There are 6 modules in this course

Risk management is a crucial element for understanding information and privacy security. This domain sets the foundation for the entire course; terms defined here will be used in this book and in your day-to-day career. Risk management is one of the most complicated and important topics in information security, and this chapter does not pretend to cover all the different elements pertaining to it, but it provides a high-level glimpse of the essential concepts of this vital function. ​ In the healthcare industry, the importance of adopting a risk management approach is even more crucial, due to the sensitive nature of the information. Data sharing can, in many cases, be a matter of life and death in the healthcare industry. However, patient safety is not the only objective. Saving someone's life only to have their most sensitive secrets leaked to unauthorized parties is counterproductive. Hence, the security and privacy practitioner must balance the clinical need for information and the patient's rightful expectation of privacy. ​ Like other industries, the healthcare industry relies on technology to improve operations and patient care. In many cases, these technologies come with associated risks that must be considered. The industry also has unique regulatory and business requirements that the security and privacy practitioner must uphold. ​

What's included

1 reading

Maintaining the confidentiality, integrity, and availability (CIA) of assets is the basis of information security. As security and privacy practitioners, maintaining the CIA of personally identifiable information (PII) and protected health information (PHI) is of the highest priority. We use the objectives of confidentiality, integrity, and availability—the CIA triad—as a framework for assessing how different security policies, processes, and tools affect the overall security posture of a system. When discussing assets in the information and privacy security world, we are talking about data assets. They can exist in many forms but are commonly stored in digital form or as physical copies. Maintaining the CIA aspects of the information is crucial regardless of data format. Ensuring that CIA expectations are met requires evaluating all the supporting technologies and mechanisms in the data process (creation, use, storage, and archiving). The interrelated nature of data systems makes it more challenging to ensure a comprehensive assessment of security controls over the data.

What's included

15 readings4 assignments

Risk management frameworks provide security practitioners with a set of guidelines and best practices intended to reduce the organization’s exposure to a wide range of compromises. The use of frameworks allows the organization to assess its security posture and maturity and take it to a desired level while creating an auditable, repeatable system for managing information assets. Risk frameworks protect the confidentiality, integrity, and availability of the organization and its data. Many risk frameworks exist, including the NIST Risk Management Framework (RMF), the Information Security Management System defined in the ISO 27000 series, and the Information Technology Infrastructure Library (ITIL), among others. Some of them, such as ISO 27799:2016–Health Informatics, include specific healthcare-related topics, whereas others are more general. The healthcare security professional should be familiar with leading risk frameworks and utilize them to improve policies and procedures, implement security controls, and build business continuity plans in the organization.

What's included

17 readings3 assignments

Performing risk assessment is only an initial part in the risk management process. The more complicated aspect is choosing and implementing controls that are best suited to the organization’s needs. ​Every organization has different needs, requirements, and resources for addressing the findings in the risk assessment. Control choice can vary based on geographic location, existing staffing levels, contractual requirements, and so on. ​This module provides insight as to how controls are chosen.

What's included

4 readings4 assignments

The risk management process’s objective is to identify risks and address them to protect the business. There are four general approaches to respond to risk. In this module, we will review these four approaches and consider when and how they are used.

What's included

7 readings4 assignments

What's included

1 assignment

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.

Instructor

ISC2 Education & Training
ISC2
34 Courses113,854 learners

Offered by

ISC2

Explore more from Computer Security and Networks

Why people choose Coursera for their career

Felipe M.
Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
Jennifer J.
Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
Larry W.
Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
Chaitanya A.
"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."
Coursera Plus

Open new doors with Coursera Plus

Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Frequently asked questions