The risk assessment is the foundation of the organization’s computer security program. Because of its importance, the federal government requires that physicians and hospitals must conduct a security risk analysis in order to obtain “meaningful use” incentives.
Eagle Consulting Partners works with physician practices, hospitals, and other organizations to conduct this risk analysis. The analysis will be based on the size and scope of the organization, the computing infrastructure in place and the existing controls used by the organization.
The NIST 800-30 framework is used to identify and quantify risk, then to select the most cost-effective methods for reducing that risk. For example, by determining the both the probability and impact of a one-hour, half-day, or full-day of system downtime, an intelligent decision can be made regarding best system backup, recovery, and data-redundancy solutions for the organization.
The deliverable for this service is a risk assessment report and a corrective action plan which includes recommended steps to correct deficiencies identified in the analysis.
