Chapter 10: Risk Analysis and Risk Management


By definition, risk is the possibility of loss. [1] Risk analysis is the process of identifying risks, assessing risk magnitude, and weighing the cost benefit of implementing countermeasures to mitigate the risk. Sometimes risk analysis is referred to as risk assessment and the terms are often used interchangeably. For the purpose of this writing, we will heretofore use the term risk analysis in lieu of risk assessment.

Risk management is the overall program that organizations use to control risk. Risk analysis is part of risk management. Within a risk management program, you first need to ascertain findings before you implement controls. During risk analysis, you accumulate meaningful data that is used to make recommendations for future initiatives. Risk management includes not only risk analysis, but also managing, tracking, and implementing the controls that you put in place as a result of the recommendations that evolve from the deliverable report from your risk analysis process. As part of your HIPAA risk management program, you will need to perform risk analysis. Risk management as a whole integrates risk analysis findings into information technology systems security architecture and security policy development.

[1] American Heritage Dictionary of the English Language

HIPAA Security Implementation, Version 1.0
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
Year: 2003
Pages: 181 © 2008-2017.
If you may any questions please contact us: