Re: Risk Ranking...

What kind of incidents are you talking about? HIPAA requirements
should help, since you're in healthcare. You might look up DITSCAP for
a guideline as well (military, DoD security requirements).

Usually with HIPAA you'll have levels of disclosure for PHI incidents
- but I'm not sure that they bother ranking them.

Since "google" is now a verb, how do you spell googleing/googling? :)

On 8/28/06, Barrick, Chanda B <cbbarric@xxxxxxxxx> wrote:
I am trying to figure out how to develop a risk ranking methodology for incident reporting in a healthcare environment. I don't even really know where to begin. I've been googleing, but I'm not finding much that is helpful. Anyone have any suggestions?

Thanks
Chanda

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------