Mervinskiy 533

Page 29

NIST SP 800-66r2 ipd INITIAL PUBLIC DRAFT

IMPLEMENTING THE HIPAA SECURITY RULE: A CYBERSECURITY RESOURCE GUIDE

Security Objective

Impacts or data integrity is not corrected, continued use of the contaminated system or corrupted data could result in inaccuracy, fraud, or erroneous decisions. Also, the violation of integrity may be the first step in a successful attack against system availability or confidentiality. For all of these reasons, the loss of integrity reduces the assurance of a system.

Loss of Availability

Availability refers to the requirement that data or information is accessible and usable upon demand by an authorized person or process. If a mission-critical system is unavailable to its end users, the organization’s mission may be affected. Loss of system functionality and operational effectiveness, for example, may result in the loss of productive time, thus impeding the end users’ performance of their functions in supporting the organization’s mission.

769 770

Table 5 - Examples of Adverse Impacts

Type of Impact

Impact

Harm to Operations

• Inability to perform current mission or business functions - In a sufficiently timely manner - With sufficient confidence and/or correctness - Within planned resource constraints • Inability or limited ability to restore mission or business functions in the future - In a sufficiently timely manner - With sufficient confidence and/or correctness - Within planned resource constraints • Harms (e.g., financial costs, sanctions) due to noncompliance - With applicable laws or regulations - With contractual requirements or other requirements in other binding agreements (e.g., liability) • Direct financial costs • Relational harms - Damage to trust relationships - Damage to image or reputation (and, hence, future or potential trust relationships)

Harm to Assets

• • • • • •

Damage to or loss of physical facilities Damage to or loss of information systems or networks Damage to or loss of information technology or equipment Damage to or loss of component parts or supplies Damage to or loss of information assets Loss of intellectual property

16

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

HIPAA Security Rule Resources (Informative

29min
pages 141-176

5.3.5 Transmission Security (§ 164.312(e)(1

2min
pages 78-79

5.5.2 Documentation (§ 164.316(b

2min
pages 84-85

Glossary

10min
pages 97-104

Table 10 - Representative Examples – Non-Adversarial Threat Events

2min
pages 115-116

5.4 Organizational Requirements

8min
pages 80-83

Table 9 - Representative Examples – Adversarial Threat Events

14min
pages 107-114

5.3.3 Integrity (§ 164.312(c

3min
pages 74-75

Table 3 – Assessment Scale for Overall Likelihood

2min
page 27

5.3.2 Audit Controls (§ 164.312(b

3min
pages 72-73

Table 5 - Examples of Adverse Impacts

3min
pages 29-30

Table 2 – Common Threat Sources

2min
page 26

5.2.2 Workstation Use (§ 164.310(b

2min
pages 64-65

Table 4. Security Objectives and Impacts

2min
page 28

5.2.4 Device and Media Controls (§ 164.310(d

3min
pages 67-68

5.2.3 Workstation Security (§ 164.310(c

2min
page 66
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.