When to get a Threat-Based Risk Assessment

By Security Consulting Team on February, 20 2020

Get latest articles directly in your inbox, stay up to date

Back to main Blog
Security Consulting Team

Healthcare CISOs and CIOs continue to struggle to get the resources they require to address increasing threats in the digital environment and too often they are presented with risk analysis reports that simply contain a laundry-list of security control failures.

When is the Best Time to Have an Assessment Done?

Our experienced security team has developed a successful approach to providing CISOs and CIOs with the information they need to best demonstrate to executives where their security risks are, how they impact the business, and how constrained IT security budgets can be used to lower their security risk to acceptable levels.

"Threat-Based Risk Assessments should be conducted annually at minimum, and also when a company is experiencing any elements of organizational or technical change." 
Adam Kehler, Principal Consultant - Risk, Security & Privacy 


These critical assessments go beyond adherence to HIPAA Security Rule and feature proprietary advanced tooling and a methodology designed to rapidly prioritize realistic threats to critical assets, empowering our clients to focus on the security controls that generate the most immediate long-term value. 

Working with a security team as experienced as Online's brings a wealth of benefits to any company. Our years of work in the ever-changing Infosecurity domain have allowed us to identify five main benefits that a Threat-Based Risk Assessment will provide.


Five Benefits to Your Organization:

  1. Collaborative and flexible approach

  2. Aligns with Enterprise Risk models

  3. Focus on realistic threats to critical assets

  4. Assess business impact

  5. Allows CISOs and CIOs to prioritize scarce resources

We believe that a successful Threat-Based Risk Assessment requires collaboration, clearly defined program scope and parameters, and an intimate understanding of organizational context.

How Does Online Achieve This for Clients?

Our team works in tandem with Clients to develop a contextualized framework that preserves and protects the confidentiality, integrity, and availability of critical assets and information across the enterprise. Your cybersecurity protocols and infrastructure are cross-referenced against adversarial, accidental, and environmental threats and benchmarked against our Baseline Threat Profile, which is continually maintained using industry sources such as NIST, HHS, and US-CERT.

Our methodology is aligned with the requirements of the HIPAA Security Rule, NIST SP 800-30 Guide for Conducting Risk Assessments, and the OCR Guidance on Risk Analysis Requirements under the HIPAA Security Rule.

Are you ready to schedule your next assessment?

Submit a Comment

Get latest articles directly in your inbox, stay up to date