| Author |
Message |
jkegley
Guest
|
 Posted:
Thu Sep 22, 2005 4:51 pm Post subject:
Risk Assessment Document References |
|
|
Does anyone have any references to formal risk assessments performed as part
of a Microsoft Migration / Upgrade. Specifically associated with HIPAA
regulations... I am looking for a Microsoft Best Practice Assessment
document to reference. Thanks! |
|
| Back to top |
|
 |
Danny Sanders
Guest
|
| Posted:
Thu Sep 22, 2005 8:50 pm Post subject:
Re: Risk Assessment Document References |
|
|
Risk assessment associated with a domain upgrade?
Are you trying to minimize the risk of a failed DC upgrade? If so you can
run Winnt32.exe /checkupgradeonly from the Win 2k/2k3 CD to provide a report
of software and hardware that *may* need attention in order for the upgrade
to succeed.
hth
DDS W 2k MVP MCSE
"jkegley" <jkegley@discussions.microsoft.com> wrote in message
news:F9BC3CF2-C68E-490B-A8B4-F792A575375C@microsoft.com...
| Quote: |
"Danny Sanders" wrote:
Risk assessment is a process of auditing your files, assigning a value to
them based on how information within those files would affect your
company
if that information was released to competitors or the general public.
Based on that value and the processes and services that access the files
you
can develop a detailed look at where you need to target your security
measures and auditing on your network. It would do you no good (as far as
HIPPA) to lock down and audit the folder the bosses secretary keeps her
chili recipe in.
For example patient data accessed via a website would score a higher risk
factor than that same data accessed via VPN.
Risk assessment is more about finding out what you have, where it is,
what/how you access it and the vulnerabilities associated with the
process
of accessing it. Then determining if it warrants further action(s), based
on
what it is.
There are files you want the public to see (your web site) and files you
don't want the public to see (patient data). During your assessment it
should come to light the protection on your website should be from
modification not from public viewing and protection of patient data
should
warrant a different level of protection.
hth
DDS W 2k MVP MCSE
"jkegley" <jkegley@discussions.microsoft.com> wrote in message
news:D4D87789-EFFA-4C07-B993-D30B2DF81F28@microsoft.com...
Does anyone have any references to formal risk assessments performed as
part
of a Microsoft Migration / Upgrade. Specifically associated with HIPAA
regulations... I am looking for a Microsoft Best Practice Assessment
document to reference. Thanks!
Thank you for your comments. I was looking for more of a document that
assesses the risk associated with a domain upgrade / migration though.
Thank you though for your insight. It was helpfull! |
|
|
| Back to top |
|
|
jkegley
Guest
|
| Posted:
Thu Sep 22, 2005 8:50 pm Post subject:
Re: Risk Assessment Document References |
|
|
"Danny Sanders" wrote:
| Quote: | Risk assessment is a process of auditing your files, assigning a value to
them based on how information within those files would affect your company
if that information was released to competitors or the general public.
Based on that value and the processes and services that access the files you
can develop a detailed look at where you need to target your security
measures and auditing on your network. It would do you no good (as far as
HIPPA) to lock down and audit the folder the bosses secretary keeps her
chili recipe in.
For example patient data accessed via a website would score a higher risk
factor than that same data accessed via VPN.
Risk assessment is more about finding out what you have, where it is,
what/how you access it and the vulnerabilities associated with the process
of accessing it. Then determining if it warrants further action(s), based on
what it is.
There are files you want the public to see (your web site) and files you
don't want the public to see (patient data). During your assessment it
should come to light the protection on your website should be from
modification not from public viewing and protection of patient data should
warrant a different level of protection.
hth
DDS W 2k MVP MCSE
"jkegley" <jkegley@discussions.microsoft.com> wrote in message
news:D4D87789-EFFA-4C07-B993-D30B2DF81F28@microsoft.com...
Does anyone have any references to formal risk assessments performed as
part
of a Microsoft Migration / Upgrade. Specifically associated with HIPAA
regulations... I am looking for a Microsoft Best Practice Assessment
document to reference. Thanks!
Thank you for your comments. I was looking for more of a document that assesses the risk associated with a domain upgrade / migration though. Thank you though for your insight. It was helpfull! |
|
|
| Back to top |
|
|
Danny Sanders
Guest
|
| Posted:
Thu Sep 22, 2005 8:50 pm Post subject:
Re: Risk Assessment Document References |
|
|
Risk assessment is a process of auditing your files, assigning a value to
them based on how information within those files would affect your company
if that information was released to competitors or the general public.
Based on that value and the processes and services that access the files you
can develop a detailed look at where you need to target your security
measures and auditing on your network. It would do you no good (as far as
HIPPA) to lock down and audit the folder the bosses secretary keeps her
chili recipe in.
For example patient data accessed via a website would score a higher risk
factor than that same data accessed via VPN.
Risk assessment is more about finding out what you have, where it is,
what/how you access it and the vulnerabilities associated with the process
of accessing it. Then determining if it warrants further action(s), based on
what it is.
There are files you want the public to see (your web site) and files you
don't want the public to see (patient data). During your assessment it
should come to light the protection on your website should be from
modification not from public viewing and protection of patient data should
warrant a different level of protection.
hth
DDS W 2k MVP MCSE
"jkegley" <jkegley@discussions.microsoft.com> wrote in message
news:D4D87789-EFFA-4C07-B993-D30B2DF81F28@microsoft.com...
| Quote: | Does anyone have any references to formal risk assessments performed as
part
of a Microsoft Migration / Upgrade. Specifically associated with HIPAA
regulations... I am looking for a Microsoft Best Practice Assessment
document to reference. Thanks! |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in