Choosing an Information Risk Management Framework:

The Case for the NIST Cybersecurity Framework (CSF) in Healthcare Organizations

Authored By: Bob Chaput, Founder & Executive Chairman, Clearwater

The question becomes: Am I going to spend my cybersecurity budget on somebody else’s list of ‘good things to do?’ Or am I going to spend it on the basis of my organization’s assets, my exposures, my business goals and objectives?” - Bob Chaput

The white paper describes the role a cybersecurity framework plays in a healthcare organization’s overall risk management program, and why the framework is an appropriate and effective framework for the healthcare industry.

A complete information risk management strategy combines all three of these components to achieve a holistic and effective information risk management program across the healthcare enterprise.