A Risk Assessment is a process by which an Organization identifies: (1) Threats to the Organization (i.e. to its Operations, Assets, or Individuals); (2) Vulnerabilities internal and external to the Organization; (3) The harm (i.e. adverse Impact) that may occur given the potential for Threats exploiting Vulnerabilities; and (4) The Risk associated with a specific Threat, Vulnerability and Impact combination.
Although a definition of Risk Assessment is helpful and required, we also need to clearly understand the cybersecurity context in which we all now operate. We have become jaded by the daily announcements of massive data breaches and their consequences. So much so that it appears that providing a hardened cyber defense may be a hopeless task. ExpressoTM takes on this challenge head on by reducing the complexity associated with performing Risk Assessments.
ExpressoTM is Software-as-a-Service ("SAAS") built upon industry best practices and a world class Risk Management Framework developed by the National Institute of Standards and Technology (“NIST”). ExpressoTM takes a complex problem and clarifies its implementation so that Risk Assessments can be readily understood by the masses—without the need for the masses to become information security professional.
To learn more, visit the HIPAA Survival Guide ExpressoTM Product page and watch the following Video.
 See generally NIST Special Publication (“SP”) 800-39 (“Risk Management Framework”).
 NIST is the organization that provides cybersecurity advice and guidance to U.S. Government (“Government”) agencies.