Risk analysis.....risk assessment.....compliance assessment. Are these concepts as confusing to you as they are for most IT professionals?
Clearly, IT security experts are not in agreement as to whether these important concepts are synonyms, antonyms, or perhaps neither or both. Actually, the correct answer could differ based on a specific industry or regulation, even though they are not exclusive to either. The purpose of this paper is to shed some light on these often-misunderstood concepts. With a focus on the healthcare industry, we will dissect these concepts so that organizations not only walk away with a cleardistinction, but also know what is required per the Health Insurance Portability and Accountability Act (HIPAA) of 1996.