ABSTRACT
In addition to the methodology, it is necessary to create a standard set of baseline controls that will be used as part of the pre-screening process. These baseline controls can be used with the pre-screening methodology or when there is a problem with an owner stepping up to take responsibility for protecting information resources. We will also be using a baseline set of controls during the process to establish risk levels. It is, therefore, very important for your organization to identify all of the standards, regulations, and laws that support your organization’s ability to meet its business objectives or its mission. Table 3.1 is a baseline set of controls using the Health Insurance Portability and Accountability Act (HIPAA) as its basis.
