How it works - the technology
The overall ACR2 automated risk management process
is shown in Figure 2. IPS and Anti-Virus data, network
scan data, and policy data are input into the Risk Calculation
Engine. This creates the Results Documentation
Report and the Control Recommendations Report. The
changes in controls are implemented and the changes
are added to the risk engine, along with updated Scan
and IPS/AV data. This cycle can be repeated as often as
daily, with reports on demand, on schedule or on alarm.
|
Fig. 2 - HIPAA Compliance Methodology |