The HITRUST Threat Catalogue Provides Visibility Into Areas Representing The Greatest Risk Exposure
The HITRUST Threat Catalogue is designed to aid organizations in improving their information security posture by better aligning cyber threats with HITRUST CSF control requirements. The HITRUST Threat Catalogue provides greater visibility into areas representing the greatest risk exposure and enhances the underlying risk analysis used to develop the HITRUST CSF.
The explicit alignment of threats to the HITRUST CSF produces a combination not found in other frameworks. It simplifies the risk analysis process for organizations and reduces some of the burden, costs, and confusion otherwise experienced when attempting to achieve this level of analysis. Identifying threats is a major component of a comprehensive risk analysis process for any organization seeking to protect their sensitive data and helps determine what adverse events are relevant to the organization and must be controlled.
HITRUST Threat Catalogue Includes Updated Ransomware Guidance
The increased frequency of ransomware attacks requires organizations of all types and sizes to re-examine their controls around data backup and restoration and ensure they could successfully recover their data if such an attack occurred. Using new guidelines from the Cybersecurity and Infrastructure Security Agency (CISA) and other reputable industry sources, the newest version of the HITRUST Threat Catalogue updates the list of HITRUST CSF controls to help better address the types of ransomware attacks organizations currently experience. In addition to identifying controls around secure data backup and recovery, the Catalogue also provides mappings to incident response, decision-support, and other risk mitigation controls.
Key Features of the HITRUST Threat Catalogue:
- Identifying and leveraging an existing threat taxonomy for common adversarial and non-adversarial threats to personal data and other sensitive information
- Enumerating all reasonably anticipated threats to enhance information protection for an organization
- Mapping HITRUST CSF control requirements to the enumerated threats
- Identifying additional information needed in future iterations of the HITRUST Threat Catalogue to help meet its objectives
To Learn More About the HITRUST Threat Catalogue, Review Frequently Asked Questions (FAQs).
Download the HITRUST Threat Catalogue
The HITRUST Threat Catalogue assists organizations in improving their information security programs by better aligning cyber threats with HITRUST CSF control requirements.