HIPAA & Threat Modeling

Threat modeling is not often talked about in the context of achieving regulatory compliance but they make perfect bedfellows, helping us weave compliance into the design and build process. The new release of IriusRisk 2.2.1 includes specific threats and countermeasures for HIPAA compliance.

As with all standards in IriusRisk, the ability to track the progress towards compliance throughout the SDLC is key. With issue trackers updating IriusRisk, together with dynamically tracking progress, this also facilitates ‘gatekeeping’ the application or service from deployment to production until such time as compliance objectives are met.

The latest release of IriusRisk 2.1 came with three new internal reports, one of which is dedicated to compliance. We now have reporting available to us as a snapshot at any stage during the SDLC for auditors and management.

Our security architects have noticed a trend towards threat modeling for compliance in general, as more security practitioners become cognizant of the benefits. In fact, some regulations such as GDPR advocate for threat modeling in the prism of privacy by design, and what better way to design and build security and privacy than leveraging threat modeling.

There is no other data quite as personal as health data and so we are thrilled to help bring HIPAA content to security, development and operations teams. If this is important for your business – don’t hesitate to book a demo.