Skip to main content
Threat Modeling in ISO 27799

Threat Modeling in ISO 27799

$349.00
Your guarantee:
30-day money-back guarantee — no questions asked
Who trusts this:
Trusted by professionals in 160+ countries
Toolkit Included:
Includes a practical, ready-to-use toolkit containing implementation templates, worksheets, checklists, and decision-support materials used to accelerate real-world application and reduce setup time.
When you get access:
Course access is prepared after purchase and delivered via email
How you learn:
Self-paced • Lifetime updates
Adding to cart… The item has been added

This curriculum spans the equivalent of a multi-workshop advisory engagement, addressing the full lifecycle of threat modeling in healthcare from governance and asset classification to incident response and continuous improvement, with a depth comparable to an internal capability-building program for enterprise health information security.

Module 1: Establishing Governance Frameworks for Health Information Security

  • Define scope boundaries for health information systems covered under ISO 27799, including EHRs, medical devices, and third-party health apps.
  • Select control objectives based on organizational roles (e.g., hospital vs. health insurer) and jurisdictional privacy laws (e.g., HIPAA, GDPR).
  • Assign accountability for control ownership across clinical, IT, and compliance units using RACI matrices.
  • Negotiate authority boundaries between privacy officers and information security teams during control implementation.
  • Integrate ISO 27799 controls with existing ISO 27001 ISMS structures without duplicating effort.
  • Document risk appetite statements specific to patient data confidentiality and system availability.
  • Establish escalation paths for unresolved control conflicts between departments.
  • Map regulatory reporting obligations to specific control monitoring procedures.

Module 2: Asset Identification and Classification in Clinical Environments

  • Inventory all systems processing protected health information (PHI), including legacy diagnostic equipment with embedded software.
  • Classify data assets by sensitivity levels (e.g., genetic data vs. appointment logs) using organizational classification schemes.
  • Document data residency for cloud-hosted health applications, specifying physical data center locations.
  • Identify custodians for each asset class, particularly for shared systems like radiology PACS.
  • Implement metadata tagging for PHI in databases to support automated classification and access logging.
  • Define retention periods for clinical data based on medical necessity and legal requirements.
  • Address classification challenges for de-identified datasets used in research.
  • Establish procedures for reclassification when data sensitivity changes (e.g., breach disclosure).

Module 3: Threat Intelligence Integration for Healthcare Systems

  • Subscribe to healthcare-specific threat feeds (e.g., H-ISAC) and filter alerts based on organizational attack surface.
  • Map observed threat actor tactics (e.g., ransomware targeting hospital networks) to relevant ISO 27799 controls.
  • Conduct quarterly threat scenario updates based on new vulnerabilities in medical device firmware.
  • Integrate threat intelligence into existing SIEM rules without overwhelming clinical IT teams.
  • Validate threat relevance by correlating with internal incident logs and access anomalies.
  • Adjust threat modeling assumptions when new attack vectors emerge (e.g., supply chain compromises in health software).
  • Coordinate threat data sharing with affiliated clinics while preserving patient privacy.
  • Document false positive rates for automated threat detection tools to refine alert thresholds.

Module 4: Risk Assessment Methodology Alignment with ISO 27799

  • Select risk assessment methodology (e.g., OCTAVE, ISO 27005) compatible with healthcare operational constraints.
  • Define likelihood scales that reflect healthcare-specific factors (e.g., high staff turnover in clinics).
  • Adjust impact criteria to prioritize patient safety over financial loss in risk scoring.
  • Conduct risk assessments for hybrid environments involving IoT medical devices and cloud services.
  • Validate risk ratings through tabletop exercises with clinical staff unfamiliar with IT jargon.
  • Document risk treatment decisions, including acceptance of risks due to clinical necessity (e.g., unpatched infusion pumps).
  • Reassess risks after major changes such as mergers or telehealth platform rollouts.
  • Ensure risk assessment outputs feed into audit schedules and control testing frequency.

Module 5: Control Selection and Customization for Clinical Workflows

  • Modify standard access control templates to support role-based access in dynamic care teams.
  • Implement just-in-time access for third-party vendors servicing imaging equipment.
  • Adapt encryption requirements for real-time data streams from patient monitors.
  • Design audit logging that captures clinician access to sensitive records without impeding emergency care.
  • Customize incident response playbooks for scenarios like unauthorized access to celebrity patient records.
  • Balance mobile device management policies with clinicians’ use of personal smartphones for care coordination.
  • Implement compensating controls when technical controls conflict with clinical workflow (e.g., biometric authentication delays).
  • Document control deviations with formal risk acceptance for time-critical systems.

Module 6: Third-Party Risk Management in Health Ecosystems

  • Assess security posture of cloud EHR providers using standardized questionnaires (e.g., CAIQ).
  • Negotiate business associate agreements (BAAs) that enforce ISO 27799-aligned controls.
  • Monitor third-party patch management timelines for medical software vendors.
  • Conduct on-site assessments of data centers hosting patient data, including physical security checks.
  • Enforce logging and audit trail sharing requirements in contracts with health information exchanges.
  • Verify subcontractor oversight mechanisms when vendors outsource support functions.
  • Terminate access privileges automatically upon contract expiration for consulting firms.
  • Track third-party incidents that may constitute reportable breaches under HIPAA.

Module 7: Secure System Development Lifecycle for Health Applications

  • Embed security requirements into procurement specifications for new clinical software.
  • Conduct threat modeling during design phase for patient portal development.
  • Enforce secure coding standards (e.g., OWASP ASVS) in vendor contracts for custom health apps.
  • Perform penetration testing on interfaces between hospital systems and patient wearables.
  • Validate data anonymization techniques in research databases prior to deployment.
  • Implement change control procedures that prevent unauthorized modifications to production EHRs.
  • Require vendors to disclose open-source components and associated vulnerabilities.
  • Design rollback procedures for failed software updates in critical care systems.

Module 8: Incident Response and Breach Management Coordination

  • Define criteria for declaring a data breach involving PHI, including legal thresholds for notification.
  • Integrate clinical leadership into incident response teams for operational continuity decisions.
  • Preserve forensic evidence from medical devices while maintaining patient care.
  • Coordinate breach notifications with legal, PR, and patient relations teams under time constraints.
  • Conduct post-incident reviews that distinguish between technical failures and process gaps.
  • Update threat models based on attacker TTPs observed during actual incidents.
  • Manage patient notification logistics, including call center staffing and credit monitoring offers.
  • Report breaches to regulatory bodies using required formats and within mandated timeframes.

Module 9: Audit and Continuous Monitoring Strategy

  • Design audit trails that capture access to sensitive data categories (e.g., mental health records).
  • Configure automated alerts for anomalous access patterns, such as off-shift record reviews.
  • Conduct quarterly control testing with documented evidence for internal and external auditors.
  • Use automated compliance tools to map control implementation to ISO 27799 clauses.
  • Perform surprise audits of high-privilege accounts (e.g., system administrators in radiology).
  • Validate log integrity and retention for systems not natively supporting secure logging.
  • Adjust monitoring scope based on seasonal risk factors (e.g., increased phishing during flu season).
  • Report control effectiveness metrics to executive leadership and board risk committees.

Module 10: Governance Maturity and Continuous Improvement

  • Conduct annual maturity assessments using models like COBIT or HITRUST to benchmark progress.
  • Identify control gaps through gap analyses after regulatory audits or third-party assessments.
  • Prioritize remediation efforts based on residual risk and resource availability.
  • Update governance policies to reflect changes in technology (e.g., AI in diagnostic tools).
  • Facilitate cross-departmental workshops to resolve persistent control implementation barriers.
  • Track key risk indicators (KRIs) for early warning of control degradation.
  • Incorporate lessons learned from incident investigations into policy revisions.
  • Align governance roadmap with organizational digital health transformation initiatives.
!