+ Reply to Thread
Results 1 to 10 of 10
  1. Member
    Join Date
    Mar 2008
    Posts
    45
    #1

    Default Anyone else take the HCISPP?

    Just signed up for ISC2 "official" training class for HCISPP. I've been in security engineering (firewalls, network security, VPN, IPS) for almost 20 years - with the last 12 in Healthcare IT. I've been a "security analyst" (IR, Security Policy, Endpoint EPP/EDR, Advanced malware protection, DLP) officially now for 2.5 years. I've been studying on/off again for almost 3 years for CISSP and just keep procrastinating. My employer (a midsized Healthcare system) offered to pay for the HCISPP out of end of year 2017 budget and I thought "why not?" I'm hoping to burn through it (class on 2/19) and use it as motivation for wrapping up CISSP.

    Any thoughts on exam or advice on banging it out? I'm waiting on ISC2 book. I'm already reading through:

    "Healthcare Information Security and Privacy" - Sean P. Murphy

    Any online resources recommended?

    Thanks,

    -Calvin
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    Apr 2015
    Posts
    25

    Certifications
    CISSP, SSCP, HCISPP, COBIT 5 Foundation, COBIT 5 Implementation
    #2
    Hi Calvin,

    I have the HCISPP. The book you have is sufficient. I did not like the ISC2 book. Here's the list of what I used to study. You want to really understand the process/ tools used in the steps in the NIST Special Publications. There may be a strong focus on risk management, incident response, business continuity, understanding what a business associate is under HIPAA, the number of individuals affected before public breach notification, and other federal requirements for breach notification (Federal Trade Commission).


    Study Guides

    HCISPP Study Guide (dark blue book with orange letters)

    Healthcare Information Security and Privacy (Murphy)

    *

    Frameworks

    ISO Publication – 27002:2005 or 27002:2013 (understand risk assessment process)

    HITRUST (understand what the framework is and what it covers)

    NIST RMF 800-37

    Federal Legislation/Standards

    PIPEDA privacy principles (Canada)

    Data protection Directive (EU) privacy principles

    EU-US Safe Harbor

    HIPAA Security Rule

    HIPAA Privacy Rule

    Administrative simplification

    Transactions and code sets

    HIPAA Breach Notification Rule

    Federal Trade Commission Breach Notification Rule

    Organisation for Economic Co-operation and Development (OECD) Privacy Principles

    Generally Accepted Privacy Principles

    NIST Special Publications –

    FIPS 140-2 Security Requirements for Cryptographic Modules

    NISTIR 8053 – De-Identification of Personally Identifiable Information

    800-30 rev 1 – Conducting Risk Assessments

    800-34 – Contingency Planning

    800-37 – Guide to applying the Risk Management Framework

    800-39 – Managing Information Security Risk

    800-53 – Security and Privacy Controls for Federal Information Systems and Organizations Rev 4

    800-61 – Computer Security Incident Handling Guide (understand the Incident Response Process)

    800-66 – Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule

    800-86 – Guide to Integrating Forensics Techniques into Incident Response (understand Forensics Process and what happens in each step)

    800-122 – Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
    Reply With Quote Quote  

  4. K-9
    K-9 is offline
    Junior Member
    Join Date
    Feb 2018
    Posts
    25

    Certifications
    CISSP, CASP, CySA+, Sec+, CCNA Security, CCNA R&S, CCNA SP Ops, VCP-DCV, VCP-NV, MCP, OCE SQL, OCA MySQL, and more
    #3
    I am scheduled to take the HCISPP in a few months. Thank you cledford3 for posting this question and thank you talbert80 for such a specific answer!

    I just ran through the online training. It simply runs through the book like a long study session. I only purchased the online training to get the book because there was no other way to get that book.
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Apr 2015
    Posts
    25

    Certifications
    CISSP, SSCP, HCISPP, COBIT 5 Foundation, COBIT 5 Implementation
    #4
    No problem. Good luck to you. Strong focus on risk management, process, understanding HIPAA Privacy/Security/Breach Notifcation Rules. Another resource would be ISC2 Education Official Quizlet flashcards. ISC2 posts suggested resources for preparing for the exam.

    https://quizlet.com/ISC2Education/folders/hcispp/sets
    https://www.isc2.org/Certifications/References
    Reply With Quote Quote  

  6. Junior Member Registered Member
    Join Date
    Jan 2018
    Posts
    4
    #5
    Thank you for the information Talbert80. Should the CISSP be done before going for the HCISPP?
    Reply With Quote Quote  

  7. K-9
    K-9 is offline
    Junior Member
    Join Date
    Feb 2018
    Posts
    25

    Certifications
    CISSP, CASP, CySA+, Sec+, CCNA Security, CCNA R&S, CCNA SP Ops, VCP-DCV, VCP-NV, MCP, OCE SQL, OCA MySQL, and more
    #6
    The HCISPP (lots of privacy topics) is so very different than the CISSP, you don't need to take the CISSP first.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Apr 2015
    Posts
    25

    Certifications
    CISSP, SSCP, HCISPP, COBIT 5 Foundation, COBIT 5 Implementation
    #7
    Another long winded answer......K-9 is correct, the HCISPP is heavy privacy, risk management, and regulatory compliance. You may need to identify process and technical tools in the NIST SPs. Some security is covered.

    A CISSP is not required before taking the HCISPP exam. A different mindset is needed for the HCISPP. Think privacy compliance program versus security (privacy officer v. chief information security officer). Security is needed to support privacy, but there are different elements to consider, like disclosure, notification, access (patient access to their records), use, modification, third party use/ access. Super important: breach under HIPAA is unauthorized access/disclosure/use/acquisition of PHI (protected health information) in any form.

    I took the CISSP (failed 699)/SSCP in April, HCISPP in July, then CISSP again (passed) in September 2015. I just took the CAP a few weeks ago. The SSCP (security operations) and CISSP were more technical, CISSP more advisory/risk mgmt than operations. The CAP and HCISPP were more process and risk mgmt. It is important to understand roles and responsibilities in the last two.
    Reply With Quote Quote  

  9. K-9
    K-9 is offline
    Junior Member
    Join Date
    Feb 2018
    Posts
    25

    Certifications
    CISSP, CASP, CySA+, Sec+, CCNA Security, CCNA R&S, CCNA SP Ops, VCP-DCV, VCP-NV, MCP, OCE SQL, OCA MySQL, and more
    #8
    Excellent answer, talbert80. I wanted to take the HCISPP (and later CIPP) exam because I constantly have to answer privacy officer questions and fill out forms. I have a pretty good idea of the privacy side, but I wanted to know more so I can more efficiently help the privacy team.
    Reply With Quote Quote  

  10. Junior Member Registered Member
    Join Date
    Jan 2018
    Posts
    4
    #9
    Thanks K-9 and talbert80 (again)! I work in Healthcare IT at the moment, and have debated which to pursue first for the last couple of weeks. Right now, it looks like I will go for the HCISPP, and then the CISSP.
    Reply With Quote Quote  

  11. K-9
    K-9 is offline
    Junior Member
    Join Date
    Feb 2018
    Posts
    25

    Certifications
    CISSP, CASP, CySA+, Sec+, CCNA Security, CCNA R&S, CCNA SP Ops, VCP-DCV, VCP-NV, MCP, OCE SQL, OCA MySQL, and more
    #10
    The CISSP is FAR FAR more valuable than the HCISPP even if you are in HIT. If you have the experience to get the CISSP, I would suggest going after that one first. Few certifications are as valuable as the CISSP at this time.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks