Organizations needs Vs SSCP, CISSP and HCISPP Certifications
I am a Network and Security Consultant with 10 years of experience and have recently passed my SSCP first "Security certification" it was different in type as compare to Microsoft, Vmware, Cisco etc. but I am trying to figure out how to continue this domain on ground. I am studying for CISSP and will be going for exam coming month but question I am asking myself is how this will help me that what and which standard or protocol I need to apply ? is there any specific rule to create baseline ? is there any model we need to implement or we can pick and chose controls based on need for specific items/resource ?
I am also looking forward for HCISPP but issue is not reading book and passing exam how it will help to get a healthcare HIPPA complaint or secure on a acceptable level and what approach should be adopted. I am sorry for too many question but will be very grateful if someone guide me.
Healthcare institutions in the US generally must pass annual or semi-annual HIPPA audits. HIMSS always has good presentations on the subject. Also visit Health and Human Services who often enforces HIPPA. Talking to customers and respective auditors is also a good start.