What is the best approach for the CISO?

During the risk assessment phase of the project the CISO discovered that a college within the
University is collecting Protected Health Information (PHI) data via an application that was
developed in-house. The college collecting this data is fully aware of the regulations for Health
Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
During the risk assessment phase of the project the CISO discovered that a college within the
University is collecting Protected Health Information (PHI) data via an application that was
developed in-house. The college collecting this data is fully aware of the regulations for Health
Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?

A.
Document the system as high risk

B.
Perform a vulnerability assessment

C.
Perform a quantitative threat assessment

D.
Notate the information and move on