• DocumentCode
    2362042
  • Title

    Developing a Risk Analysis Framework for Hospital Information Security Management

  • Author

    Chang, Chi-Chang ; Sun, Pei-Ran ; Cheng, Sun-Long ; Chen, Ruey-Shin ; Liao, Kuo-Hsiung

  • Author_Institution
    Dept. of Appl. Inf. Sci., Chung Shan Med. Univ., Taichung, Taiwan
  • fYear
    2009
  • fDate
    25-27 Aug. 2009
  • Firstpage
    1047
  • Lastpage
    1052
  • Abstract
    The purpose of this paper is to develop the hospital information security risk framework and to raise organizational risk sense and effective decision making. This study adopted the ISO27799 with the ten controls items for risk management. In order to make sure the feasibility of the proposed framework, we conducted a field study for a medical center to investigate the risk of identification, analyses, measurement and control, respectively. Based on the result, the proposed framework be able to elicit the real risk attitude of each stakeholder more accurate than the Riskit model. Additionally, it implicated a great diversity of human decision behavior uncertainty under risky environment. According to the review of the risk experiences, it can know the potential incident well by investigate into the risk cognition of stakeholders more in detail. Further, it not only can realize the more accurate potential risk incident by utilize the non-parameter method, but also achieve the purpose of shift risk and control losses. The proposed framework can deal with information security risk about hospital-wide by considering stakeholders´ decision positions and behavior attribute, and provide decision makers the effective support for quality decision making. Finally, the implications of the research findings could use and to probing into other similar decision making issue under risk.
  • Keywords
    ISO standards; decision making; hospitals; medical information systems; risk analysis; security of data; ISO27799; Riskit model; decision making; hospital information security management; nonparameter method; risk analysis framework; stakeholders; Data security; Decision making; Environmental economics; Hospitals; Industrial economics; Information management; Information security; Medical services; Risk analysis; Risk management; ISO27799; Riskit model; hospital information security; risk management; the non-parameter method;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    INC, IMS and IDC, 2009. NCM '09. Fifth International Joint Conference on
  • Conference_Location
    Seoul
  • Print_ISBN
    978-1-4244-5209-5
  • Electronic_ISBN
    978-0-7695-3769-6
  • Type

    conf

  • DOI
    10.1109/NCM.2009.268
  • Filename
    5331535