Stakeholders´ Perceptions on Hospital Information Security Risk Analysis in Taiwan

The purpose of this study is to analysis the hospital information security risk and to raise organizational stakeholders´ risk sense. Because of most risk management methods do not explicitly support different stakeholder perspectives and those that do, often limit the number of stakeholders and assume that consensus can be reached. Therefore, this paper adopted the ISO17799 practical standard with non-expected utility theory for risk analysis. In order to make sure the feasibility, we conducted a field study for a medical center of middle Taiwan to comment the risk of identification, analyses, measurement and control, respectively. Based on the result of this study, we found that the risk measurement of the proposed methodology be able to elicit the real risk attitude of each stakeholder more accurate. Further, it not only can realize the more accurate potential risk incident by utilize the non-parameter method, but also achieve the purpose of shift risk and control losses.