Assessing information security risk in dual-use health information systems

2005 ◽  
Vol 1281 ◽  
pp. 296-301
Author(s):  
J. Collmann
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Health Information ◽  
Health Information Systems ◽  
Security Risk ◽  
Dual Use ◽  
Information Security Risk

Information Security Standards for Health Information Systems

2011 ◽  
pp. 113-145
Author(s):  
Evangelos Kotsonis ◽  
Stelios Eliakis
Keyword(s):  
Health Care ◽  
Information Systems ◽  
Information Security ◽  
Health Information ◽  
Health Care Organization ◽  
Security Management ◽  
Health Information Systems ◽  
Care Organization ◽  
Information Security Management ◽  
Health Related

Current developments in the field of integrated treatment show the need for IS security approaches within the healthcare domain. Health information systems are called to meet unique demands to remain operational in the face of natural disasters, system failures and denial-of-service attacks. At the same time, the data contained in health information systems are strictly confidential and, due to the ethical, judicial and social implications in case of data loss, health related data require extremely sensitive handling. The purpose of this chapter is to provide an overview of information security management standards in the context of health care information systems and focus on the most widely accepted ISO/IEC 27000 family of standards for information security management. In the end of the chapter, a guide to develop a complete and robust information security management system for a health care organization will be provided, by mentioning special implications that are met in a health care organization, as well as special considerations related to health related web applications. This guide will be based on special requirements of ISO/IEC 27799:2008 (Health informatics — Information security management in health using ISO/IEC 27002).

scholarly journals An Investigation Of Organizational Information Security Risk Analysis

2010 ◽  
Vol 3 (2) ◽  
Author(s):  
Zack Jourdan ◽  
R. Kelly Rainer, Jr. ◽  
Thomas E. Marshall ◽  
F. Nelson Ford
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Risk Analysis ◽  
Security Threats ◽  
Security Risk ◽  
Current State ◽  
Policies And Procedures ◽  
Organizational Information ◽  
Quantitative Results ◽  
Information Security Risk

Despite a growing number and variety of information security threats, many organizations continue to neglect implementing information security policies and procedures.  The likelihood that an organization’s information systems can fall victim to these threats is known as information systems risk (Straub & Welke, 1998).  To combat these threats, an organization must undergo a rigorous process of self-analysis. To better understand the current state of this information security risk analysis (ISRA) process, this study deployed a questionnaire using both open-ended and closed ended questions administered to a group of information security professionals (N=32).  The qualitative and quantitative results of this study show that organizations are beginning to conduct regularly scheduled ISRA processes.  However, the results also show that organizations still have room for improvement to create idyllic ISRA processes. 

scholarly journals Theory-Based Model and Prediction Analysis of Information Security Compliance Behavior in the Saudi Healthcare Sector

Symmetry ◽  
2020 ◽  
Vol 12 (9) ◽  
pp. 1544
Author(s):  
Sultan T. Alanazi ◽  
Mohammed Anbar ◽  
Shouki A. Ebad ◽  
Shankar Karuppayah ◽  
Hadeer A. Al-Ani
Keyword(s):  
Saudi Arabia ◽  
Information Systems ◽  
Information Security ◽  
Health Information ◽  
Healthcare Workers ◽  
Health Information Systems ◽  
General Information ◽  
Kingdom Of Saudi Arabia ◽  
Compliance Behavior ◽  
Security Compliance

The adoption of health information systems provides many potential healthcare benefits. The government of the Kingdom of Saudi Arabia has subsidized this field. However, like those of other less developed countries, organizations in the Kingdom of Saudi Arabia struggle to secure their health information systems. This issue may stem from a lack of awareness regarding information security. To date, most related studies have not considered all of the factors affecting information security compliance behavior (ISCB), which include psychological traits, cultural and religious beliefs, and legal concerns. This paper aims to investigate the usefulness of a theory-based model and determine the predictors of ISCB among healthcare workers at government hospitals in the Kingdom of Saudi Arabia. The study investigated 433 health workers in Arar, the capital of the Northern Borders Province in the Kingdom of Saudi Arabia. Two phases involved in this study were the hypothetical model formulation and identification of ISCB predictors. The results suggest that moderating and non-common factors (e.g., religion and morality) impact ISCB, while demographic characteristics (e.g., age, marital status, and work experience) do not. All published instruments and theories were embedded to determine the most acceptable theories for Saudi culture. The theory-based model of ISCB establishes the main domains of theory for this study, which were religion/morality, self-efficacy, legal/punishment, personality traits, cost of compliance/noncompliance, subjective norms, information security policy, general information security, and technology awareness. Predictors of ISCB indicate that general information security, followed by self-efficacy and religion/morality, is the most influential factor on ISCB among healthcare workers in the Kingdom of Saudi Arabia. This study is considered as the first to present the symmetry between theory and actual descriptive results, which were not investigated before.

Information Security Standards for Health Information Systems

2012 ◽  
pp. 225-257
Author(s):  
Evangelos Kotsonis ◽  
Stelios Eliakis
Keyword(s):  
Health Care ◽  
Information Systems ◽  
Information Security ◽  
Health Information ◽  
Health Care Organization ◽  
Security Management ◽  
Health Information Systems ◽  
Care Organization ◽  
Information Security Management ◽  
Health Related

Current developments in the field of integrated treatment show the need for IS security approaches within the healthcare domain. Health information systems are called to meet unique demands to remain operational in the face of natural disasters, system failures and denial-of-service attacks. At the same time, the data contained in health information systems are strictly confidential and, due to the ethical, judicial and social implications in case of data loss, health related data require extremely sensitive handling. The purpose of this chapter is to provide an overview of information security management standards in the context of health care information systems and focus on the most widely accepted ISO/IEC 27000 family of standards for information security management. In the end of the chapter, a guide to develop a complete and robust information security management system for a health care organization will be provided, by mentioning special implications that are met in a health care organization, as well as special considerations related to health related web applications. This guide will be based on special requirements of ISO/IEC 27799:2008 (Health informatics — Information security management in health using ISO/IEC 27002).

Information Security in Government

2010 ◽  
pp. 166-186 ◽  
Author(s):  
Christopher G. Reddick
Keyword(s):  
Organizational Culture ◽  
Information Systems ◽  
Information Security ◽  
Homeland Security ◽  
Individual Characteristics ◽  
Security Risk ◽  
Security Issues ◽  
Critical Issues ◽  
Information Security Risk ◽  
The Impact

This chapter examines the important issue of the impact of information security in government. Information security is one of the critical issues of Homeland Security Information Systems (HSIS). As we know from Chapter 4, information security is one of the leading concerns of Chief Information Officers (CIO) in the realm of homeland security. This chapter explores the impact of information security on government similarly to a framework provided by Straub and Welke (1998) who believe that the organizational environment, individual characteristics, the information systems environment, and level of threats are related to management perceptions of information security risk. The argument is that the stronger the correlation between changes in these four factors this would have an influence on the perception of management of information security risk. Therefore, the more the organizational culture supports information security the greater the managerial concern. In this chapter there is an argument made that there needs to be more knowledge of the leading issues facing information security in order to influence the organizational culture. The first part of this chapter focuses on several information security issues that have been identified in the literature. These issues deal with management, policy, and end users of IT and their impact on information security. The second part of this chapter provides evidence from several information security surveys. The last part of this chapter deals with survey results from an information security survey of Texas state agencies.

Sign in / Sign up

Export Citation Format

Share Document