THE FINANCING OF INFORMATION SECURITY MANAGEMENT IN ENTITIES PERFORMING MEDICAL ACTIVITIES

All healthcare organizations process “sensitive data” that needs special protection. To ensure an appropriate level of security for this data, it is necessary to allocate adequate financial resources for security measures. The exploratory aim of the research here is the recognition of the current state of information security management systems in selected entities performing medical activities. An analysis and evaluation of these systems and the financing of information security were conducted. The methods and techniques used in the research are Computer Assisted Telephone Interviews, literature studies, and a questionnaire survey with applications for access to public information. The subjects of the research were medical entities subordinate to the local governments of three Polish voivodeships (Łódź, Świętokrzyskie and Pomeranian). The research was conducted between 2017 and 2018. Research findings show that the surveyed entities did not properly manage information security and did not allocate adequate financial resources to ensure information security. The lack of efficient information security management in medical entities may entail negative consequences in the future.

Download Full-text

The ISO/IEC 27001 standard provides a systematic approach to information security management

10.33920/pro-1-2101-07 ◽

2021 ◽

pp. 36-38

Author(s):

Ekaterina Ahler

Keyword(s):

Information Security ◽

Systematic Approach ◽

Security Management ◽

Correct Choice ◽

It Security ◽

Security Measures ◽

Information Security Management ◽

Iec 27001

The company's information security is not only compliance with a set of IT security measures, but also the correct choice of the appropriate standard. Let's look at what standards are aimed at ensuring the information security of the company.

Download Full-text

Corporate information security management

New Library World ◽

10.1108/03074809910285888 ◽

1999 ◽

Vol 100 (5) ◽

pp. 213-227 ◽

Cited By ~ 14

Author(s):

Ruth C. Mitchell ◽

Rita Marcella ◽

Graeme Baxter

Keyword(s):

Information Security ◽

Security Management ◽

Security Measures ◽

Electronic Information ◽

Security Risks ◽

Information Security Management ◽

Security Breaches ◽

Telephone Interviews ◽

It Department ◽

Corporate Information

To ensure business continuity the security of corporate information is extremely important. Previous studies have shown that corporate information is vulnerable to security attacks. Companies are losing money through security breaches. This paper describes an MSc project that aimed to investigate the issues surrounding corporate information security management. Postal questionnaires and telephone interviews were used. Findings indicate that companies are not proactively tackling information security management and thus are not prepared for security incidents when they occur. Reasons for this lack of action include: awareness of information security threats is restricted; management and awareness of information security is concentrated around the IT department; electronic information is viewed as an intangible business asset; potential security risks of Internet access have not been fully assessed; and surveyed companies have not yet encountered security problems, and therefore are unprepared to invest in security measures. The recommendations include that companies: carry out a formal risk analysis; move information security management from being an IT‐centric function; and alter perceptions towards electronic information so that information is viewed as a valuable corporate asset.

Download Full-text

Manajemen Peta Jalan (Roadmap) Persandian Pemerintah Daerah Di Indonesia

J-SAKTI (Jurnal Sains Komputer dan Informatika) ◽

10.30645/j-sakti.v3i1.95 ◽

2019 ◽

Vol 3 (1) ◽

pp. 44

Author(s):

R Wisnu Prio Pamnungkas ◽

Rakhmi Khalida

Keyword(s):

Information Security ◽

Research Method ◽

Public Information ◽

Security Management ◽

Monitoring And Evaluation ◽

Management Systems ◽

Information Security Management ◽

Work Plan ◽

Road Map ◽

Detailed Work

The present coding is safeguarding public information, not only guaranteeing security against confidentiality, but on aspects of integrity, authenticity, accessibility, availability and non-denial of information. Security is not only in the password room and is not only done by Sandiman, but more broadly to safeguard ICTs and col-laborate with information security management systems. In order to carry out these functions, it is necessary to make a road map which is a detailed work plan for coding operations. The research method used is descriptive made with reference to Planning, Implementation, Monitoring and Evaluation and Reporting. The results achieved in this study are roadmaps that can be used as a reference for regional governments in the Indonesian territory.

Download Full-text

Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal

Journal of Cybersecurity and Privacy ◽

10.3390/jcp1020012 ◽

2021 ◽

Vol 1 (2) ◽

pp. 219-238

Author(s):

Mário Antunes ◽

Marisa Maximiano ◽

Ricardo Gomes ◽

Daniel Pinto

Keyword(s):

Information Security ◽

Security Management ◽

Blind Spot ◽

The Other ◽

Financial Resources ◽

Information Security Management ◽

Business Association ◽

Management Project ◽

Iso 27001

Information security plays a key role in enterprises management, as it deals with the confidentiality, privacy, integrity, and availability of one of their most valuable resources: data and information. Small and Medium-sized enterprises (SME) are seen as a blind spot in information security and cybersecurity management, which is mainly due to their size, regional and familiar scope, and financial resources. This paper presents an information security and cybersecurity management project, in which a methodology based on the well-known ISO-27001:2013 standard was designed and implemented in fifty SMEs that were located in the center region of Portugal. The project was conducted by a business association located at the center of Portugal and mainly participated by SMEs. The Polytechnic of Leiria and an IT auditing/consulting team were the other two entities that participated on the project. The characterisation of the participating enterprises, the ISO-27001:2013 based methodology developed and implemented in SMEs, as well as the results obtained in this case study, are depicted and analysed in the paper. The attained results show a clear benefit to the audited and intervened SMEs, being mainly attested by the increasing of their information security management robustness and collaborators’ cyberawareness.

Download Full-text

Zastosowanie normy ISO/EIC 27001 w sektorze finansowym — zakres i korzyści

Ekonomia ◽

10.19195/2084-4093.24.2.8 ◽

2018 ◽

Vol 24 (2) ◽

pp. 107-121 ◽

Cited By ~ 1

Author(s):

Agnieszka Krawczyk-Jezierska ◽

Jarosław Jezierski

Keyword(s):

Information Security ◽

Financial Institutions ◽

Security Management ◽

Personal Data ◽

Financial Sector ◽

Security Measures ◽

Information Security Management ◽

Legal Provisions ◽

Information Security Management System ◽

Iec 27001

Application of ISO/EIC 27001 in the financial sector — scope and benefitsIn the face of technological advances and, as a result, the increasing threat of the loss of growing amount of data collected by financial institutions, it seems necessary to employ effective security measures in the process of information management. The necessity to implement information security management systems ISMS by all institutions processing personal data is reflected in national legislation. The requirements resulting from contemporary hazards and legal provisions are concurrent with the requirements of the international standard ISO/IEC 27001, concerning the designing of the information security management system. This standard is most widely used by IT companies, however, the financial sector that collects and a processes huge amount of personal data, constitutes its significant recipient. Most of the companies certified by this standard come from the Eastern Asia and Pacific region, dominated by Japan, and from Europe, where the United Kingdom is the leader. In Poland the use of ISO/IEC 27001 is growing, yet the financial institutions that fulfill its requirements are still in a minority. It seems that from May 2018 on, national regulations imposing greater responsibility for the security of personal data on the institutions processing it, will bring the above-mentioned standard into focus.

Download Full-text