Information Security Standards for Health Information Systems

2012 ◽  
pp. 225-257
Author(s):  
Evangelos Kotsonis ◽  
Stelios Eliakis
Keyword(s):  
Health Care ◽  
Information Systems ◽  
Information Security ◽  
Health Information ◽  
Health Care Organization ◽  
Security Management ◽  
Health Information Systems ◽  
Care Organization ◽  
Information Security Management ◽  
Health Related

Current developments in the field of integrated treatment show the need for IS security approaches within the healthcare domain. Health information systems are called to meet unique demands to remain operational in the face of natural disasters, system failures and denial-of-service attacks. At the same time, the data contained in health information systems are strictly confidential and, due to the ethical, judicial and social implications in case of data loss, health related data require extremely sensitive handling. The purpose of this chapter is to provide an overview of information security management standards in the context of health care information systems and focus on the most widely accepted ISO/IEC 27000 family of standards for information security management. In the end of the chapter, a guide to develop a complete and robust information security management system for a health care organization will be provided, by mentioning special implications that are met in a health care organization, as well as special considerations related to health related web applications. This guide will be based on special requirements of ISO/IEC 27799:2008 (Health informatics — Information security management in health using ISO/IEC 27002).

Information Security Standards for Health Information Systems

2011 ◽  
pp. 113-145
Author(s):  
Evangelos Kotsonis ◽  
Stelios Eliakis
Keyword(s):  
Health Care ◽  
Information Systems ◽  
Information Security ◽  
Health Information ◽  
Health Care Organization ◽  
Security Management ◽  
Health Information Systems ◽  
Care Organization ◽  
Information Security Management ◽  
Health Related

Current developments in the field of integrated treatment show the need for IS security approaches within the healthcare domain. Health information systems are called to meet unique demands to remain operational in the face of natural disasters, system failures and denial-of-service attacks. At the same time, the data contained in health information systems are strictly confidential and, due to the ethical, judicial and social implications in case of data loss, health related data require extremely sensitive handling. The purpose of this chapter is to provide an overview of information security management standards in the context of health care information systems and focus on the most widely accepted ISO/IEC 27000 family of standards for information security management. In the end of the chapter, a guide to develop a complete and robust information security management system for a health care organization will be provided, by mentioning special implications that are met in a health care organization, as well as special considerations related to health related web applications. This guide will be based on special requirements of ISO/IEC 27799:2008 (Health informatics — Information security management in health using ISO/IEC 27002).

scholarly journals Proposal for a Security Management in Cloud Computing for Health Care

2014 ◽  
Vol 2014 ◽  
pp. 1-7 ◽  
Author(s):  
Knut Haufe ◽  
Srdan Dzombeta ◽  
Knud Brandis
Keyword(s):  
Health Care ◽  
Cloud Computing ◽  
Information Security ◽  
Health Care Organizations ◽  
Security Management ◽  
General Information ◽  
Care Organization ◽  
Information Security Management ◽  
Systems Research ◽  
Information Security Management System

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

scholarly journals INFORMATION SECURITY MANAGEMENT STRATEGY ANALYSIS USING SYSTEM DYNAMICS MODELING

JOURNAL ASRO ◽  
2018 ◽  
Vol 9 (2) ◽  
pp. 107
Author(s):  
Arie Marbandi ◽  
Ahmadi Ahmadi ◽  
Adi Bandono ◽  
Okol S Suharyo
Keyword(s):  
Information Systems ◽  
Information Security ◽  
System Dynamics ◽  
Security Management ◽  
Security Risk ◽  
Dynamics Modeling ◽  
Strategy Analysis ◽  
Information Security Management ◽  
Security Costs ◽  
Alternative Choice

Handling information security management is an absolute thing to do for organizations that have information systems to support the organization's operations. Information systems consisting of assets both software and hardware that manage data and information that are spread over networks and the internet, make it vulnerable to threats. Therefore investment and costs are needed to secure it. Costs incurred for this need are not small, but investment expenditures and information security costs carried out need serious handling to be more effective and on target. The System Dynamics Model is used to evaluate alternative strategies to demonstrate the effectiveness of investment and the cost of managing information security through simulation of policy changes. System Dynamics are methods for describing models and systems analysis that are dynamic and complex, consisting of variables that influence each other in the form of causal relationships and feedback between variables that are either reinforcing or giving balance. Simulation using a dynamic system model in this study illustrates that the management of risk assessment followed by vulnerability reduction efforts has a very large impact on the management of information security. By making a difference in the value of security tools investment, this provides an alternative choice in information security risk management investments to achieve the effectiveness of the overall costs incurred in managing information security

scholarly journals Discussion of “Representation of People’s Decisions in Health Information Systems: A Complementary Approach for Understanding Health Care Systems and Population Health”

2017 ◽  
Vol 56 (S 01) ◽  
pp. e20-e29 ◽  
Author(s):  
Najeeb Al-Shorbaji ◽  
Elizabeth Borycki ◽  
Michio Kimura ◽  
Christoph Lehmann ◽  
Nancy Lorenzi ◽  
...  
Keyword(s):  
Health Care ◽  
Information Systems ◽  
Health Information ◽  
Population Health ◽  
Health Care Systems ◽  
Health Information Systems ◽  
Letters To The Editor ◽  
Discussion Section ◽  
Complementary Approach ◽  
Care Systems

SummaryThis article is part of a For-Discussion-Section of Methods of Information in Medicine about the paper “Representation of People’s Decisions in Health Information Systems: A Complementary Approach for Understanding Health Care Systems and Population Health” written by Fernan Gonzalez Bernaldo de Qui-ros, Adriana Ruth Dawidowski, and Silvana Figar. It is introduced by an editorial. This article contains the combined commentaries invited to independently comment on the paper of de Quiros, Dawidowski, and Figar. In subsequent issues the discussion can continue through letters to the editor.

Sign in / Sign up

Export Citation Format

Share Document