Maturity in Health Organization Information Systems

2016 ◽  
Vol 4 (2) ◽  
pp. 1-18
Author(s):  
Alberto Carneiro
Keyword(s):  
Information Systems ◽  
Personal Data ◽  
Security Assessment ◽  
Sensitive Data ◽  
Practical Utilization ◽  
Maturity Models ◽  
Systems Security ◽  
It Managers ◽  
Improvement Measures ◽  
Health Organization

Adapting maturity models to healthcare organization's needs is an issue that researchers and technicians should consider and a valuable instrument for IT managers because these models allow the assessment of a present situation as well as the identification of useful improvement measures. This paper discusses the practical utilization of maturity models, including different manners of exploring model's usefulness. For a more complete understanding of maturity models, the selection of criteria and processes of measurement, called metrics, is briefly reviewed in terms of indicators and daily procedures. Some issues of management information systems security are briefly addressed, along with a note on measuring security assessment. Finally some considerations are presented about the need for privacy of personal data to ensure the strategies to be pursued to sensitive data in order to establish a level of effective privacy which is included in the concerns of security of information systems.

Maturity in Health Organization Information Systems

2019 ◽  
pp. 294-314
Author(s):  
Alberto Carneiro
Keyword(s):  
Information Systems ◽  
Personal Data ◽  
Security Assessment ◽  
Sensitive Data ◽  
Practical Utilization ◽  
Maturity Models ◽  
Systems Security ◽  
It Managers ◽  
Improvement Measures ◽  
Health Organization

Adapting maturity models to healthcare organization's needs is an issue that researchers and technicians should consider and a valuable instrument for IT managers because these models allow the assessment of a present situation as well as the identification of useful improvement measures. This paper discusses the practical utilization of maturity models, including different manners of exploring model's usefulness. For a more complete understanding of maturity models, the selection of criteria and processes of measurement, called metrics, is briefly reviewed in terms of indicators and daily procedures. Some issues of management information systems security are briefly addressed, along with a note on measuring security assessment. Finally some considerations are presented about the need for privacy of personal data to ensure the strategies to be pursued to sensitive data in order to establish a level of effective privacy which is included in the concerns of security of information systems.

Maturity and Metrics in Health Organizations Information Systems

2013 ◽  
pp. 937-952 ◽  
Author(s):  
Alberto Carneiro
Keyword(s):  
Information Systems ◽  
Management Information Systems ◽  
Security Assessment ◽  
Information Systems Security ◽  
Healthcare Organizations ◽  
Complete Understanding ◽  
Practical Utilization ◽  
Maturity Models ◽  
Systems Security ◽  
Selection Of

This chapter discusses the issues and choices that researchers and technicians should consider when adapting maturity models to healthcare organizations needs. It discusses the practical utilization of maturity models, including different maners of exploring a model’s usefulness. For a more complete understanding of maturity models and their applicability, the selection of criteria and processes of measurement, called metrics, is briefly reviewed in terms of indicators and daily procedures. Finally, some issues of management information systems security are briefly addressed, along with a note on measuring security assessment.

scholarly journals ANALISIS KEAMANAN WEB SERVER OPEN JOURNAL SYSTEM (OJS) MENGGUNAKAN METODE ISSAF DAN OWASP (STUDI KASUS OJS UNIVERSITAS LANCANG KUNING)

2020 ◽  
Vol 5 (1) ◽  
pp. 45
Author(s):  
Guntoro Guntoro ◽  
Loneli Costaner ◽  
Musfawati Musfawati
Keyword(s):  
Information Systems ◽  
Web Server ◽  
Security Assessment ◽  
Assessment Framework ◽  
Information Systems Security ◽  
Systems Security

<p class="Abstract">Perkembangan teknologi informasi yang begitu pesat memberikan dampak positif dalam berbagai bidang, salah satunya adalah teknologi internet. Website menjadi alternatif bagi institusi dalam mempromosikan kepada masyarakat umum. Website juga mudah diakses oleh banyak orang, yang tidak kenal tempat maupun waktu. Dengan adanya kemudahan tersebut, banyak instansi membangun web server tanpa memperhatikan apakah web server yang dibangun sesuai dengan standar keamanan atau tidak, apakah sistem yang dibangun sudah aman atau ada gangguan. Universitas Lancang Kuning mempunyai web server yang berisi banyak sistem informasi dan dokumen yang dipublikasi bagi pengguna. Salah satu sistem yang paling krusial adalah sistem Open Journal System (OJS). Menurut informasi dari PDPT Universitas Lancang Kuning, bahwa sistem Open Journal System (OJS) sudah dua kali terjadi cracking. Kerusakan terhadap OJS ini mengakibatkan data yang terdapat pada sistem OJS hilang, bahkan author sering komlain kepada pengelola jurnal. Pengujian terhadap web server sangatlah penting dilakukan, pengujian ini bertujuan untuk menguji apakah web server sudah aman atau belum dari tindak kejahatan para hacker. Dalam pengujian penetrasi ada beberapa metode yang sering dipakai seperti Information Systems Security Assessment Framework (ISSAF), OWASP. Pada penelitian ini digunakan metode ISSAF dan OWASP versi 4. Metode penelitian yang digunakan pada penelitian ini diantaranya adalah studi literatur, pengumpulan data, pengujian penetrasi menggunakan metode ISSAF dan OWASP, dan analisa dan laporan. Adapun tujuan penelitian ini adalah bagaimana menganalisis keamanan sistem Open Journal System (OJS) menggunakan metode ISSAF dan OWASP pada Universitas Lancang Kuning. Berdasarkan pengujian yang telah dilakukan menggunakan metode ISSAF dan OWASP, sistem OJS Universitas Lancang tergolong aman, karena tidak mampu untuk ditembus. Walaupun OJS Universitas Lancang Kuning tergolong aman, serangan bisa saja terjadi dari dalam institusi.</p>

The effectiveness of web advertising, its legal regulation and the problem of information systems security

2020 ◽  
Vol 4 (3(12)) ◽  
pp. 1-15
Author(s):  
Samira Ilgarovna Proshkina ◽  
Keyword(s):  
Information Systems ◽  
Computational Models ◽  
Evolutionary Dynamics ◽  
Legal Regulation ◽  
Information Systems Security ◽  
Systematic Analysis ◽  
Web Advertising ◽  
Systems Security ◽  
Business Structures ◽  
Display Location

The work is devoted to an urgent problem — the study of the evolutionary dynamics of web advertising, its assessment and effectiveness, as well as the problem of legal support and security of information systems. The goal is a systematic analysis of web advertising in an unsafe information field, its relevance and criteria for assessing marketing efforts, minimizing risks, maximizing additional profits and image. Research hypothesis — the effectiveness of web advertising is determined by the form of advertising, place of display, location of the block, model of calculation of the advertising campaign. An approach based on the establishment of preferences, partnership between the state and business structures is emphasized. It takes into account the COVID-19 pandemic, a slowdown in the pace and features of the evolution of business companies in self-isolation. The subtasks of influence on the advertising efficiency of the site’s features and web advertising are highlighted. A comprehensive analysis of information and logical security and computational models of web advertising companies was also carried out.

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

2020 ◽  
Author(s):  
Cátia Santos-Pereira
Keyword(s):  
Information Systems ◽  
Identity Management ◽  
Personal Data ◽  
Public Hospitals ◽  
Hospital Environment ◽  
Security Measures ◽  
Eu Member States ◽  
Security Issues ◽  
Management Processes ◽  
Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

Sign in / Sign up

Export Citation Format

Share Document