Risk management focusing on the best practices of data security systems for healthcare

Objective of the study: Statistics shows a worrisome picture of challenges to be overcome by cybersecurity in the healthcare sector. Data evidence that the healthcare industry experiences four data breaches per week in the United States alone, making it the sector most often affected by digital security breaches. Thus, the current article aims to investigate risk management focusing on identifying requirements and best practices for healthcare data security systems.Methodology/approach: It is based on a systematic literature review. Studies on state-of-the-art data security systems were collected and interpreted through content analysis. Assertive keywords, source-selection criteria, interpretation of selected articles, and database analysis were used to form the investigated sample and to represent the broad applications of this study’s objective.Originality/Relevance: The current study contributes to define a set of minimum requirements and best practices that can be adopted to manage data security risks in the healthcare sector and medical devices.Main results: Results have pointed out that there is no fully effective way to prevent all violations by cybercriminals; however, cybersecurity must be part of management processes adopted by different organizations.Theoretical/methodological contributions: It is found that cybersecurity has a great importance for the healthcare sector, the information generated is rich in content and that cybersecurity is neglected in the sector, that is not able to deal with the reality of cyber threats in the industry 4.0 context.Social /management contributions: By the good risk management practices and the adoption of minimum security items, institutions can ensure that managers can prepare and respond efficiently to cyber risks.

Download Full-text

Economic Decision-Making and Risk Management

International Journal of System Dynamics Applications ◽

10.4018/ijsda.20211001.oa2 ◽

2021 ◽

Vol 10 (4) ◽

pp. 1-25

Author(s):

Brian J. Galli

Keyword(s):

Risk Management ◽

Best Practices ◽

Management Practices ◽

Financial Sector ◽

The United States ◽

Regulatory Agencies ◽

National Corporation ◽

Economic Decision Making ◽

Recent Financial Crisis

Because of the recent financial crisis in the United States that shook the financial sector, the need for adopting effective Risk Management practices has increased. Essentially, the volatility of the sector calls for an augmented re-evaluation of the framework, as well as the components of uncertainty management practices by commercial banks, regulatory agencies, and scholars. By doing so, the stakeholders in the financial sector would ensure the conformity to the best practices. To further fortify this, the research herein uses the Ames National Corporation (ANC), which is a commercial Bank in Iowa, USA, as a case study. The institution risk profile and risk management practices are evaluated to give insights on conforming to the best international practices. The research also seeks to establish whether effective risk management results in enhanced performance and profitability for financial institutions.Stating areas on which further research should be conducted is how the study is concluded.

Download Full-text

Economic Decision-Making and Risk Management

International Journal of System Dynamics Applications ◽

10.4018/ijsda.20211001oa19 ◽

2021 ◽

Vol 10 (4) ◽

pp. 0-0

Keyword(s):

Risk Management ◽

Best Practices ◽

Management Practices ◽

Financial Sector ◽

The United States ◽

Regulatory Agencies ◽

National Corporation ◽

Economic Decision Making ◽

Recent Financial Crisis

Download Full-text

Economic Decision-Making and Risk Management–A Relation Between From the Banking Perspective

International Journal of System Dynamics Applications ◽

10.4018/ijsda.20211001oa02 ◽

2021 ◽

Vol 10 (4) ◽

pp. 0-0

Keyword(s):

Risk Management ◽

Best Practices ◽

Management Practices ◽

Financial Sector ◽

The United States ◽

Regulatory Agencies ◽

National Corporation ◽

Economic Decision Making ◽

Recent Financial Crisis

Download Full-text

Development of a Risk Register Spreadsheet Tool for Enterprise- and Program-Level Risk Management

Transportation Research Record Journal of the Transportation Research Board ◽

10.3141/2604-03 ◽

2017 ◽

Vol 2604 (1) ◽

pp. 19-27 ◽

Cited By ~ 1

Author(s):

John Patrick O'Har ◽

Christopher W. Senesi ◽

Keith R. Molenaar

Keyword(s):

Risk Management ◽

Management Practices ◽

Good Practice ◽

The United States ◽

Additional Information ◽

Enterprise Risk ◽

Survey Results ◽

Enterprise Level ◽

Staff Commitment ◽

Departments Of Transportation

Enterprise risk management is an area of growing interest for state departments of transportation in the United States. This research developed a risk register spreadsheet tool—applicable at the enterprise and program levels—that supports the user in identifying risk events, defining risk categories, and assessing the likelihood (probability) and consequence (effect) of an event occurring. A state-of-the-practice survey was conducted with regard to the use of risk register tools to support enterprise- and program-level risk management at U.S. state departments of transportation, international transportation agencies, and nontransportation organizations. On the basis of the survey results and to further inform development of the risk register tool, several organizations were selected for in-depth interviews to gather additional information on their risk management practices and use of risk register tools. The resultant risk register reflects information from the interviews and examples provided by the participants. The spreadsheet-based risk register is an editable template that does not use any macros or custom code. In addition to the editable template, two prepopulated examples—one for enterprise-level risk management and one for program-level risk management—were created. While the risk register tool can help facilitate good practice risk management, the findings of this research indicate that an organization's risk management governance along with staff commitment, availability, and capability to support risk management activities are equally, if not more, important to effective risk management as the risk register tool itself.

Download Full-text

Comparative analysis and implications of sustainable Flood Risk Management in four front-end countries: The United Kingdom, the Netherlands, the United States, & Japan

10.5194/nhess-2021-268 ◽

2021 ◽

Author(s):

Faith Ka Shun Chan ◽

Liang Emlyn Yang ◽

Gordon Mitchell ◽

Nigel Wright ◽

Mingfu Guan ◽

...

Keyword(s):

United States ◽

Risk Management ◽

The Netherlands ◽

Flood Risk ◽

Management Practices ◽

Social Economic ◽

Flood Management ◽

The United States ◽

Flood Risk Management

Abstract. Sustainable flood risk management (SFRM) has become popular since the 1980s. Many governmental and non-governmental organisations have been keen on implementing the SFRM strategies by integrating social, ecological and economic themes into their flood risk management (FRM) practices. However, justifications for SFRM are still embryonic and it is not yet clear whether this concept is influencing the current policies in different countries. This paper reviews the past and present flood management approaches and experiences from flood defence to FRM in four developed countries with the aim of highlighting lessons for developing mega deltas. The paper explored recent strategies such as “Making Space for Water, PPS 25, and NPPF” in the UK; “Room for Rivers” in the Netherlands which was promoted to cope with flooding, integrate FRM with ideas on sustainability, and deliver good FRM practice for next generations. The United States has also established a sound National Flood Insurance Program (NFIP), and Japan has developed an advanced flood warning and evacuation contingency system to prepare for climatic extremes. These case studies showed some good lessons to achieve long term SFRM direction to deliver flood management practices with social-economic and environmental concerns. Most of developing coastal megacities especially in Asia are still heavily reliant on traditional hard-engineering approach, that may not be enough to mitigate substantial risks due to human (exist huge populations, rapid socio-economic growth, subsidence) and natural (climate change) factors. We understand different countries and cities have their own interpretation on SFRM, but recommend policy makers to adopt “mixed options” towards thinking about long term and sustainability that with social, economic and environmental considerations.

Download Full-text

Information Security in Libraries

Information Technology and Libraries ◽

10.6017/ital.v38i2.10973 ◽

2019 ◽

Vol 38 (2) ◽

pp. 58-71

Author(s):

Tonia San Nicolas-Rocca ◽

Richard J Burkhard

Keyword(s):

United States ◽

Risk Management ◽

Information Security ◽

Management Practices ◽

The United States ◽

Personally Identifiable Information ◽

Security Practices ◽

Employee Information ◽

Positive Effect ◽

The U.S

Libraries in the United States handle sensitive patron information, including personally identifiable information and circulation records. With libraries providing services to millions of patrons across the U.S., it is important that they understand the importance of patron privacy and how to protect it. This study investigates how knowledge transferred within an online cybersecurity education affects library employee information security practices. The results of this study suggest that knowledge transfer does have a positive effect on library employee information security and risk management practices.

Download Full-text

Restraint under conditions of uncertainty: Why the United States tolerates cyberattacks

Journal of Cybersecurity ◽

10.1093/cybsec/tyab008 ◽

2021 ◽

Vol 7 (1) ◽

Author(s):

Monica Kaminska

Keyword(s):

United States ◽

Risk Management ◽

Management Practices ◽

The United States ◽

Unintended Effects ◽

Preventive Action ◽

Operational Environment ◽

Risk Avoidance ◽

Operational Characteristics ◽

Trump Administration

Abstract The United States struggles to impose meaningful costs for destructive or disruptive cyber operations. This article argues that the United States' restrained responses stem from a desire to avoid risk in an inherently uncertain operational environment. The societal desire for risk avoidance is the prism through which policymakers address the cyber domain and deliberate responses to attacks. The article shows that two particular operational characteristics of cyberspace—its complex adaptiveness and the ease of proliferation—combine to increase the risk of misattribution and the risk of unintended effects, including collateral damage, inadvertent escalation and blowback. These characteristics present a particular obstacle for risk societies such as the United States in the application of meaningful punishments. In addition to establishing the roots of US restraint, the article traces the application of risk management practices, including preventive action, increasing resilience and consequence management, from the Obama administration to the Trump administration. The analysis reveals that risk management has underpinned the overall US approach to the cyber domain.

Download Full-text

An Examination of Policy and Procedure Practices of Secondary School Athletic Trainers

Internet Journal of Allied Health Sciences and Practice ◽

10.46743/1540-580x/2020.1882 ◽

2020 ◽

Author(s):

Micaela Dunbar-Gaynor ◽

Ericka Zimmerman ◽

Victor Liberi

Keyword(s):

Risk Management ◽

Secondary School ◽

Management Practices ◽

Athletic Trainers ◽

The United States ◽

Current Status ◽

Policies And Procedures ◽

The Status ◽

Written Form ◽

Policy And Procedure

Purpose: The purpose of this study was to identify and describe the status of P&P practices of secondary school athletic trainers. Methods: Following an online informed consent confirmation, participants completed a Policies and Procedures Status questionnaire, including demographics. This was distributed to certified athletic trainers currently employed in the secondary school setting in the United States. The survey consisted of 49 questions about the status of P&Ps using one of the following responses: the practice is in operation and it appears in written form; the practice is in operation but does not appear in written form; the practice is not in operation but does appear in written form; and the practice is not in operation and it does not appear in written form. This study utilized descriptive statistics, consisting of means, frequencies, and percentages, to report results that described the current status of policies and procedures Results: There was a total of 232 participants. 72.6% of secondary school athletic trainers had existing P&P manuals and 37.9% reported the P&P manual existed when they acquired the position. 31.9% who did not have an existing P&P manual upon starting their position never developed a manual. 45.7% of all P&Ps were reported to exist in both written and operational form and 25.9% reported having neither written nor operational forms of P&Ps. 54.5% used the BOC Guiding Principles for AT Policy and Procedure Development and 45.2% used the BOC Facility Principles document. Conclusion: The results revealed almost half of participants reported the risk management practices in the P&P manual were in operational and written form. P&Ps that have been described in NATA Position Statements were more likely to be in both written and operational form when compared to those that were not. Secondary school athletic trainers may have limited guidance and training in risk management, with even less guidance on resources specifically for developing and reviewing P&Ps.

Download Full-text

Risk Management in Waqf Institutions: A Preliminary Study

Journal of Fatwa Management and Research ◽

10.33102/jfatwa.vol16no2.16 ◽

2019 ◽

pp. 207-219

Author(s):

Mohammad Mahyuddin Khalid ◽

Mohd Ashrof Zaki Yaakob ◽

Azri Bhari ◽

Mohd Faiz Mohamed Yusof

Keyword(s):

Risk Management ◽

Best Practices ◽

Management Practices ◽

Good Governance ◽

Capital Expenditure ◽

Management Practice ◽

Social Environments ◽

Modern Management ◽

Management Function ◽

Preliminary Study

Modern management practice has put greater emphasize on the principles of accountability and transparency. Along with the revival of Islamic institutions, there are call by the stakeholder for management of waqf institutions to adopt modern management practice to improve their efficiency in managing waqf asset. As part of good governance and best practices of waqf institutions, management of risk is fundamental to the proper functioning of any institution including waqf to ensure the accountability of mutawalli (waqf manager) and transparency of the management. Studies on risk management practices on Islamic institution indicate that risk come across in many different ways; financial, personnel, program and capital expenditure decisions due to interactions with economic, political and social environments. However, the dissimilarity of management practices of waqf asset could be due to the absence of risk management function for waqf institutions. This paper aims at exploring the major themes that constitute the basis of the discussion on accountability in waqf institutions. In doing this, the theoretical underpinnings and the existing research relating to waqf investment and its risk management practice are examined.

Download Full-text

Application of Risk and Reliability in Designing Facility Site Containment

Volume 2: Pipeline Safety Management Systems; Project Management, Design, Construction, and Environmental Issues; Strain Based Design; Risk and Reliability; Northern, Offshore, and Production Pipelines ◽

10.1115/ipc2020-9261 ◽

2020 ◽

Author(s):

Geoff Ballard ◽

Refaul Ferdous ◽

Anthony Payoe ◽

Amanda Kulhawy

Keyword(s):

Risk Management ◽

Environmental Protection ◽

Oil Spill ◽

Environmental Protection Agency ◽

Management Practices ◽

Overland Flow ◽

Model Development ◽

The United States ◽

Reliability Modeling ◽

The Impact

Abstract Enbridge is North America’s premier energy infrastructure company delivering the energy people need and want. Enbridge’s business value is asset intensive. With over 200 onshore liquids pipelines facility assets, operational safety and environmental protection are always top priorities. The embedment of risk management practices in business decisions is an effective way to appropriately optimize asset performance while avoiding catastrophic impacts to people and the environment. This includes understanding and managing these risk events and establishing barriers to prevent the impact. Facility site containment is an independent protection layer that mitigates the consequences of a spill. The United States Environmental Protection Agency and the National Fire Code of Canada provide requirements to contain overland flow of a spill from liquids pipelines facility assets. Although there are specific volumetric requirements for spill containment for facility tanks, there are no specific volumetric requirements for spill containment for pipeline facility assets such as pumps, valves, etc. Industry typically employs an index-based approach to determine the specific design volumes using catastrophic rupture volumes and facility location. This approach has several shortcomings, including design inadequacy, inconsistency, and challenges with scalability. A risk-based approach is appropriate in determining the required site containment volume based on oil spill history, facility assets, and environmental sensitivities. A probabilistic model can be created using historical facility oil spill data based on the Pipeline and Hazardous Materials Safety Administration’s (PHMSA’s) facility incident database to estimate the likelihood of a given size of release occurring. If available, company oil spill history can also be used or integrated with the PHMSA dataset. Combining the likelihood of the size of release occurring with the estimated consequence (by accounting for the volume of a release and the environmental sensitivity at the release location), it is possible to evaluate the risk of a release. This estimation of risk can then be leveraged to support facility site containment design to manage the risk to an acceptable level. By informing facility site containment with volumetric requirements using reliability and consequence models and risk management principles, an organization can prudently balance pipeline safety and capital constraints to comply with federal regulations. This paper demonstrates this approach and describes: • The value of available data and model development • Reliability modeling and consequence assessment • Risk-informed decision-making • Future model enhancements

Download Full-text