Improving the Information Security Management: An Industrial Study in the Privacy of Electronic Patient Records
暂无分享,去创建一个
Adverse incidents in the privacy of patients' medical records can result in multiple negative impacts. Effective mechanisms are needed to communicate the lessons from the incidents into the Information Security Management Systems (ISMS) so as to prevent similar incidents. The Generic Security Template (G.S.T.) has been developed to enhance current mechanism and has demonstrated significant benefits in communicating the lessons compared to the more conventional use of text-based incident reports. This paper extends the work to evaluate the G.S.T. in healthcare. A case study with healthcare professionals working in a China healthcare organization shows that, the G.S.T. can enhance the current mechanism in communicating the lessons with the ISMS.
[1] A. B. Ruighaver,et al. Incident response teams - Challenges in supporting the organisational security function , 2012, Comput. Secur..
[2] Chris W. Johnson,et al. Generic security cases for information system security in healthcare systems , 2012 .
[3] B. J. Oates,et al. Researching Information Systems and Computing , 2005 .
[4] Tim Kelly,et al. Arguing Safety - A Systematic Approach to Managing Safety Cases , 1998 .