System Maintenance:
There may be intermittent impact on performance while updates are in progress. We apologize for the inconvenience.
By Topic

Developing a Risk Analysis Framework for Hospital Information Security Management

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Chi-Chang Chang ; Dept. of Appl. Inf. Sci., Chung Shan Med. Univ., Taichung, Taiwan ; Pei-Ran Sun ; Sun-Long Cheng ; Ruey-Shin Chen
more authors

The purpose of this paper is to develop the hospital information security risk framework and to raise organizational risk sense and effective decision making. This study adopted the ISO27799 with the ten controls items for risk management. In order to make sure the feasibility of the proposed framework, we conducted a field study for a medical center to investigate the risk of identification, analyses, measurement and control, respectively. Based on the result, the proposed framework be able to elicit the real risk attitude of each stakeholder more accurate than the Riskit model. Additionally, it implicated a great diversity of human decision behavior uncertainty under risky environment. According to the review of the risk experiences, it can know the potential incident well by investigate into the risk cognition of stakeholders more in detail. Further, it not only can realize the more accurate potential risk incident by utilize the non-parameter method, but also achieve the purpose of shift risk and control losses. The proposed framework can deal with information security risk about hospital-wide by considering stakeholders' decision positions and behavior attribute, and provide decision makers the effective support for quality decision making. Finally, the implications of the research findings could use and to probing into other similar decision making issue under risk.

Published in:

INC, IMS and IDC, 2009. NCM '09. Fifth International Joint Conference on

Date of Conference:

25-27 Aug. 2009