The Recommendation of Controls for Hospital Information System Using CRAMM: Case Studies of Two Korean Hospitals
The medical records of diagnostic and testing information include sensitive personal information that reveals some of the most intimate aspects of an individuals life. The hospital information system (HIS) operates in a state of high risk which may lead to the possible loss to the IS resources caused by various threats. This research addresses twofold : (1) to perform asset identification ad valuation and (2) to recommend countermeasures for secure HIS network using case studies This paper applied a risk management tool CRAMM (Central Computer and Tele-communications Agencys Risk Analysis and Management Method) to assess asset values and suggest countermeasures for the security of computerized medical information of two large hospitals in Korea. CRAMM countermeasures are recommended at the reference sites from the network security requirements of system utilized for the diagnosis and treatment of patients. The results of the study will enhance the awareness of IS risk management by IS managers.
- Publisher
- 한국경영과학회
- Issue Date
- 2000-05
- Language
- English
- Description
This article is confirmed to be submitted through the review and edition of the Korean Operations Research and Management Science Society. Please enter the title (Journal/Proceedings), volume, number, and pages properly when citing the article.
- Citation
한국경영과학회지, v.17, no.1, pp.145 - 158
- ISSN
- 1225-1119
- Appears in Collection
- MT-Journal Papers(저널논문)
- Files in This Item
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.