The Recommendation of Controls for Hospital Information System Using CRAMM: Case Studies of Two Korean Hospitals

The medical records of diagnostic and testing information include sensitive personal information that reveals some of the most intimate aspects of an individuals life. The hospital information system (HIS) operates in a state of high risk which may lead to the possible loss to the IS resources caused by various threats. This research addresses twofold : (1) to perform asset identification ad valuation and (2) to recommend countermeasures for secure HIS network using case studies This paper applied a risk management tool CRAMM (Central Computer and Tele-communications Agencys Risk Analysis and Management Method) to assess asset values and suggest countermeasures for the security of computerized medical information of two large hospitals in Korea. CRAMM countermeasures are recommended at the reference sites from the network security requirements of system utilized for the diagnosis and treatment of patients. The results of the study will enhance the awareness of IS risk management by IS managers.
Publisher
한국경영과학회
Issue Date
2000-05
Language
ENG
Description

This article is confirmed to be submitted through the review and edition of the Korean Operations Research and Management Science Society. Please enter the title (Journal/Proceedings), volume, number, and pages properly when citing the article.

Citation

한국경영과학회지, v.17, no.1, pp.145 - 158

ISSN
1225-1119
URI
http://hdl.handle.net/10203/4242
Appears in Collection
MT-Journal Papers(저널논문)
Files in This Item
2000-029.pdf(871.17 kB)Download
  • Hit : 491
  • Download : 241
  • Cited 0 times in thomson ci

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0