Advanced search
Publication Cover
Risk Management and Healthcare Policy Volume 9, 2016 - Issue
Submit an article Journal homepage
712
Views
7
CrossRef citations to date
0
Altmetric
Original Research

Information security risk management for computerized health information systems in hospitals: a case study of Iran

Javad Zarei1 Health Information Management, Health Management and Economics Research Center, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran
&
Farahnaz Sadoughi2 Health Information Management Department, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of IranCorrespondence[email protected]
Pages 75-85 | Published online: 27 May 2016

References

  • MeierCAFitzgeraldMCSmithJMeHealth: extending, enhancing, and evolving health careAnnu Rev Biomed Eng20131535938223683088
  • BloomrosenMStarrenJLorenziNMAshJSPatelVLShortliffeEHAnticipating and addressing the unintended consequences of health IT and policy: a report from the AMIA 2009 Health Policy MeetingJ Am Med Inform Assoc2011181829021169620
  • FichmanRGKohliRKrishnanREditorial overview-the role of information systems in healthcare: current research and future trendsInform Syst Res2011223419428
  • AghazadehSAliyevAEbrahimnezhadMReview the role of hospital information systems in medical services developmentInt J Comput Theory Eng201246866
  • AghajariPEHassankhaniHShaykhalipourZHealthcare information system: The levels of computerizationIntl. Res. J. Appl. Basic. Sci201379536540
  • MeingastMRoostaTSastrySSecurity and privacy issues with health care information technologyEngineering in Medicine and Biology Society, 2006 EMBS’06 28th Annual International Conference of the IEEENew York, NYIEEE2006
  • SamyGNAhmadRIsmailZThreats to health information securityInformation Assurance and Security, 2009 IAS’09 Fifth International Conference onXi’anIEEE2009
  • HoffmanSPodgurskiAIn sickness, health, and cyberspace: protecting the security of electronic private health informationBoston Coll Law Rev20074820615
  • Fernández-AlemánJLSeñorICLozoyaPATovalASecurity and privacy in electronic health records: a systematic literature reviewJ Biomed Inform201346354156223305810
  • New Zealand Ministry of HealthHealth Information Security Framework Essentials and Recommendations HISO 100291WellingtonNew Zealand Ministry of Health2009
  • JouiniMRabaiLBAAissaABClassification of security threats in information systemsProcedia Comput Sci201432489496
  • NISTSpecial Publication 800-30-Revision 1 Guide for Conducting Risk AssessmentsGaithersburgNIST2012
  • MylerEBroadbentGISO 17799: standard for securityInf Manage200640643
  • WhitmanMMattordHManagement of Information Security4 edBostonCengage Learning2013576
  • enisa [webpage on the Internet]Risk Management/Risk Assessment European Union Agency for Network and Information Security (ENISA)2005–2014 [cited May 11, 2014]. Available from: https://www.enisa.europa.eu/topics/threat-risk-management/risk-managementAccessed March 11, 2014
  • FenzSEkelhartANeubauerTInformation security risk management: in which security solutions is it worth investing?Commun Assoc Inform Syst2011281329356
  • HumphreysTInformation Security Risk Management Handbook: Handbook for ISO/IEC 27001LondonBritish Standard Institution2010
  • DuboisÉHeymansPMayerNMatulevicˇiusRA systematic approach to define the domain of information system security risk managementNurcanSSalinesiCSouveyetCRalytéJIntentional Perspectives on Information Systems EngineeringBerlinSpringer2010289306
  • SilvaMMde GusmãoAPHPoletoTe SilvaLCCostaAPCSA multidimensional approach to information security risk management using FMEA and fuzzy theoryInt J Inform Manag2014346733740
  • WagerKAWickham LeeFGlaserJPManaging Health Care Information System: A Practical Approach for Health Care ExecutivesHobokenJohn Wiley & Sons2005
  • StoneburnerGGoguenAFeringaARisk Management Guide for Information Technology Systems. Recommendations of the National Institute of Standards and TechnologyGaithersburgBooz Allen Hamilton Inc2002
  • NikpajuhAKarimiAAHealth Promotion in Hospitals: Evidence and Quality ManagementTehranInstitute for modern Iranian Health Promotion and Disease Prevention2010 Persian
  • Ministry of Health and Medical EducationReport of Use of Hospital Information Systems in IranTehranMinistry of Health and Medical Education2014 In Persian
  • AkhondzadeRHealth system transformation project, an opportunity or a threat for doctors (Editorial)J Anesthesiol Pain20145112 (In Persian).
  • FarzandipourMSadoughiFAhmadiMKarimiISecurity requirements and solutions in electronic health records: lessons learned from a comparative studyJ Med Syst201034462964220703917
  • FildesJStuxnet Virus Targets and Spread Revealed: BBC News2152011 [cited February 18, 2014]. Available from: http://www.bbc.com/news/technology-12465688Accessed on February 18, 2014
  • MunroKDeconstructing flame: the limitations of traditional defencesComput Fraud Secur2012201210811
  • DemidovOSimonenkoMFlame in cyberspaceSecur Index20131916972
  • WangenGThe role of malware in reported cyber espionage: a review of the impact and mechanismInformation201562183211
  • GReATThe Regin Platform: Nation-State Ownage of GSM NetworksMoscowKaspersky Lab’s Global Research & Analysis Team (GReAT)2014
  • SymantecRegin: Top-Tier Espionage Tool Enables Stealthy SurveillanceCupertino, CASymantec Corporation2014
  • ISOISO/IEC 27005 Information Technology – Security Techniques – Information Security Risk Management (First Edition)GenevaInternational Organization for Standardization2008
  • CaralliRAStevensJFYoungLRWilsonWRIntroducing octave allegro: Improving the information security risk assessment processPittsburghSoftware Engineering Institute, Carnegie Mellon University2007 Contract No.: CMU/SEI-2007-TR-009
  • CLUSIFRisk Management-Concepts and MethodsParisCLUSIF2010
  • CLUSIFMEHARI 2010 Processing Guide for Risk Analysis and ManagementParisCLUSIF2011132
  • Ministry of Finance and Public AdministrationMAGERIT – Version 3.0. Methodology for Information Systems Risk Analysis and ManagementMadridMinistry of Finance and Public Administration-Technical Secretariat, Information, Documentation and Publications Unit Publications Center2014
  • Ferderal Office for Information Security BSupplement to BSI-Standard 100-3 Application of the Elementary Threats from the IT-Grundschutz Catalogues for Performing Risk AnalysesBonnFerderal Office for Information Security B2011
  • Communications Security Establishment CanadaOverview: IT Security Risk Management: A Lifecycle Approach (CSEC ITSG-33)CanadaCommunications Security Establishment Canada (CSEC)2012
  • SOMAP.orgOpen Information Security Risk Assessment guide, Version 10. The Security Officers Management and Analysis Project (SOMAP.org)2007135 Available from: http://download.matus.in/security/Open%20Information%20Security%20Risk%20Assessment%20Guide_v1.0.0.pdfAccessed February 8, 2014Accessed on February 26, 2014
  • CaseyTThreat Agent Library Helps Identify Information Security Risks Intel White Paper92007
  • LundMSSolhaugBStølenKModel-Driven Risk Analysis: The CORAS ApproachBerlinSpringer2010
  • ETSITelecommunications and Internet Converged Services and Protocols for Advanced Networking (TISPAN): Methods and protocols. Part 1: Method and Proforma for Threat, Risk, Vulnerability Analysis(TVRA)FranceEuropean Telecommunications Standards Institute (ETSI)20061100
  • The Open GroupOpen Group Standard Risk Analysis (O-RA)BerkshireThe Open Group2013
  • ANSSIEBIOS 2010 – Expression of Needs and Identification of Security ObjectivesFranceANSSI2014 [cited October 1, 2014]. Available from: http://www.ssi.gouv.fr/uploads/2011/10/EBIOS-1-GuideMethodologique-2010-01-25.pdf. French
  • ISOISO/IEC 17799:2005Information Technology – Security Techniques – Code of Practice for Information Security ManagementGenevaInternational Organization for Standardization2005
  • ISOISO 27799:2008(E) Health Informatics-Information Security Management in Health Using ISO/IEC 27002GenevaInternational Organization for Standardization2008
  • TritilanuntSTongsrisomboonARisk analysis and security management of IT information in hospitalInt J Comput Inform Technol20144319
  • MortazaMBRisk management for health information security and privacyAm J Health Sci201232125134
  • MacedoFNModels for assessing information security riskMSc thesisInstituto Superior Técnico da Universidade Técnica de Lisboa2009
  • Van DeursenNBuchananWJDuffAMonitoring information security risks within health careComput Secur2013373145
  • ShahriABIsmailZA tree model for identification of threats as the first stage of risk assessment in HISJ Inform Secur201232169
  • JansenAThe cyber security risk assessment maturity of hospitalsMSc thesisInstitute of Information and Computer Science, Utrecht University2014
  • BavaMCacciariDSossaEZottiDZangrandoRInformation security risk assessment in healthcare: the experience of an Italian Paediatric HospitalComputational Intelligence, Communication Systems and Networks, 2009 CICSYN’09 First International Conference onIndoreIEEE2009
  • TemesgenDKAnalysis of The Health Information Security Management Practices of Healthcare Organizations in Amhara Region, Ethiopia the Case of Felege Hiwot Regional ReferalMSc thesisThe School of Graduate Studies of Addis Ababa University2011
  • Technical Department of European Network and information Security Agency (ENISA)Section Risk ManagementRisk Management: Implementation Principles and Inventories for Risk Management/Risk Assessment Methods and ToolsGreeceTechnical Department of European Network and information Security Agency (ENISA), Section Risk Management2006
  • KounsJMinoliDInformation Technology Risk Management in Enterprise EnvironmentsHobokenJohn Wiley & Sons, Inc2010
  • PandeySKMustafaKA comparative study of risk assessment methodologies for information systemsBull Electr Eng Inform201212111122
  • RazaviHMohagheghMEmamiRazaviSHospital Accreditation Standards in IranTehranMinistery of Health & Education2011 In Persian
  • The ISO 27000 Directory [webpage on the Internet]An Introduction to ISO 27001, ISO 27002.ISO 27008. The ISO 27000 Directory2014 [cited May 25, 2014]. Available from: http://www.27000.org/index.htmAccessed May 25, 2014
  • MoghaddasiHHosseiniASSajjadiSNikookalamMReasons for deficiencies in health information laws in IranPerspect Health Inf Manag2014111b
  • FosterBLejinsYEhealth security Australia: the solution lies with frameworks and standards2nd Australian eHealth Informatics and Security Conference2013 2nd-4th DecemberEdith Cowan University, Perth, Western AustraliaPerthSRI Security Research Institute2013
  • GarnerJCFinal HIPAA security regulations: a reviewManag Care Q2003113152714983648
  • ShahiMProposed framework for information technology governance in hospitals affiliated to Iran University of Medical SciencesPHD ThesisTehranIran University of Medical Sciences2014 In Persian
  • PosthumusSVon SolmsRA framework for the governance of information securityComput Secur2004238638646
  • SunyaevAPflugJResearch toward the practical application of a risk evaluation framework: Security analysis of the clinical area within the German Electronic Health Information SystemProceeding in: 24th Bled e-Conference e-Future: Creating Solutions for the Individual, Organizations and SocietyJune 12–15; 2011Bled, SloveniaAssociation for Information Systems Electronic Library (AISeL)201115668
  • JohnsonMEGoetzEEmbedding information security into the organizationIEEE Secur Privacy2007531624
  • WhittenDThe chief information security officer: an analysis of the skills required for successJ Comput Inform Syst200848315
  • TavakoliNEhteshamiAHassanzadehAAminiFInformation security management in Isfahan University of Medical Sciences’ Academic Hospitals in 2014Int J Health Syst Disaster Manag201423175
  • BahtiHRegraguiBRisk management for ISO 27005 decision supportInt J Innov Res Sci Eng Technol201323530538
  • LandoltSHirschelJSchliengerTBusingerWZbindenAMAssessing and comparing information security in Swiss HospitalsInteract J Med Res201212e1123611956

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.