경영과학 (Korean Management Science Review)

한국경영과학회 (The Korean Operations Research and Management Science Society)
권호 표지

The Recommendation of Controls for Hospital Information System Using CRAMM: Case Studies of Two Korean Hospitals

  • Moon, Song-Chul (Systec Cop.) ;
  • Han, In-Goo (Graduate School of management Korea Advanced Institute of Science and Technology) ;
  • Lee, Sang-Jae (Techno-Management Research Institute Korea Advanced Insitute of Science and Technology)
  • 발행 : 2000.05.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

The medical records of diagnostic and testing information include sensitive personal information that reveals some of the most intimate aspects of an individual's life. The hospital information system (HIS) operates in a state of high risk which may lead to the possible loss to the IS resources caused by various threats. This research addresses twofold : (1) to perform asset identification ad valuation and (2) to recommend countermeasures for secure HIS network using case studies This paper applied a risk management tool CRAMM (Central Computer and Tele-communications Agency's Risk Analysis and Management Method) to assess asset values and suggest countermeasures for the security of computerized medical information of two large hospitals in Korea. CRAMM countermeasures are recommended at the reference sites from the network security requirements of system utilized for the diagnosis and treatment of patients. The results of the study will enhance the awareness of IS risk management by IS managers.

키워드