보건의료산업학회지 (The Korean Journal of Health Service Management)

  • 제9권2호
  • /
  • Pages.23-32
  • /
  • 2015
  • /
  • 2093-5986(pISSN)
  • /
  • 2288-0666(eISSN)
보건의료산업학회 (Korea Society of Health Service Management)
권호 표지
DOI QR코드

DOI QR Code

의료기관 종별 웹 사이트 정보보안 관리 실태 연구

A Study on Information Security Management of Hospital Web Sites

  • 김종민 (고신대학교 인터넷비즈니스학과) ;
  • 류황건 (고신대학교 의료경영학과)
  • Kim, Jong-Min (Department of Internet Business, Kosin University) ;
  • Ryu, Hwang-Gun (Department of Health Care Administration, Kosin University)
  • 투고 : 2015.03.23
  • 심사 : 2015.06.18
  • 발행 : 2015.06.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

In this paper, we evaluated web security vulnerability and privacy information management of hospital web sites which are registered at the Korea Hospital Association. Vulnerability Scanner (WVS) based on the OWASP Top 10 was used to evaluate the web security vulnerability of the web sites. And to evaluate the privacy information management, we used ten rules which were based on guidelines for protecting privacy information on web sites. From the results of the evaluation, we discovered tertiary hospitals had relatively excellent web security compared to other type of hospitals. But all the hospital types had not only high level vulnerabilities but also the other level of vulnerabilities. Additionally, 97% of the hospital web sites had a certain level of vulnerability, so a security inspection is needed to secure the web sites. We discovered a few SQL Injection and XSS vulnerabilities in the web sites of tertiary hospitals. However, these are very critical vulnerabilities, so all hospital types have to be inspected to protect their web sites against attacks from hacker. On the other hand, the inspection results of the tertiary hospitals for privacy information management had a better compliance rate than that of the other hospital types.

키워드

참고문헌

  1. MPIS(2014), Proceedings of Medical Center Privacy Information Security, pp.142-143.
  2. Y.J. Jeon(2012), The Medical Information Protection and major Issues, J of The Korea Society of Computer and Information, Vol.17(12);251-258. https://doi.org/10.9708/jksci/2012.17.12.251
  3. HIMSS(2012), 2012 HIMSS Analytics Report: Security of Patient Data, Kroll, p.111.
  4. E.S. Kang(2015), Information Security for CxO, Hanbit media, pp.60-61.
  5. T. Lanowitz(2005), Now is the time for security at Application Level, Gartner Research, pp.3-7.
  6. G.H. Kim(2014), Implementation and Design of Proxy System for Web vulnerability Analysis, JKIECS, Vol.9(9);1011-1018.
  7. Y.K. Shin(2014), Evaluation of Vulnerabilities in the Hotel Industry's Website, J of Korean Academic Society of Hospitality Administration, Vol.23(3);123-143.
  8. H.S. Jang(2012), Vulnerability Analysis using the Web Vulnerability Scanner, J. of Korea Convergence Security, Vol.12(4);71-76.
  9. OWASP, http://www.owasp.org
  10. J.H. Lee(2011), Study on the OWASP and WASC-oriented Web Application Security, The journal of Korea Navigation Institute, Vol.15(3);372-377.
  11. MOPAS(2012), Guidelines for Protecting Privacy Information in Web Sites, Ministry of Public Administration and Security, pp.16-381.
  12. Chris Sanders(2007), Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, No Starch Press, pp.2-12.
  13. KISA(2010), User Guide for Safe Password 2010-22, KISA, pp.6-8.
  14. Acunetix(2014), Web Vulnerability Scanner v.9.5 Product Manual, Acunetix, pp.36-37.
  15. Y.K. Seong(2013), Internet & Security Focus 2013, Korea Internet & Security Agency, pp.73-74.
  16. KISA(2013), Guide for Diagnosing and Eliminating Web Vulnerabilities, KISA, pp.13-32.
  17. S.J. Ahn, S.M. Kwon(2005), A Development of the Model for Evaluating the Security of Information Systems in Health Care Organizations, J. of Koean Society of Hospital Management, Vol.10(4);98-112.
  18. Y.J. Jeun(2013), EMR System and Patient Medical Information Protection, The Korean Journal of Health Service Management, Vol.7(3);213-223. https://doi.org/10.12811/kshsm.2013.7.3.213

피인용 문헌

  1. A Study on the Operation and Personal Information Management of Public and Private Kindergarten Homepages vol.37, pp.6, 2016, https://doi.org/10.5723/kjcs.2016.37.6.119
  2. 대학생의 뇌사자 장기기증 의도에 영향을 미치는 요인+ vol.12, pp.4, 2015, https://doi.org/10.12811/kshsm.2018.12.4.191