Enterprise Information Systems within the Context of Information Security: A Risk Assessment for a Health Organization in Turkey

Abstract

Enterprise information systems implemented in the organizations are critical assets to provide competitive advantage in changing sectoral conditions and continuity of business processes and management of enterprise resources. In this regard, information security approaches and assessment techniques are used to examine the maturity level of enterprise and determine the risks and potential solutions for enterprise information systems. This study aims to measure information systems in terms of information security and risks. On the other hand, it is also aimed to describe the potential effects of assessment techniques and tools for state organizations to manage their critical assets. In order to achieve these aims, information systems of one of the large scale health sector organizations in Turkey were assessed via an international assessment tool that is adapted to Turkish conditions in some parts like legal regulations. The results obtained through assessment tool provide the current maturity level of the organization and remark the points that should be improved for the security of information systems and the critical components such as risks, processes, people, IT reliance and technology.