Abstract
Most of the information security events in medical organizations are due to improper management. This is a clear indication that the security of information is an issue related to information and communication technology and a management issue as well. In a review of literature, most research on information security has focused on information and communication technology issues, such as network security and access control; rarely addressing issues at the management-level. The main purpose of this study is to construct a mechanism for the management of information with regard to security as it applies to medical organizations. This mechanism is based on the eleven control items and one hundred thirty-three control objectives of the ISO27001 information security management standard. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high risk, transferable-risk, and controlled-risk to facilitate the management of such risk.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
