Security Risk Assessment in Electronic Health Record System

Madhavi, A.; Lincke, Susan

doi:10.1109/temscon.2018.8488449

Cited by 5 publications

(2 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Vulnerability is defined as a weakness that is either accidentally or intentionally triggered. The weakness in the security or controls of asset may be exploited by threats [9], [15] Vulnerabilities usually is a technical issue, but sometimes the incidents were caused by human, for example, the employee uses weak password which is vulnerable to attack from an outsider. Sometimes, without notice or awareness, someone will download software, not knowing that it contains malicious code.…”

Section: Vulnerabilitymentioning

confidence: 99%

See 1 more Smart Citation

Adopting ISO/IEC 27005:2011-based Risk Treatment Plan to Prevent Patients Data Theft

Hamit¹,

Sarkan²,

Azmi³

et al. 2020

Int. J. Adv. Sci. Eng. Inf. Technol.

View full text Add to dashboard Cite

The concern raised in late 2017 regarding 46.2 million mobile device subscriber's data breach had the Malaysian police started an investigation looking for the source of the leak. Data security is very important to protect the assets or information by providing its confidentiality, integrity, and availability not only in the telecommunication industry but also in other sectors. This paper attempts to protect the data of a patient-based clinical system by producing a risk treatment plan for its software products. The existing system is vulnerable to information theft, insecure databases, poor audit login, and password management. The information security risk assessment consisting of identifying risks, analyzing, and evaluating them were conducted before a risk assessment report is written down. A risk management framework was applied to the software development unit of the organization to countermeasure these risks. ISO/IEC 27005:2011 standard was used as the basis for the information security risk management framework. The controls from Annex A of ISO/IEC 27001:2013 were used to reduce the risks. Thirty risks have been identified, and seven high-level risks for the product have been recognized. A risk treatment plan focusing on the risks and controls has been developed for the system to reduce these risks to secure the patient's data. This will eventually enhance the information security in the software development unit and, at the same time, increase awareness among the team members concerning risks and the means to handle them.

show abstract

Section: Vulnerabilitymentioning

confidence: 99%

“…The controls from Annex A of ISO/IEC 27001:2013 [8], [9] are useful in handling and helping to reduce the risks encountered. Risk treatment will reduce the risks which are not acceptable by using the controls from Annex A in ISO/IEC 27001.…”

Section: Introductionmentioning

confidence: 99%