Title :
Risk Assessment Mechanism for Personal Information Operations -- Case Study by Hospital
Author :
She-I Chang ; Jung-Jei Su ; Hsing-Jung Li
Author_Institution :
Inst. of Accounting & Inf. Technol., Chung Cheng Univ., Chiayi, Taiwan
Abstract :
The literature collecting and studying in this paper are based on the Grounded Theory to identify the possible risk, and build up the prototype of risk assessment mechanism by the 64 risk factors framework which is generated from the 11 control areas of ISO 27001. Then, make sure the risk factors discussed are suitable through the mechanism modification by expert questionnaires distribution. Furthermore, through interviewing individual case by hospital to realize the impact to the implementation of the Personal Information Protection Act in the industry, and take further feasibility evaluation. Based on the results of this research, it is expected that an effective and quick method is developed to assist enterprises to identify possible risks and the importance of those risks in processing personal information, such that, the enterprises will not ignore those possible risks, on the same time, will not misjudge the importance of those risks either, therefore, reduce the chance of risk and possibility of illegal issues or personal information leakage generated by enterprise.
Keywords :
ISO standards; hospitals; law; medical information systems; risk management; security of data; ISO 27001; grounded theory; hospital; illegal issues; mechanism modification; personal information leakage; personal information operations; personal information processing; personal information protection act; risk assessment mechanism; Hospitals; ISO standards; Information security; Organizations; Risk management; ISO 27001; Information Security; Personal Information; Risk Assessment;
Conference_Titel :
Computational Science and Engineering (CSE), 2013 IEEE 16th International Conference on
Conference_Location :
Sydney, NSW
DOI :
10.1109/CSE.2013.120
