Title :
Stakeholders´ Perceptions on Hospital Information Security Risk Analysis in Taiwan
Author :
Chang, Chi-Chang ; Sun, Pei-Ran ; Cheng, Sun-Long ; Chen, Ruey-Shin
Author_Institution :
Dept. of Appl. Inf. Sci., Chung Shan Med. Univ., Taichung, Taiwan
Abstract :
The purpose of this study is to analysis the hospital information security risk and to raise organizational stakeholders´ risk sense. Because of most risk management methods do not explicitly support different stakeholder perspectives and those that do, often limit the number of stakeholders and assume that consensus can be reached. Therefore, this paper adopted the ISO17799 practical standard with non-expected utility theory for risk analysis. In order to make sure the feasibility, we conducted a field study for a medical center of middle Taiwan to comment the risk of identification, analyses, measurement and control, respectively. Based on the result of this study, we found that the risk measurement of the proposed methodology be able to elicit the real risk attitude of each stakeholder more accurate. Further, it not only can realize the more accurate potential risk incident by utilize the non-parameter method, but also achieve the purpose of shift risk and control losses.
Keywords :
ISO standards; health care; medical information systems; risk management; security of data; statistical distributions; utility theory; ISO 17799 standard; control loss; hospital information security risk analysis; medical center; middle Taiwan; nonexpected utility theory; organizational stakeholder risk perception; probability distribution function; risk attitude measurement; risk management method; shift risk; Data security; Hospitals; Information security; Medical services; Psychology; Risk analysis; Risk management; Shape; Sun; Utility theory;
Conference_Titel :
Management and Service Science, 2009. MASS '09. International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-4638-4
Electronic_ISBN :
978-1-4244-4639-1
DOI :
10.1109/ICMSS.2009.5305782
