Implementation of information security management system in the small healthcare organization

• Autorzy: Tupa J. , Steiner F.
• Języki publikacji: EN

Abstrakty

EN

The contribution describes the scope and main subject designed within DIGI-Q project. The paper contains results from subprojects of information security management system (ISMS) implementation, managed by students of DIGI-Q course. Very interesting simple risk assessment method and risk management and their application within in small healthcare organization were developed. Criteria and procedures accepted are described.

Słowa kluczowe

EN

information security management; personal data protection; risk analysis

• Wydawca: Instytut Łączności - Państwowy Instytut Badawczy
• Czasopismo: Journal of Telecommunications and Information Technology
• Rocznik: 2006
• Tom: nr 2
• Strony: 52--58
• Opis fizyczny: Bibliogr. 10 poz., tab., rys.

Twórcy

autor

Tupa J.

autor

Steiner F.

• University of West Bohemia in Pilsen, Faculty of Electrical Engineering, Department of Technologies and Measurement, Univerzitní 26, CZ 306 14 Pilsen, Czech Republic,

Bibliografia

• [1] Information Security Management Systems – Specification with guidance use, BS 7799-2:2002. London: British Standards Institution, 2002.
• [2] F. Steiner, J. Tupa, and V. Skocil, “Risk management in manufacturing enterprises”, in Conf. ICPR-18, Salerno, Italy, 2005, pp. 1–5.
• [3] W. Ozier, “Introduction to information security and risk management”, http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=543
• [4] “Inftroduction to risk analysis”, http://www.security-risk-analysis.com/introduction.htm
• [5] J. Tupa, “Data Management System Audit according to Good-Priv@cy”, DIGI Q – SMEs Project Works. Prague: Czech Association for Quality Certification, 2004.
• [6] Information technology – Security techniques – Code of practice for information security management, ISO/IEC 17799:2005 ed. 2.
• [7] Quality management systems – Fundamentals and vocabulary, ISO 9000:2005 ed. 3.
• [8] Information technology – Guidelines for the management of IT Security – Part 3: Techniques for the management of IT Security, ISO/IEC TR 13335-3:1998 ed. 1.
• [9] Information technology – Guidelines for the management of IT Security – Part 4: Selection of safeguards, ISO/IEC TR 13335-4:2000 ed. 1.
• [10] Information technology – Guidelines for the management of IT Security – Part 5: Management guidance on network security, ISO/IEC TR 13335-5:2001 ed. 1.