Wyniki wyszukiwania - Biblioteka Nauki

Nowa wersja platformy, zawierająca wyłącznie zasoby pełnotekstowe, jest już dostępna.
Przejdź na https://bibliotekanauki.pl

Ograniczanie wyników

Znaleziono wyników: 2

Liczba wyników na stronie

Wyniki wyszukiwania

Wyszukiwano:
w słowach kluczowych: incydenty związane z bezpieczeństwem informacji

Sortuj według:

Ogranicz wyniki do:

Information security management in the operations of healthcare entities

100%

Dobski P.

Zeszyty Naukowe. Organizacja i Zarządzanie / Politechnika Śląska

2024

tom z. 192

179--197

Purpose: The primary purpose of the study is to indicate the threats faced by medical entities in the context of the growing scale of collection and processing of personal data, including sensitive data. Therefore, it seems justified to attempt to systemically secure the processes related to this. Specific objective: The main objective formulated in this way required further specification through the scientific and cognitive objective, which was to assess whether the implementation of the ISO 27001:2017 information security system in a medical entity allows for reducing the risk of information security incidents. Project/methodology: The scope of scientific research defined in this way required the author not only to conduct literature studies, but also to apply appropriate research methods. As part of the considerations, it was decided to use methods such as: statistical analysis of data on the scale of implementation of a standardized data security system in the world and in Poland and the method of scientific description. Results: The literature studies conducted and the research methods used allowed to demonstrate that the implementation of a standardized information security management system allows, by taking into account the requirements resulting from it, to increase the level of information security in medical entities. Identification of organizational, legal and ICT risks reduces the likelihood of information security incidents, and thus reduces the risk of exposing the healthcare entity to legal liability resulting from violation of the provisions of the Personal Data Protection Act (Journal of Laws of 2018, item 100) and the Regulation of the Parliament European Union and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). Limitations: A certain limitation faced by the author was the inability to take into account the number of ISO 27001:2017 certificates issued in medical entities both in the world and in Poland. This is due to the fact that certification bodies are not obliged to make such information public. Additionally, a certain limitation is the lack of reporting on compensation awarded by common courts to persons who have been harmed as a result of a breach of the protection of their personal data. Practical implications: The study proposes a method for estimating risks in the field of information security in the activities of organizations, including healthcare entities. Additionally, the main benefits resulting from the implementation of the ISO 27001:2017 information security management system were indicated and the barriers that the manager of an entity providing health services should take into account were demonstrated. Originality/value: There are a number of studies in both domestic and foreign literature on the information security system and its importance in organizations. Few authors make the effort to analyze this type of solutions in the context of providing medical services and the problems that must be solved by people managing medical entities.

A comparative analysis of information security incidents in public administration in selected European Union countries

84%

Lisiak-Felicka D.

nr 134

25-34

Artykuł przedstawia problematykę zarządzania incydentami związanymi z bezpieczeństwem informacji w administracji publicznej. Celem zarządzania incydentami bezpieczeństwa jest minimalizacja negatywnego wpływu incydentów oraz zapewnienie ciągłości działania organizacji. Niezwykle istotna jest wiedza o zagrożeniach, w tym o liczbie i typach zgłaszanych incydentów. W artykule przedstawiono kluczowe kwestie dotyczące zarządzania incydentami oraz zagadnienia prawne związane z tematyką incydentów bezpieczeństwa i pracą zespołów reagowania na incydenty komputerowe. Przedstawiono również przykłady incydentów, jakie miały miejsce ostatnio w jednostkach administracji publicznej w Polsce. Następnie przeprowadzono analizę danych statystycznych o raportowanych incydentach w Polsce w latach 2020-2022, a wyniki porównano z liczbami incydentów zgłaszanych w wybranych krajach Unii Europejskiej. Wyniki badania pokazują, że dominującym typem incydentów są oszustwa (głównie phishing), a administracja publiczna jest jednym z głównych celów ataków cyberprzestępców. Wykazano również trudności w przeprowadzaniu takich analiz porównawczych.

The article presents the issue of information security incident management in public administration. The goal of security incident management is to minimize the negative impact of incidents and ensure the continuity of the organization's operations. It is critical to know what the threats are, including the number and types of incidents reported. The article outlines key incident management and legal issues related to the topic of security incidents and the work of computer incident response teams. Examples of incidents that took place recently in public administration units in Poland were also presented. This was followed by an analysis of statistical data on reported incidents in Poland in the years 2020-2022, and the results were compared with the number of incidents reported in selected European Union countries. The results of the study show that the dominant type of incidents is fraud (mainly phishing), and public administration is one of the main targets of cybercriminals' attacks. Difficulties in conducting such comparative analysis have also been demonstrated.