ISCRAM Digital Library -- Query Results

Peter H. Berghmans, Gerd Van Den Eede, & Bartel A. Van De Walle. (2008). A systems perspective on security risk identification: Methodology and illustrations from city councils. In B. V. de W. F. Fiedrich (Ed.), Proceedings of ISCRAM 2008 – 5th International Conference on Information Systems for Crisis Response and Management (pp. 266–275). Washington, DC: Information Systems for Crisis Response and Management, ISCRAM. Abstract: In this paper we take a system theoretic perspective to the process of security risk identification in the context of city councils. Based on this approach, we construct a framework that helps to identify risks. We analyze why this methodological framework is suitable for the risk identification process. Research in fifty Flemish city councils reveals the usefulness of our approach of combining a perceived vs. objective perspective with a technical vs. organizational one. We believe such a framework offers a workable tool for dealing with IS security risks in a systems thinking way. Keywords: Information systems; City council; IS security; Methodological frameworks; Methodology; Risk Identification; Security risks; Systems thinking; System theory Track: Trust in Emergency Planning and Response http://idl.iscram.org/show.php?record=310
Bartel A. Van De Walle, Ronald Spanjers, & Dirk De Wit. (2006). Stakeholder perceptions and standards for information security risks : A case study at a dutch health care organization. In M. T. B. Van de Walle (Ed.), Proceedings of ISCRAM 2006 – 3rd International Conference on Information Systems for Crisis Response and Management (pp. 513–527). Newark, NJ: Royal Flemish Academy of Belgium. Abstract: With the increased use of electronic patient files in Health Care Organizations (HCOs), addressing the risks related to the storage and use of patient information has become increasingly important to avoid intentional or unintentional disclosure, damage to or abuse of patients' personal health records. This has lead governments from various countries to introduce and impose information security standards for HCOs. The Dutch government introduced the NEN 7510 national information security standard; a standard derived from the international ISO 17799 norm. Preceding the implementation phase of NEN 7510 standard at a Dutch HCO, we conducted a field study to identify the information security risks as perceived by the main stakeholder groups in the HCO. We present the differences in the perceived information security risks and threats by end users, management and suppliers, and the degree to which these identified risks will be addressed by the implementation of the NEN 7510 standard. Keywords: Health care; Information systems; Security of data; Healthcare organizations; Information security risks; Nen 7510; Patient information; Personal health record; Stakeholder groups; Stakeholder perception; Stakeholders analysis; Risk perception Track: STAKEHOLDER COORDINATION FOR CRISIS MANAGEMENT http://idl.iscram.org/show.php?record=1039

Abstract: In this paper we take a system theoretic perspective to the process of security risk identification in the context of city councils. Based on this approach, we construct a framework that helps to identify risks. We analyze why this methodological framework is suitable for the risk identification process. Research in fifty Flemish city councils reveals the usefulness of our approach of combining a perceived vs. objective perspective with a technical vs. organizational one. We believe such a framework offers a workable tool for dealing with IS security risks in a systems thinking way.

Abstract: With the increased use of electronic patient files in Health Care Organizations (HCOs), addressing the risks related to the storage and use of patient information has become increasingly important to avoid intentional or unintentional disclosure, damage to or abuse of patients' personal health records. This has lead governments from various countries to introduce and impose information security standards for HCOs. The Dutch government introduced the NEN 7510 national information security standard; a standard derived from the international ISO 17799 norm. Preceding the implementation phase of NEN 7510 standard at a Dutch HCO, we conducted a field study to identify the information security risks as perceived by the main stakeholder groups in the HCO. We present the differences in the perceived information security risks and threats by end users, management and suppliers, and the degree to which these identified risks will be addressed by the implementation of the NEN 7510 standard.

Keywords: Health care; Information systems; Security of data; Healthcare organizations; Information security risks; Nen 7510; Patient information; Personal health record; Stakeholder groups; Stakeholder perception; Stakeholders analysis; Risk perception

Track: STAKEHOLDER COORDINATION FOR CRISIS MANAGEMENT

http://idl.iscram.org/show.php?record=1039