Haufe Knut, Dzombeta Srdan, Brandis Knud
Persicon Corporation, Friedrichstraße 100, 10117 Berlin, Germany.
ScientificWorldJournal. 2014 Feb 19;2014:146970. doi: 10.1155/2014/146970. eCollection 2014.
Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.
云计算实际上是信息系统研究中最热门的主题之一。考虑到所处理信息的性质,尤其是医疗保健组织需要在其信息安全管理系统中根据云计算评估和处理特定风险。因此,在本文中,我们提出了一个框架,其中包括医疗保健领域中与云计算相关的最重要的安全流程。从源自ISO 27000系列标准的通用信息安全管理流程框架入手,考虑到与云计算相关的主要风险以及所处理信息的类型,将确定使用云计算的医疗保健组织最重要的信息安全流程。所确定的流程将帮助使用云计算的医疗保健组织专注于最重要的信息安全管理体系流程,并在资源有限的情况下,以适当的成熟度水平建立和运行这些流程。