Risk Management Framework and Evaluation: Detail Site Study and Governance of Information Security Risk Management in Medical Information Technology Infrastructure in Hospitals

Sinan Adnan Diwan, Mohamed H. Ghaleb, Mohmmad Hasan Abd
2018 Indian Journal of Science and Technology  
Objectives: This research has focused on exploring the risk factors involved in hospital medical IT infrastructure risk factor while carry out the software and hardware deployment (i.e. field study) and proposed a risk management framework and assessments for managing the risk. The main objective of the research is to propose an information security risk management framework for a hospital domain as part of use-case in this research. In this paper, we have identified possibilities of risk that
more » ... ight happen anytime, carried out risk analysis in university hospital, and provided risk contingency plans. Methods: Information security is very important for the organization, but very particular for hospital domain, due to patient information is involved and it is very sensitive. While delivering the information, need to be producing the right information at right time with the effective care. The availability of information is very important in medical systems where most of the providers are from cross-border healthcare domain. The methodology followed is a qualitative approach of interview, collecting data, analysis the data, evaluate and provide recommendations. Findings: The expected outcome from this work is a recommendation of risk managing framework for hospital domain on a global context. The risk assessment evaluates the IT plan reports for hospitals and the involved parties to identify the sensitivity, threats, vulnerabilities, and risks that surround the whole medical IT infrastructure. The identified risks are analysed, prioritized and mitigated by providing relevant control plan and recommendationswere provided toavoid or minimize the risk factors in the medical domain. Improvements: Based on field study and risk evaluation reports, IT infrastructure can be improved and risk factors would be forecasted in future and minimized with effective contingency plans. because it improves the organizational performance and reduces the organization's risk. Information is very important and imperative, which is secured through the process of security risk management framework. Information security risk assessment will confirm the availability of right asserts and assess the risk according to asserts in an
doi:10.17485/ijst/2018/v11i14/121300 fatcat:jz2zfehtfrfc7dvuxlgpa3fboq