Information Security Standards in Healthcare Activities

Abstract

Information is mandatory in healthcare activities and in all that are related to it. In this same sense, people that deal with those information requires attention because patient´s information could be exposed. The use of directions stated by information security standards might allow a proactive attitude in the face of the diversity of threats that as the potential to explore the vulnerabilities of organizational assets. This article intends to recognize information threats and vulnerabilities that could be explored, using information security international standards to support the activities needed to assume information safeguard. Another intention is the establishment of a basis of references in information security to define a level of risk classification to build a referential to the potential that a given threat has to exploit the vulnerabilities of informational assets, preventing damages to personal and organizational property, and also activity continuity, assuming information as the main resource.