{"title":"信息安全事件学习的挑战:一个中国医疗机构的工业案例研究","authors":"Ying He, Chris W. Johnson","doi":"10.1080/17538157.2016.1255629","DOIUrl":null,"url":null,"abstract":"ABSTRACT Security incidents can have negative impacts on healthcare organizations, and the security of medical records has become a primary concern of the public. However, previous studies showed that organizations had not effectively learned lessons from security incidents. Incident learning as an essential activity in the “follow-up” phase of security incident response lifecycle has long been addressed but not given enough attention. This paper conducted a case study in a healthcare organization in China to explore their current obstacles in the practice of incident learning. We interviewed both IT professionals and healthcare professionals. The results showed that the organization did not have a structured way to gather and redistribute incident knowledge. Incident response was ineffective in cycling incident knowledge back to inform security management. Incident reporting to multiple stakeholders faced a great challenge. In response to this case study, we suggest the security assurance modeling framework to address those obstacles.","PeriodicalId":440622,"journal":{"name":"Informatics for Health and Social Care","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization\",\"authors\":\"Ying He, Chris W. Johnson\",\"doi\":\"10.1080/17538157.2016.1255629\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT Security incidents can have negative impacts on healthcare organizations, and the security of medical records has become a primary concern of the public. However, previous studies showed that organizations had not effectively learned lessons from security incidents. Incident learning as an essential activity in the “follow-up” phase of security incident response lifecycle has long been addressed but not given enough attention. This paper conducted a case study in a healthcare organization in China to explore their current obstacles in the practice of incident learning. We interviewed both IT professionals and healthcare professionals. The results showed that the organization did not have a structured way to gather and redistribute incident knowledge. Incident response was ineffective in cycling incident knowledge back to inform security management. Incident reporting to multiple stakeholders faced a great challenge. In response to this case study, we suggest the security assurance modeling framework to address those obstacles.\",\"PeriodicalId\":440622,\"journal\":{\"name\":\"Informatics for Health and Social Care\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-01-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Informatics for Health and Social Care\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1080/17538157.2016.1255629\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Informatics for Health and Social Care","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/17538157.2016.1255629","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization
ABSTRACT Security incidents can have negative impacts on healthcare organizations, and the security of medical records has become a primary concern of the public. However, previous studies showed that organizations had not effectively learned lessons from security incidents. Incident learning as an essential activity in the “follow-up” phase of security incident response lifecycle has long been addressed but not given enough attention. This paper conducted a case study in a healthcare organization in China to explore their current obstacles in the practice of incident learning. We interviewed both IT professionals and healthcare professionals. The results showed that the organization did not have a structured way to gather and redistribute incident knowledge. Incident response was ineffective in cycling incident knowledge back to inform security management. Incident reporting to multiple stakeholders faced a great challenge. In response to this case study, we suggest the security assurance modeling framework to address those obstacles.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
