The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Design Security Management Evaluation Model for Small-Medium size Healthcare Institutions

중소형 의료기관 보안관리 평가모델 설계 연구

  • Kim, Ja Won (Dept. of Security Convergence, Graduate School, Chung-Ang University) ;
  • Chang, Hang Bae (Dept. of Industrial Security, Chung-Ang University)
  • Received : 2018.01.08
  • Accepted : 2018.02.01
  • Published : 2018.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, the security characteristics of healthcare institutions were derived through analysis of previous research, and the characteristics and status of small and medium sized healthcare institutions were surveyed through field surveys of small and medium sized healthcare institutions. The security management evaluation model for small and medium sized healthcare institutions was designed and verified based on the security characteristics of small and medium healthcare institutions. For the design, we compared and analyzed existing security management system and evaluation certification system of healthcare institutions. We also confirmed the proposed security management evaluation model and the degree of sharing. In addition, we conducted validation for the statistical verification of the proposed security management evaluation model for small and medium sized healthcare institutions, and we performed the relative priority analysis through AHP analysis to derive the weight for each item. The result of this study is expected to be used as a standard of security management evaluation model that can be practiced in small and medium sized healthcare institutions.

최근 4차 산업혁명의 도래로 인해 융합서비스 환경으로 변화함에 따라 융 복합적인 새로운 보안위협이 나타나고 있다. 이에 중소형 의료기관 또한 비즈니스 환경을 고려한 특화된 보안을 필요로 하고 있는 실정이다. 따라서 본 논문에서는 선행연구 분석을 통해 의료기관 보안 특성을 도출하고 중소형 의료기관의 현장조사를 통해 중소형 의료기관 보안 특성과 현황을 조사하였다. 이러한 중소형 의료기관 보안 특성을 기반으로 중소형 의료기관을 위한 보안관리 평가모형을 설계하고 검증하였다. 설계를 위해 현존하는 의료기관 관련 보안관리체계, 평가 인증 체계 비교분석을 수행하였고 본 논문에서 제안한 보안관리 평가 모형과 공유정도 또한 확인하였다. 또한 제안하는 중소형 의료기관을 위한 보안관리 평가모형의 통계적 검증을 위해 적합 타당성 검증을 수행하였고, AHP 분석을 통한 상대적 우선순위 분석을 수행하여 항목별 가중치를 도출하였다. 본 연구의 결과를 통해 중소형 의료기관이 실제 수행 가능한 보안관리 평가모형의 기준으로 활용될 수 있을 것으로 기대된다.

Keywords

References

  1. Bae, J.-M., Kim, S. G., and Chang, H. B., “A Study on Design Direction of Industry-Centric Security Level Evaluation Model through Analysis of Security Management System,” Society for e-Business Studies, Vol. 20, No. 4, pp. 177-191, 2015. https://doi.org/10.7838/jsebs.2015.20.4.177
  2. Choi, Y.-S., Moon, S.-Y., Kang, H.-J., and Jun, H.-J., “A Study on t-he Development of a Model to Measure the Knowledge Based Information Utilization Level in Architectural Design Work Environment,” Journal of the Architectural Institute of Korea, Vol. 29, No. 4, pp. 59-70, 2013.
  3. ETNews, [cited 2018 Jan 26], Available from: URL: http://www.etnews.com/20170728000514.
  4. ISO 27799 Annex A Threats to health information security, 2016.
  5. ISO/IEC 27001 : 2013, Information Technology Security Techniques Information security management systems requirements, 2013.
  6. Korean Hospital Association, Personal Information Protection Self-Checklist, 2016.
  7. Korean Internet & Security Agency(KI-SA), Information Security Management System(ISMS) Certification Standard, 2013.
  8. Liu, C. H., Lin, F. Q., Chiang, D. L., Chen, T. L., Chen, C. S., Lin, H. Y., Chung, Y. F., and Chen, T. S., "Secure PHR Access Control Scheme for Healthcare Application Clouds," in Proceeding of 42nd International Conference on Parallel Processing, pp. 1069-1076, 2013.
  9. Medical Law, [cited 2017 Oct 27], Available from: URL: http://www.law.go.kr.
  10. Ministry of Government Administration and Home Affairs, Privacy control level indicator, 2015.
  11. Ministry of Health & Welfare & Korea Health Industry Development Agency, Information Protection Guide for Medical Institutions-Hospital, 2016.
  12. Ministry of Health & Welfare & Korea Health Industry Development Agency, Information Protection Guide for Medical Institutions-Medical Center, 2016.
  13. Ministry of Health and Welfare & Ministry of Government Administration and Home Affairs, Privacy Guidelines-Medical Institutions, 2013.
  14. National Intelligence Service: Information security management status index, 2015.
  15. Pharmacy personal information self-checklist, 2015.
  16. Shin, E. H. and Chang, H. B., “A Study on the Method of Security Industrial Classification through the Review of Industrial Special Classification,” Society for e-Business Studies, Vol. 22, No. 4, pp. 175-191, 2017.
  17. Van Deursen, N., Buchanan, W. J., and Duff, A., "Monitoring information security risks within health care," Computer & Security, 2013.
  18. Veiga, A. D. and Eloff, J. H. P., “An Information Security Governance Framework,” Information Systems Management, Vol. 24, No. 4, pp. 361-372, 2007. https://doi.org/10.1080/10580530701586136
  19. York, T. W. and MacAlistrer, D., Hospital & Healthcare Security, Butterworth Heinemann, 6th Edition.

Cited by

  1. 의료 ICT융합 환경에서 안전한 사용자 관리를 위한 인증시스템 설계 및 구현: 중소형 의료기관을 중심으로 vol.19, pp.3, 2018, https://doi.org/10.33778/kcsa.2019.19.3.029