The attributes of risk in healthcare

The attributes of risk Risk in informations systems is generally perceived in relation to attributes. proposes the attributes of confidentiality, integrity and availability, aswell other attributes such as authenticity, accountability, non-repudiation and reliability may also be involved [ISO 17799]. [Zhou, 1999] proposes confidentiality, integrity, availability, non repudiation and authentification. We present here some definitions. Confidentiality En savoir plus surThe attributes of risk in healthcare[…]

Definitions of risk

This document presents various definitions of risk found in litterature. It is intended as a tool for students. The word risks has its origins in the Middle-Ages Italian word risco,meaning jagged rock, used by early insurance companies to indicate the danger at sea. Beucher(2004) From the Latin resecum. Beucher(2004) Risk is discontinuity Léger(2006) Risk is En savoir plus surDefinitions of risk[…]

Informational Risk management requirements in healthcare

Today, Information Technology (IT) has become necessary for the provision of efficient healthcare services. As computers are becoming integrated in almost every technology, healthcare is a domain that has benefited significatly from technological innovation. Healthcare workers rely ever more on the timely availability of acurate, quality information in all aspects of patient care, public health En savoir plus surInformational Risk management requirements in healthcare[…]

A methodological assessment of Risk Analisys methodologies.

      by Marc-Andre Leger, DESS, MASc           Lecturer, Graduate Programs in Governance, Audit and IT security University of Sherbrooke, Quebec (Canada) Summary This article presents a n assessment of Risk Analisys methodologies using criterias. These criteria are applied to several methodologies and whose results are also presented. The methods CRAMM, ÉBIOS and Octave En savoir plus surA methodological assessment of Risk Analisys methodologies.[…]

Why do we need a risk management framework?

Particularly since September 11th 2001, there has been increased interest in risk management in organisations. There have been several initiatives to produce technological risk management frameworks (RMF) as a tool for organisations to better manage risks associated with the use of information systems, with the general desire to reduce risk. On of the most notable En savoir plus surWhy do we need a risk management framework?[…]

Background and litterature review For the CDW Risk Management research project

By MarcAndré Léger, MscA (MIS) Clinical Data warehouses An Electronic Health Record (EHR) is defined as a repository of information regarding the health of a subject of care in computer processable form, stored and transmitted securely, and accessible by multiple authorised users [ISO-20514] [Ledbetter, 2001] [ Bakker, 2004] [ Schloeffel, 2002] [ Rector,1991] [Infoway, 2003]. En savoir plus surBackground and litterature review For the CDW Risk Management research project[…]

Liste des controles ISO 27002 version 2013

5 INFORMATION SECURITY POLICIES 5.1 Management direction for information security 5.1.1 Policies for information security 5.1.2 Review of the policies for information security 6 ORGANIZATION OF INFORMATION SECURITY 6.1 Internal organization 6.1.1 Information security roles and responsibilities 6.1.2 Segregation of duties 6.1.3 Contact with authorities 6.1.4 Contact with special interest groups 6.1.5 Information security in En savoir plus surListe des controles ISO 27002 version 2013[…]

Scénarios de risque génériques de COBIT 5

Portfolio establishment and maintenance 0101 Wrong programmes are selected for implementation and are misaligned with corporate strategy and priorities. 0102 There is duplication between initiatives. Aligned initiatives have streamlined interfaces. 0103 A new important programme creates longterm incompatibility with the enterprise architecture. 0104 Competing resources are allocated and managed inefficiently and are misaligned to business priorities. Programme/projects life cycle management 0201 Failing En savoir plus surScénarios de risque génériques de COBIT 5[…]

On the application of Nash’s Equilibrium to Healthcare Information Risk Management

Track: Privacy, security, confidentiality and protection of healthcare information Marc-André Léger, DESS, MScA (MIS), Université de Sherbrooke, Sherbrooke, Québec, Canada, marcandre@leger.ca Through a case scenario approach, this article seeks to demonstrate the inadequacies of current Risk Assessment Methodologies used today. In particular, Risk Assessment Methodologies used in a Healthcare setting fail to adequatly weigh the En savoir plus surOn the application of Nash’s Equilibrium to Healthcare Information Risk Management[…]

History of an international standard revision from a Canadian perspective: ISO/IEC 17799:2005

This document is intended to provide understanding of the revision process of international standards for educational purposes. This document does not present any information on voting or the results of voting other than what can be found on the Internet. Any views or opinions expressed herein are the sole responsibility of the author. At no En savoir plus surHistory of an international standard revision from a Canadian perspective: ISO/IEC 17799:2005[…]