中山醫學大學機構典藏 CSMUIR:Item 310902500/3710
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 17918/22933 (78%)
造訪人次 : 7490869      線上人數 : 351
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
    •  進階搜尋


    請使用永久網址來引用或連結此文件: https://ir.csmu.edu.tw:8080/ir/handle/310902500/3710


    題名: 建構醫院資訊安全風險管理架構與風險衡量之研究
    Developing a Risk Measurement Framework for Hospital Information Security Management
    作者: 張?昌;孫培然;陳進典
    Chi-Chang Chang;Pei-Ran Sun;Gin-Den Chen
    貢獻者: 中山醫學大學
    關鍵詞: 醫院資訊風險管理;修正期望效用理論;ISO17799;Riskit模式;免參數方法
    Hospital Information Security Risk Management;Non-expected Utility Theory;ISO17799;Riskit Model;Non-parameter Method
    日期: 2010-12-01
    上傳時間: 2011-05-06T07:23:26Z (UTC)
    出版者: 教務處出版組
    摘要: The purpose of this study was to develop a hospital information security risk framework, improve sensitivity toward organizational risk, and improve decision making. This study adopted the ISO17799, which has ten controls items, for risk management. To ensure that the proposed framework was feasible, we conducted a field study to investigate the risk to identification, analyses, measurement and control, respectively. We found that the analysis was in agreement with previous studies and that there was a great diversity in human decision behavior and uncertainty in risky environments. Thus, the proposed framework was able to elicit the real risk attitude of each stakeholder more accurately than the Riskit model. A review of risk experience was able to show clearly the potential incident through its investigation into the risk cognition of stakeholders more in detail. Furthermore, using this study, we were not only able to identify potential risk incident utilizing a non-parameter method, but also were also able to access risk and control losses. We concluded that the proposed framework can reduce information security risk about by considering stakeholders' decision positions and behavior attribute and providing decision makers the effective support need for quality decision making. Finally, the implications of the research findings can be used to investigate similar at risk decision making issues.  
    本研究目的為建構醫院資訊安全風險管理架構,藉以提供醫院組織人員對資訊安全認知的警覺輔助並達成風險有效衡量。研究模式建構係以ISO17799資訊安全標準為實務規劃,並結合修正期望效用理論與Riskit模式為理論基礎;進一步為驗證模式的可行性,本研究以中部某醫學中心推動資訊安全風險計畫為對象進行實地調查。結果顯示,本研究所得與先前學者的探討趨於一致,意即印證人類在面臨風險環境下其決策態度與行為並非是一致的,並且對於風險衡量方面的基數方法咸認為比Riskit模式所使用序數排列更為精確與可靠;本研究所發展的修正模式可以藉由免參數兩階段的偏好選擇,確實且全面地反映出利害關係人的風險態度與決策行為。綜觀醫院資訊安全風險管理的經驗顯示,若能深入調查個別利害關係人對於風險認知的態度,就可以掌握不同階段潛在的風險因素,再利用免參數方法據以衡量潛在的風險事件,即使有非預期危害事件發生亦可以將風險損失加以轉移與控制,進而達成風險管理的目標。由於本研究架構所探討利害關係人的決策態度與行為特性具有一般性的應用價值,可以提供其他資訊安全風險管理領域應用之參考。
    URI: https://ir.csmu.edu.tw:8080/handle/310902500/3710
    關聯: 中山醫學雜誌21:4 民99.12 頁325 -340
    顯示於類別:[教務處] 期刊論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    v21n4p325-340.pdf期刊論文1995KbAdobe PDF603檢視/開啟


    SFX Query

    在CSMUIR中所有的資料項目都受到原著作權保護.

    TAIR相關文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋