The small hospital information security analysis- Employees and Expert opinion

• Main Authors: CHENG,TSUNG-PANG, 鄭宗邦
• Other Authors: Mei-Hsiang Wang
• Format: Others
• Language: zh-TW
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/4m7j8q

碩士 === 南臺科技大學 === 資訊管理系 === 104 === ABSTRACT The medical institutions own the most sensitive personal information which the general public cares about, therefore, the related information security is an important issue to medical institutions. This study is based on the idea of NIST SP800-16 ”ABC’s of Information Technology Security” to set up the information security awareness scale to analyze the degree of awareness on information security from the viewpoints of the professional and the employees, furthermore, to summarize and compile the information security gap of the medical institutions. From the data analysis and radar chart of this study we learned that medical institution employees to the awareness on information security is not as good as the professional expected. This study found that: (1) The female nurses, due to busy at the nursing job, usually ignored the importance of the information security. (2) Different positions also affect the awareness of information security. The radar chart indicated medical doctors and administrative personnel have better awareness on information security than that of the nursing personnel. In other word, the management personnel have better awareness to security aspect than that of the others. (3) To analyze the experience from the radar chart, those who have just started the medical career are more cautious on different items of the information security aspect, and as the working years increased, such caution is reduced tremendously. When the employees are promoted to the management level, the awareness to information security will break the starting years. In conclusion, related study data indicated that the information security gap at the medical institution was caused by “employees”. People are the essential factor caused the information security incidents, only a small error can have significant impact and cause great loss to the hospitals. Therefore, to strengthen up the information security awareness of the medical personnel is the first step the medical institution shall take to protect the information security.