ISO 27000 Information Security Management System

ISO 27000 Information Security Management System

Carrison K.S. Tong (Pamela Youde Nethersole Eastern Hospital, HK) and Eric T.T. Wong (Hong Kong Polytechnic Institute, Hong Kong)
DOI: 10.4018/978-1-59904-672-3.ch002
OnDemand PDF Download:
$37.50

Abstract

The protection of information for a healthcare organization, in any form, while in storage, processing, or transport, from being available to any organization or person that is neither authorized by its owner to have it nor for patient caring, is the objective of information security management in healthcare. There are many standards on information security management. The international standard for information security management is ISO 27000. The objective of this chapter is to provide an introduction of ISO 27000 and its application in PACS.
Chapter Preview
Top

International Standards On Information Security Management System

The Develop of International Information Security Management Standards

The BS 7799 ISMS was not the first one to be proposed as an ISO standard. The original version, BS 7799:1995 was submitted in the summer of 1996 but was narrowly defeated. Those countries who voted in its favour were not dismayed, however. Australia and New Zealand for example recast it (by changing the UK legislative references to corresponding Australian and New Zealand references) and re-published it as AS/NZS 4444. The Netherlands embraced it wholesale and established a certification scheme, which went live early 1997. This international interest encouraged the British to develop the standard further.

Certification Schemes

Indeed, much to the British chagrin, the Dutch were the first to establish a certification Scheme. It included revolutionary ideas on entry and advanced level certification, and self as well as third party certification. The “advanced level” certification recognized that in real life it might be necessary to apply safeguards other than those listed in BS 7799. BDD/2 applauded this idea, and married it with its own ideas on third party certification to create the “c:cure” scheme.

BS 7799 Part 2

Because BS 7799:1995 was a code of practice, how could an assessor associate a pass or fail verdict? Indeed, if non-BS 7799 controls could be included, how would an assessor know which safeguards were to apply and which were not. The answer lay in the creation of BS 7799 Part 2 which spells out precisely what an organization and the assessor need to do in order to ensure successful certification.

Almost by accident, the creation of Part 2 led to the dramatic conclusion that the concept of an ISMS is perhaps of far greater and fundamental importance than the original Code of Practice. By the inclusion of a variety of feedback loops (as shown in the slide on the right), an ISMS allows managers to monitor and control their security systems thereby minimizing the residual business risk and ensuring that security continues to fulfil the corporate, customer and legal requirements.

Less than two years after its creation, the UK “c:cure” certification scheme found itself challenged by alternative schemes predicated on EA7/03, a document entitled “Guidelines for the Accreditation of Bodies operating Certification/Registration of Information Security Management Systems”. This is a document agreed and recognized throughout Europe and the members of the European co-operation for Accreditation. It has formed the basis of various third party audits undertaken within the USA, mainland Europe, Africa and the UK and is recognized in other parts of the world. In view of the wider acceptance of EA7/03, as of 2nd October 2000, the DTI withdrew its support for c:cure and the effectively the c:cure scheme has been terminated, to be replaced by the internationally accepted norm.

The Creation of ISO/IEC 17799

Following the publication of BS 7799:1999 in April 1991, Part 1 of this new version of the standard was proposed as an ISO standard via the “Fast Track” mechanism in October 1999. The international ballot closed in August 2000, and received the required majority voting. In October 2000, eight minor changes to the BS text were approved and the standard was published as ISO/IEC 17799:2000 on 1st December 2000.

Complete Chapter List

Search this Book:
Reset
Table of Contents
Chapter 1
Introduction  (pages 1-27)
Carrison K.S. Tong, Eric T.T. Wong
Picture archiving and communications system (PACS) is a filmless and computerized method of communicating and storing medical image data such as... Sample PDF
Introduction
$37.50
Chapter 2
Carrison K.S. Tong, Eric T.T. Wong
The protection of information for a healthcare organization, in any form, while in storage, processing, or transport, from being available to any... Sample PDF
ISO 27000 Information Security Management System
$37.50
Chapter 3
Carrison K.S. Tong, Eric T.T. Wong
PACS disasters can, and do, appear in a variety of forms including storage hard disk failure, file corruption, network breakdown, and server... Sample PDF
High Availability Technologies for PACS
$37.50
Chapter 4
Carrison K.S. Tong, Eric T.T. Wong
Fundamental to ISO 27000 (ISO/IEC 27001:2005, 2005) is the concept of an information security management system (ISMS). The information security... Sample PDF
Implementation of Information Security Management System (ISMS)
$37.50
Chapter 5
Carrison K.S. Tong, Eric T.T. Wong
Filmless hospital is transforming at an unprecedented rate. Physicians, nurses, clinicians, pharmacists, radiologists, emergency departments, local... Sample PDF
Planning for a Filmless Hospital
$37.50
Chapter 6
Carrison K.S. Tong, Eric T.T. Wong
More rapidly than any technological advance in medical history, filmless hospital is changing the clinical and business aspects of radiology... Sample PDF
Design of a Filmless Hospital
$37.50
Chapter 7
Carrison K.S. Tong, Eric T.T. Wong
A PACS has tremendous benefits (Bryan, Weatherburn, Watkins, Buxton, 1999) and values outside of radiology as well as internally. The biggest... Sample PDF
Implementation of Filmless Hospital
$37.50
Chapter 8
Carrison K.S. Tong, Eric T.T. Wong
As PACS gains widespread use, the importance of Quality Control (QC), Quality Assurance (QA), and Business Continuity Plan (BCP) in PACS is rising.... Sample PDF
Quality Control, Quality Assurance, and Business Continuity Plan in PACS
$37.50
Chapter 9
PACS Quality Dimensions  (pages 140-153)
Carrison K.S. Tong, Eric T.T. Wong
A large number of studies have attempted to identify the factors that contribute to good PACS quality, such as that shown by Reiner et al (2003).... Sample PDF
PACS Quality Dimensions
$37.50
Chapter 10
Customer Oriented PACS  (pages 154-169)
Carrison K.S. Tong, Eric T.T. Wong
During the early development phase of PACS, its implementation was mainly a matter of the radiology department. This is changing rapidly, and PACS... Sample PDF
Customer Oriented PACS
$37.50
Chapter 11
Carrison K.S. Tong, Eric T.T. Wong
Nowadays it is hard to think of any applications in modern society in which electronic systems do not play a significant role. In aerospace and... Sample PDF
Design for PACS Reliability
$37.50
Chapter 12
Carrison K.S. Tong, Eric T.T. Wong
There are some medical errors for which preventability is rarely questioned. These include medical errors such as wrong site surgery, wrong... Sample PDF
PACS Failure Mode and Effects
$37.50
Chapter 13
Carrison K.S. Tong, Eric T.T. Wong
Economically speaking, it is interesting to see that over the years, the question as to whether PACS is cost-justifiable has not been easier to... Sample PDF
PACS Network Traffic Control
$37.50
Chapter 14
Human Factors and Culture  (pages 225-243)
Carrison K.S. Tong, Eric T.T. Wong
Human factors engineering (HFE) is the science of designing systems to fit human capabilities and limitations. These include limitations in... Sample PDF
Human Factors and Culture
$37.50
Chapter 15
PACS Monitoring  (pages 244-263)
Carrison K.S. Tong, Eric T.T. Wong
The present study advocates the application of statistical process control (SPC) as a performance monitoring tool for a PACS. The objective of... Sample PDF
PACS Monitoring
$37.50
Chapter 16
Carrison K.S. Tong, Eric T.T. Wong
To illustrate the benefits of implementing QM in PACS, a successful case based on the Six Sigma approach is given below. It involves a project... Sample PDF
Quality Management Benefits
$37.50
Chapter 17
Epilogue  (pages 288-297)
Carrison K.S. Tong, Eric T.T. Wong
Today’s filmless radiology through PACS provides greater speed and superior image quality. However, when workflow is encumbered by inefficiencies... Sample PDF
Epilogue
$37.50
Appendix A
Appendix B
Appendix C
About the Authors