Healthcare activities and all that are related with it are conducted by people. This single fact has brought up many precautions about patients and about information related with their health. Using information and communication technologies to support this kind of information requires particular attention about what happens, namely about who can use it and for what it can be used. This chapter intends to identify the vulnerabilities that could be explored, using an international security standard to support a proactive attitude in face of potential threats that explore the identified vulnerabilities, damaging organizational information assets. Another intention is the establishment of a basis of references in information security to define a level of risk classification to build a referential to the potential that a given threat has to exploit the vulnerabilities of an asset, preventing damages to personal and organizational property, including information, and also activity continuity.
TopIntroduction
Being often presented as one of the great challenges of societies, the Information and Communication Technologies (ICT) emergence implies profound changes in the vast majority of institutions, not only in its functioning but also in people.
Facing the current context of economic globalization and social, in which a society based on the use of information emerges, it’s important to use appropriate technologies and systems to serve institutions. This information systems and ICT support can and should be used to conduct institutional development.
However, the use of information systems and ICT must be done in order to respond appropriately and must also be consistent with the strategy of the institutions in pursuing its objectives, responding to the Mission of each institution.
As can be noted, the information has seen grow their importance within the institutions, being essential ensuring its widespread use. In this sense the institutions, in view of the challenges and implications that arise from the modernization necessary to its development, require that its employees, experts or not, have the right skills for the use of information systems and ICT to support information needs.
Any modernization solution isn’t only based in information systems or in ICT, but information cannot also be fully achieved if their role isn’t fully understood, and there aren’t people capable of using information systems and ICT by placing them at the service of the institutions.
The quantity and diversity of information that is currently available and easily accessible by virtue of the emergence of an information society supported essentially by information systems and by ICT, have challenges of increasing difficulty for people, organizations and societies. In this context stresses the need to ensure that this information, and simultaneously the information systems and ICT that support the information, are adequately protected.
Many of these challenges involve structural changes in organizations as a factor of sustainability of the information society in the current context of globalization of markets and societies. Those changes can and should involve profound changes in the structure of institutions requesting membership, and the conscious and active participation of all stakeholders.
In this context, the information systems and ICT that support it, can play a key role in organizations and societies competitiveness, essentially its ability to optimize and simplify organizational processes, whether internal or external, boosting the performance of those institutions.
However, it should be noted, that information systems cannot be assumed as a panacea for all problems in institutions, but must be understood in its essence as enhancers of competences of people and of its capacity in the use for the benefit of institutions.
Identically should be assumed ICT, particularly when these are present in abundance and their use becomes increasingly easy, shouldn’t be used as solution for everything that cannot be resolved within the institutions.
The information systems and ICT can and should be applied rationally and according to the organizational needs, if properly identified and supported by the strategy of the institutions.
In this context, the training in information systems and ICT can, if appropriately proportionate and coherent, maximize the performance of people, allowing a reasoned and coherent institutional change with the needs of all stakeholders, like the State, the institutions, the companies or the simple citizen, as a factor of cohesion of the whole system.
However, this new attitude embodies a clear perception of the relevance of information to the organization and the assumption of the need to provide their protection according to their criticality in line with the objectives and strategy. Protect information and systems that support their sharing internally and with the various partners emerges as a key strategic objective in the context where the credibility of the institutions is a critical factor of success in their activity.
This kind of situations arises with particular relevance if are taken into account the fact that the actual society be essentially based on information, what brings new challenges, reflecting impacts of globalization and ICT in customers’ requirements.
Thinking about how to solve those simple problems allows us to note that potential solutions aren’t as easier like initially seeming to be. Mainly because there are two main issues that could affect any possible solution; people, due the ways how they use ICTs, and the information that they support. Those issues are factors that tending to increase the vulnerabilities and consequently the threats that could explore those vulnerabilities.