医院信息系统安全风险规避管理策略研究

华中科技大学硕士学位论文医院信息系统安全风险规避管理策略研究姓名：祝敬萍申请学位级别：硕士专业：社会医学与卫生事业管理指导教师：方鹏骞2008050112===3===4StudyonRiskPreventionManagementStrategyforHospitalInformationSystemSecurityCandidate:JingpingZhuSupervisor:Prof.PengqianFangABSTRACTObjective:Onthebasisofunderstandingthestatusquoofinformationsystemsecurityriskathomeandabroad,tofurtherclarifyriskandproblemofhospitalinformationsystemsecuritythatalreadyexistedinourcountry,usingforreferenceoffeasiblefeatureinpreventionstrategyofinformationsystemsecurityriskthatalreadyexisted,puttingforwardpossiblemeasuresandstrategytopreventsecurityriskofhospitalinformationsystemfromangleofmanagement,providingreferencefordecision-makingandsystemsecurityadministratortocarryoutriskpreventionmanagementofinformationsystemsecuritybetter.Methods:1.DocumentRetrievalandinformationanalysis:Themethodisthroughcollection,identification,trimmingdocumentsandconductingresearchtoformascientificunderstandingoffacts.Inthispaper,onthebasisofconsultingrelevanttheoryandpracticalprogressaboutsystemsecurityandmanagementstrategyofriskprevention,summedupsomeofwhatcandrawon,ascertainedtarget,content,methods,questionnairesandinterviewoutlineofthisstudy.2.Statisticalanalysisofdescription:Themethodiscalculatedbystatisticalchartsanddatadistributionofsamplestounderstanddistributioncharacteristicsofobservations.Inthispaper,usedthismethodtosumupandanalyzebasicsituationofsurveyhospitalsandthecrowd,staffingandtrainingofsystemsecurityetc.Chi-squaretestwasusedonappraisementofabilitytoprotectsystemsafetyandsecurityproduct,perceivedifferencesofsufficientdegreeofinvestmentfundsfordifferentgroupsofthepersonnelofhospitalinformationbureau.3.Principalcomponentanalysis:Itisstatisticalmethodofmeltingmanyvariablesintoafewunrelatedcomprehensivevariables,fromrelationshipbetweenmanyvariables,usingthinkingofreducingdimension.Themethodwasusedonmanyriskfactorsimpactingsystemsecurityinthisstudy.4.Scenetypicalinvestigation:Itisamethodofsystematicsurveyselectingrepresentativeareasororganizationsaccordingtocontentandpurposeofthestudy.Inthispaper,thismethodwasused,conductinginvestigationonthepersonnelofhospitalinformationbureauandpersonnelthatusinghospitalinformationsubsystems.Atotalof5sevenhospitalsincitiesofWuhanandEzhou,threehundredsandthirtypeoplewereinvestigatedinthisstudy.5.Themethodofsociologyqualitativeresearch:Itisamethodcarryingthroughdeepleveldiscussionaboutindicatorswhichunabletoquantifyorinformationwhichunabletoaccessdirectlybyquestionnaire.Inthispaper,specialtopicgroupdiscussionwasused,invitingmanyfieldsofexpertsininformationmanagement,healthstatisticsetc.probingintoimplementationschemeanddataanalysismethodsofthisstudy.Personalsemi-structuredinterviewwasusedonkeypeople,probingintorelevantexperienceandproblemsaboutriskpreventionmanagementofhospitalinformationsystemsecurity.Resultsandanalysis:1.TheanalysisforpersonneldeployingandworkofdividinginthefieldofhospitalinformationsystemsecurityHospitalinformationsystemsecurityincludesmanyaspects,suchashardware,software,network,database,systemroomsandsoon.Systemsecurityiscarriedthroughundertheunifiedleadershipofmanagementdeaninthisfieldanddirectorofinformationbureau.Thereisonlyonepersonormoreresponsibleformanagementofsecurityincertainaspectinsomehospitals,butthereisonlyonepersonshouldberesponsibleforvariousaspectsofsecurityinotherhospitals.Whenserioussecurityincidentshappened,manyaspectsofpeoplewhoareresponsibleforsystemsecuritycooperatewitheachothertosolvethem.Insomehospitals,tasksofsystemsecuritymanagersaretooheavy,academicqualificationsareonthelowside,specialtiesarenotveryconsistentwithsystemsecuritymanagement,organizationalstructureofsystemsecuritymanagementisnotperfectenough,lackofcommunicationandharmonizationbetweenmulti-sectors2.TheanalysisforpersonneltrainingofhospitalinformationsystemsecurityTherearesomehospitalswhoarenotgivenenoughattentiontosecuritytrainingofsystem,thecontentandmethodsoftrainingarenotveryaffluentin,selectingoftrainingtimeandfrequencyisnotverysuitable,traininginvestmentisnotveryenough,theeffectoftrainingisnotverygood.3.TheanalysisforsecurityriskofhospitalinformationsystemThereareinternalandexternalsourcesofsystemsecurityrisk,whichmostlycomesfromfiveaspectsofdata,network,hardware,software,systemrooms.Thebetterwayofdetectingsecurityriskofsystemismonitoredbysystemadministratororsecurityproducts,buttherearestillsomehospitalswhichfinditbyanalysisafteraccidentorbysuddenness4.Theanalysisforselectingriskpreventionmeasuresofhospitalinformationsystemsecurityavailably.Thereareplaceswhichshouldbeimprovedoninselectingsecuritymeasuresavailablyinhospital,suchassystemarchitecture,thelevelofoperatingsystem,thelevelofsystem,data,network,managementandtechnology,andsoon.65.TheanalysisforappraisementofabilitytoprotectsystemsafetyandsecurityproductThemajorityofpeopleconsiderthatabilitytoprotectsystemsecurityintheirhospitalsisnotveryhigh.Inthepersonnelofhospitalinformationbureau,differentonesofagedistribution(?2=9.033,P=0.046),differentonesofacademiclevel(?2=10.189,P=0.023),onesofdifferentwor