Hospital Management Informatiaon System Security Audit Based On ISO 27002:2005 in Jemursari Islamic Hospital
Abstract
Jemursari Islamic Hospital Surabaya is a company which focuses on medical service. This hospital uses Hospital Management Information System (SIMRS) to undergo its business processes. There are obstacles during the implementation of HMIS including: frequent of information leak, the defect of information tools, and the low awareness of information security among the employees. It causes the emerge of some risk such as information misuses, privileges misuse by the unconcerned employees, failure in data processing, even cybercrime or data theft that causes data lost. To overcome those problems, Jemursari Islamic Hospital Surabaya performs information system security audit using ISO 27002:2005 as the best practice in information security. The steps are taken from ISACA steps. The scopes which are checked based on the problems are Human Resource Security, Physical and Environmental Security, Information System Access Control and Acquisition, Development and Maintenance. The management information system security audit produces maturity level 3,47 which is in defined category. It shows that most of information system security processes already have rules and routinely implemented. This research also produce a recommendation to improve the processes of HMIS in Jemursari Islamic Hospital Surabaya.
Full Text:
PDFRefbacks
- There are currently no refbacks.