- 學位論文
醫療業雲端資訊安全成熟度模式之建構 - 以C醫院為例
Constructing the Maturity Model of Information Security in the Cloud Environment for Medical Industry – Evidences from Hospital C
摘要
隨著雲端運算技術的進步,企業、政府、甚至是個人都面臨全新的變革,當巨量資料存放在雲端背後,雖然為企業帶來龐大商機,但同時也需要在使用雲端相關應用時考慮資訊安全的議題,且為因應雲端環境各種資訊安全威脅與風險,政府、企業與個人在採用雲端運算與服務時,應該要有一套雲端資安成熟度評估機制。現今關於雲端運算與相關服務的研究,大多著重在資訊治理架構,對於專屬於醫療業的雲端資安成熟度模式,則不多見,至於資訊安全成熟度,雖然有一些國際組織提出相關的評估機制,但雲端上的資安環境並不能完全套用在傳統環境,雲端安全聯盟在2013年提出一套雲端資安成熟度的評估機制,卻沒有針對不同的產業特性做匹配。 本研究擬對我國的醫療產業進行雲端資安成熟度評估模式進行實證研究,希望設計出屬於醫療業的雲端資安成熟度評估量表、雲端資安成熟度評估模式與分級制度,並建議各資安等級適合的雲端技術與服務,最後尋找一家願意配合的醫院以案例實證方式驗證這套機制的可行性,希望本研究的研究成果能協助醫療業面對雲端技術與服務時,能做出正確的決策。研究結果如下: 1.「資料治理」、「人員資訊素養」、「資訊安全」及「安全架構」對於醫療業雲端資訊安全具有顯著的正相關 2.「雲端服務法律」對於醫療業雲端資訊安全並無顯著的影響 3.「工作單位」、「職務類別」對於醫療業雲端資訊安全並不存在干擾效果。
並列摘要
With the advancement of cloud computing services, enterprises, government, and even individuals are facing with new changes. With the massive amount of information stored in the cloud environment, although it brings huge business opportunities for enterprises, but also it needs to consider the issue of information security while using cloud computing applications. To cope with all kinds of information security threats and risks in the cloud computing environment, governments, enterprises and individuals should have a set of cloud information security maturity model when using cloud services. Current studies on cloud computing and related services are mostly focused on IT governmance framework and are rare of studies exclusively for medical industry maturity model of information security in the cloud environment. As for information security maturity, although serveral international organizations propose correlated evaluation maturity models, but the cloud information security environment can not be fully applied in the traditional information security environment. Cloud Security Alliance proposed a maturity model of information security for the cloud environment in 2013, but did not match for different characteristics of the industry. This study will conduct an empirical study to construct the maturity model of information security for the medical industry. It is expected that aforementioned measurement scale, model and classification mechanism can really work in the medical industry. Finally, this study will conduct the case study from one hospital which is willing to cooperate with this study and verify the the feasibility of this model. The research findings can be beneficial for information security decision-making for IT managers of the medical industry to do the right decisions under the environment of cloud computing services. The research findings include: 1.The data governance, human resources information literacy, information security, and the security architecture are significantly related to the cloud information security for the medical industry. 2.The legal are insignificant in the cloud information security for the medical industry. 3.There are no interference effects between department and job category in the cloud information security for the medical industry.
參考文獻
被引用紀錄
延伸閱讀
- 張瑞君(2015)。具資料品質框架雲端醫療資訊系統之驗證〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/CYCU.2015.00197
- 張文信、毛政賢(2014)。醫院雲端醫療與智慧決策的推展與未來。醫療品質雜誌,8(3),27-33。https://www.airitilibrary.com/Article/Detail?DocID=a0000532-201405-201408080011-201408080011-27-33
- 張冠群(2012)。醫療產業導入雲端服務關鍵成功因素之研究〔碩士論文,國立臺北科技大學〕。華藝線上圖書館。https://doi.org/10.6841/NTUT.2012.00603
- 周孟哲(2012)。發展在行動設備上之雲端醫療候診查詢系統〔碩士論文,國立虎尾科技大學〕。華藝線上圖書館。https://doi.org/10.6827/NFU.2012.00114
- 胡雅瑩(2011)。Applying Knowledge Management Technology to Enhance and Improvement on the Supply Chain Performance and Quality -The case of a medical institution〔碩士論文,台南應用科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0098-0106201122445400