Cover Image

Adopting ISO/IEC 27005:2011-based risk treatment plan to prevent patients data theft

The concern raised in late 2017 regarding 46.2 million mobile device subscriber's data breach had the Malaysian police started an investigation looking for the source of the leak. Data security is very important to protect the assets or information by providing its confidentiality, integrity, a...

Full description

Saved in:
Bibliographic Details
Main Authors: Hamit, Laura Cassandra, Md. Sarkan, Haslina, Mohd. Azmi, Nurulhuda Firdaus, Mahrin, Mohd. Naz’ri, Chuprat, Suriayati, Yahya, Yazriwati
Format: Article
Language:English
Published: Insight Society 2020
Subjects:
T Technology (General)
Online Access:http://eprints.utm.my/id/eprint/93635/1/HaslinaMdSarkan2020_AdoptingISOIEC270052011BasedRiskTreatment.pdf
http://eprints.utm.my/id/eprint/93635/
http://dx.doi.org/10.18517/ijaseit.10.3.10172
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.93635
record_format eprints
spelling my.utm.936352021-12-31T08:45:12Z http://eprints.utm.my/id/eprint/93635/ Adopting ISO/IEC 27005:2011-based risk treatment plan to prevent patients data theft Hamit, Laura Cassandra Md. Sarkan, Haslina Mohd. Azmi, Nurulhuda Firdaus Mahrin, Mohd. Naz’ri Chuprat, Suriayati Yahya, Yazriwati T Technology (General) The concern raised in late 2017 regarding 46.2 million mobile device subscriber's data breach had the Malaysian police started an investigation looking for the source of the leak. Data security is very important to protect the assets or information by providing its confidentiality, integrity, and availability not only in the telecommunication industry but also in other sectors. This paper attempts to protect the data of a patient-based clinical system by producing a risk treatment plan for its software products. The existing system is vulnerable to information theft, insecure databases, poor audit login, and password management. The information security risk assessment consisting of identifying risks, analyzing, and evaluating them were conducted before a risk assessment report is written down. A risk management framework was applied to the software development unit of the organization to countermeasure these risks. ISO/IEC 27005:2011 standard was used as the basis for the information security risk management framework. The controls from Annex A of ISO/IEC 27001:2013 were used to reduce the risks. Thirty risks have been identified, and seven high-level risks for the product have been recognized. A risk treatment plan focusing on the risks and controls has been developed for the system to reduce these risks to secure the patient's data. This will eventually enhance the information security in the software development unit and, at the same time, increase awareness among the team members concerning risks and the means to handle them. Insight Society 2020 Article PeerReviewed application/pdf en http://eprints.utm.my/id/eprint/93635/1/HaslinaMdSarkan2020_AdoptingISOIEC270052011BasedRiskTreatment.pdf Hamit, Laura Cassandra and Md. Sarkan, Haslina and Mohd. Azmi, Nurulhuda Firdaus and Mahrin, Mohd. Naz’ri and Chuprat, Suriayati and Yahya, Yazriwati (2020) Adopting ISO/IEC 27005:2011-based risk treatment plan to prevent patients data theft. International Journal on Advanced Science, Engineering and Information Technology, 10 (3). pp. 914-919. ISSN 2088-5334 http://dx.doi.org/10.18517/ijaseit.10.3.10172
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
language English
topic T Technology (General)
spellingShingle T Technology (General)
Hamit, Laura Cassandra
Md. Sarkan, Haslina
Mohd. Azmi, Nurulhuda Firdaus
Mahrin, Mohd. Naz’ri
Chuprat, Suriayati
Yahya, Yazriwati
Adopting ISO/IEC 27005:2011-based risk treatment plan to prevent patients data theft
description The concern raised in late 2017 regarding 46.2 million mobile device subscriber's data breach had the Malaysian police started an investigation looking for the source of the leak. Data security is very important to protect the assets or information by providing its confidentiality, integrity, and availability not only in the telecommunication industry but also in other sectors. This paper attempts to protect the data of a patient-based clinical system by producing a risk treatment plan for its software products. The existing system is vulnerable to information theft, insecure databases, poor audit login, and password management. The information security risk assessment consisting of identifying risks, analyzing, and evaluating them were conducted before a risk assessment report is written down. A risk management framework was applied to the software development unit of the organization to countermeasure these risks. ISO/IEC 27005:2011 standard was used as the basis for the information security risk management framework. The controls from Annex A of ISO/IEC 27001:2013 were used to reduce the risks. Thirty risks have been identified, and seven high-level risks for the product have been recognized. A risk treatment plan focusing on the risks and controls has been developed for the system to reduce these risks to secure the patient's data. This will eventually enhance the information security in the software development unit and, at the same time, increase awareness among the team members concerning risks and the means to handle them.
format Article
author Hamit, Laura Cassandra
Md. Sarkan, Haslina
Mohd. Azmi, Nurulhuda Firdaus
Mahrin, Mohd. Naz’ri
Chuprat, Suriayati
Yahya, Yazriwati
author_facet Hamit, Laura Cassandra
Md. Sarkan, Haslina
Mohd. Azmi, Nurulhuda Firdaus
Mahrin, Mohd. Naz’ri
Chuprat, Suriayati
Yahya, Yazriwati
author_sort Hamit, Laura Cassandra
title Adopting ISO/IEC 27005:2011-based risk treatment plan to prevent patients data theft
title_short Adopting ISO/IEC 27005:2011-based risk treatment plan to prevent patients data theft
title_full Adopting ISO/IEC 27005:2011-based risk treatment plan to prevent patients data theft
title_fullStr Adopting ISO/IEC 27005:2011-based risk treatment plan to prevent patients data theft
title_full_unstemmed Adopting ISO/IEC 27005:2011-based risk treatment plan to prevent patients data theft
title_sort adopting iso/iec 27005:2011-based risk treatment plan to prevent patients data theft
publisher Insight Society
publishDate 2020
url http://eprints.utm.my/id/eprint/93635/1/HaslinaMdSarkan2020_AdoptingISOIEC270052011BasedRiskTreatment.pdf
http://eprints.utm.my/id/eprint/93635/
http://dx.doi.org/10.18517/ijaseit.10.3.10172
_version_ 1720980102992363520
score 13.211869

Similar Items