Security management for radiological information systems

The purpose of information security management is to guarantee continuity and minimise damage by preventing (or minimising) thè impact of security incidents, in other words to provide a reliable mechanism for information sharing, at thè same time ensuring its confidentiality, integrity and availability. The first goal of security is protecting resources. A general, straightforward approach to security] ] consists of the following basic steps: 1. Identification of resources to be protected. 2. Identification of threats. 3. Identification of vulnerabilities. 4. Assessment of risks. 5. Selection of protective measures, if necessary. This approach can be thè basis of a systematic analytical treatment of computer and communication security in a Radiological Information System (RIS) before addressing thè problem of its integration with a Hospita! Information System (HIS). In order to categorise thè corresponding protective measures, we introduced six distinct security areas to be investigated (Hardware, Software, Network, Regulation, Environment, Personnel). When the security areas we introduced are arranged by their relevance, taking into account thè constraints most commonly faced in a radiological department[2], thè following prioritised lisi results, according to thè specific framework of a radiological organisation: 1. Software security (software threats, software access control, database security). 2. Network security (Communications security, encryption, authentication). 3. Regulatory security (privacy issues, security laws). 4. Personnel security (personnel threats, personnel security techniques). 5. Environmental security (intrusion prevention & detection, information protection). 6. Hardware security (hardware integrity, personal computer security).