DIN EN ISO 27799-2008 健康信息学.使用ISO/IEC27002的健康信息安全管理
作者:标准资料网 时间:2024-05-11 01:36:23 浏览:8765
来源:标准资料网
下载地址: 点击此处下载
【英文标准名称】:Healthinformatics-InformationsecuritymanagementinhealthusingISO/IEC27002(ISO27799:2008);EnglishversionofDINENISO27799:2008-10
【原文标准名称】:健康信息学.使用ISO/IEC27002的健康信息安全管理
【标准号】:DINENISO27799-2008
【标准状态】:现行
【国别】:德国
【发布日期】:2008-10
【实施或试行日期】:
【发布单位】:德国标准化学会(DE-DIN)
【起草单位】:
【标准类型】:()
【标准水平】:()
【中文主题词】:代码表示;危险;数据处理;数据保护;数据安全;定义;英语;信息交换;信息技术;医疗信息学;医学科学;计划;资料保护;公共卫生;安全;安全管理;使用
【英文主题词】:Codedrepresentation;Danger;Dataprocessing;Dataprotection;Datasecurity;Definition;Definitions;Englishlanguage;Informationinterchange;Informationtechnology;Medicalinformatics;Medicalsciences;Planning;Protectionofinformation;Publichealth;Risk;Safety;Securitymanagement;Use
【摘要】:ThisInternationalStandarddefinesguidelinestosupporttheinterpretationandimplementationinhealthinformaticsofISO/IEC27002andisacompaniontothatstandard2).ThisInternationalStandardspecifiesasetofdetailedcontrolsformanaginghealthinformationsecurityandprovideshealthinformationsecuritybestpracticeguidelines.ByimplementingthisInternationalStandard,healthcareorganizationsandothercustodiansofhealthinformationwillbeabletoensureaminimumrequisitelevelofsecuritythatisappropriatetotheirorganization'scircumstancesandthatwillmaintaintheconfidentiality,integrityandavailabilityofpersonalhealthinformation.ThisInternationalStandardappliestohealthinformationinallitsaspects,whateverformtheinformationtakes(wordsandnumbers,soundrecordings,drawings,videoandmedicalimages),whatevermeansareusedtostoreit(printingorwritingonpaperorelectronicstorage)andwhatevermeansareusedtotransmitit(byhand,viafax,overcomputernetworksorbypost),astheinformationmustalwaysbeappropriatelyprotected.ThisInternationalStandardandISO/IEC27002takentogetherdefinewhatisrequiredintermsofinformationsecurityinhealthcare;theydonotdefinehowtheserequirementsaretobemet.Thatistosay,tothefullestextentpossible,thisInternationalStandardistechnology-neutral.Neutralitywithrespecttoimplementingtechnologiesisanimportantfeature.Securitytechnologyisstillundergoingrapiddevelopmentandthepaceofthatchangeisnowmeasuredinmonthsratherthanyears.Bycontrast,whilesubjecttoperiodicreview,standardsareexpectedonthewholetoremainvalidforyears.Justasimportantly,technologicalneutralityleavesvendorsandserviceprovidersfreetosuggestnewordevelopingtechnologiesthatmeetthenecessaryrequirementsthatthisInternationalStandarddescribes.Asnotedintheintroduction,familiaritywithISO/IEC27002isindispensableforanunderstandingofthisInternationalStandard.1.2ScopeexclusionsThefollowingareasofinformationsecurityareoutsidethescopeofthisInternationalStandard:a)methodologiesandstatisticaltestsforeffectiveanonymizationofpersonalhealthinformation;b)methodologiesforpseudonymizationofpersonalhealthinformation(seebibliographicReference[10]foranexampleofanISOTechnicalSpecificationthatdealsspecificallywiththissubject);c)networkqualityofserviceandmethodsformeasuringavailabilityofnetworksusedforhealthinformatics;d)dataquality(asdistinctfromdataintegrity).
【中国标准分类号】:C07
【国际标准分类号】:35_240_80
【页数】:66P.;A4
【正文语种】:英语
【原文标准名称】:健康信息学.使用ISO/IEC27002的健康信息安全管理
【标准号】:DINENISO27799-2008
【标准状态】:现行
【国别】:德国
【发布日期】:2008-10
【实施或试行日期】:
【发布单位】:德国标准化学会(DE-DIN)
【起草单位】:
【标准类型】:()
【标准水平】:()
【中文主题词】:代码表示;危险;数据处理;数据保护;数据安全;定义;英语;信息交换;信息技术;医疗信息学;医学科学;计划;资料保护;公共卫生;安全;安全管理;使用
【英文主题词】:Codedrepresentation;Danger;Dataprocessing;Dataprotection;Datasecurity;Definition;Definitions;Englishlanguage;Informationinterchange;Informationtechnology;Medicalinformatics;Medicalsciences;Planning;Protectionofinformation;Publichealth;Risk;Safety;Securitymanagement;Use
【摘要】:ThisInternationalStandarddefinesguidelinestosupporttheinterpretationandimplementationinhealthinformaticsofISO/IEC27002andisacompaniontothatstandard2).ThisInternationalStandardspecifiesasetofdetailedcontrolsformanaginghealthinformationsecurityandprovideshealthinformationsecuritybestpracticeguidelines.ByimplementingthisInternationalStandard,healthcareorganizationsandothercustodiansofhealthinformationwillbeabletoensureaminimumrequisitelevelofsecuritythatisappropriatetotheirorganization'scircumstancesandthatwillmaintaintheconfidentiality,integrityandavailabilityofpersonalhealthinformation.ThisInternationalStandardappliestohealthinformationinallitsaspects,whateverformtheinformationtakes(wordsandnumbers,soundrecordings,drawings,videoandmedicalimages),whatevermeansareusedtostoreit(printingorwritingonpaperorelectronicstorage)andwhatevermeansareusedtotransmitit(byhand,viafax,overcomputernetworksorbypost),astheinformationmustalwaysbeappropriatelyprotected.ThisInternationalStandardandISO/IEC27002takentogetherdefinewhatisrequiredintermsofinformationsecurityinhealthcare;theydonotdefinehowtheserequirementsaretobemet.Thatistosay,tothefullestextentpossible,thisInternationalStandardistechnology-neutral.Neutralitywithrespecttoimplementingtechnologiesisanimportantfeature.Securitytechnologyisstillundergoingrapiddevelopmentandthepaceofthatchangeisnowmeasuredinmonthsratherthanyears.Bycontrast,whilesubjecttoperiodicreview,standardsareexpectedonthewholetoremainvalidforyears.Justasimportantly,technologicalneutralityleavesvendorsandserviceprovidersfreetosuggestnewordevelopingtechnologiesthatmeetthenecessaryrequirementsthatthisInternationalStandarddescribes.Asnotedintheintroduction,familiaritywithISO/IEC27002isindispensableforanunderstandingofthisInternationalStandard.1.2ScopeexclusionsThefollowingareasofinformationsecurityareoutsidethescopeofthisInternationalStandard:a)methodologiesandstatisticaltestsforeffectiveanonymizationofpersonalhealthinformation;b)methodologiesforpseudonymizationofpersonalhealthinformation(seebibliographicReference[10]foranexampleofanISOTechnicalSpecificationthatdealsspecificallywiththissubject);c)networkqualityofserviceandmethodsformeasuringavailabilityofnetworksusedforhealthinformatics;d)dataquality(asdistinctfromdataintegrity).
【中国标准分类号】:C07
【国际标准分类号】:35_240_80
【页数】:66P.;A4
【正文语种】:英语
下载地址: 点击此处下载