摘要
医院信息系统的发展是建立在信息安全、可靠的基础上。文章根据国家及行业信息安全等级保护的标准,结合某三级甲等医院的具体情况,从等级保护测评流程、测评对象、测评方法、测评工具、单元测评、整体测评等方面,对某三甲医院的信息系统等级保护测评方案进行设计。通过测评,发现医院信息系统存在的安全隐患,为该医院信息化建设的下一步整改提供科学、合理的依据。
Development of hospital information system is based on the information security and reliability. According to the standards of national and industry information security classified protection, combining with the specific circumstances of one A-level tertiary hospital, using classified protection evaluation process, evaluation object, evaluation methods, evaluation tools, unit evaluation, overall evaluation and so on, designs information system classified protection testing and evaluation scheme for one A-level tertiary hospital. Through testing and evaluation, hospital information system security risks were found, that provide scientific and reasonable basis for next step of hospital information construction.
引文
[1]郎漫芝,王晖,邓小虹.医院信息系统信息安全等级保护的实施探讨[J].计算机应用与软件,2013,1:206-208.
[2]徐璟璟.医院信息系统安全等级保护[J].信息与电脑(理论版),2015(8):91,93.
[3]GB/T28449-2012.信息安全技术信息系统安全等级保护测评过程指南[S].2012.
[4]GB/T22240-2008.信息安全技术信息系统安全等级保护定级指南[S].2008.
[5]GB/T22239-2008.信息安全技术信息系统安全等级保护基本要求[S].2008.