This article is devoted to an analysis of the security of the automated system of information security threats and discusses features of safety management in health facilities. This article summarizes the experience of the existing work on security analysis, and given recommendations on creation of information security
Keywords:medical institutions, communication channels, redundancy information.
Among the measures to improve the reliability of the safety of medical information systems should be used following the basic techniques and methods of protection:
- Turnaround registration system of primary health care data based on the use of personal media (ISI) [1];
- Compulsory redundancy information stored in the ISI, in the databases of different levels;
- Periodically (preferably daily) update all databases in the information system (this measure excludes the possibility of falsification of medical data «retroactively»);
- Providing access to information in various ways: to access the information for all access to the information recording and singing skilled medical subject to identification and finally the information access authorization for reading the patient;
- To achieve the necessary level of protection of the information from the software to use the facilities of network operating systems.
Protecting information from unauthorized access should be provided by the blocking of access to information:
- For the database — the part of both staff and the tasks of the system, with which the information is required by the functional purpose;
- In the workplace — from users who do not have the necessary permissions to access various information resources;
- Communication channels — from network users and the tasks of the system with which the information is not required again by the functional purpose [2;4].
The modern experience of the problems of information security shows that to achieve the greatest effect with the organization of information security should be guided by several principles [1;2].
The first and most important is the principle of continuous improvement and development of information security: continuous monitoring of the system, identify its weaknesses, potential information leakage and unauthorized access, update and complement the mechanisms of protection depending on the changing nature of internal and external threats, the rationale and implementation in this basis, best practices, methods, and ways to protect information.
Thus, information security cannot be a one-off event [4].
The second is the principle of integrated use of the entire arsenal of available remedies in all structural elements of the production and at all stages of the cycle of information processing [4].
The complex nature of information security due to the actions of criminals. The assertion here that the weapons should be adequate to protect the weapons attack. Moreover, the greatest effect is achieved when all the used tools, methods and events are combined into a single coherent system — information security system. Only in this case there are system properties, not inherent to any of the individual elements of the protection system and the ability to manage the system, reallocate its resources and to apply modern techniques to improve the efficiency of its operation.
The most important conditions of security are legality, adequacy, balancing the interests of individuals and businesses, professionalism representatives of information security services, user training, and their compliance with all established rules of confidentiality, mutual responsibility of staff and management, interaction with state law enforcement agencies without meeting these conditions, no information security system cannot provide the required level of protection [5].
Recommendations for the establishment of information security
Along with the basic requirements of a number of well-established guidelines that will be useful to the creators of information security [5]:
- Remedies should be easy to maintain and " transparent» to the users;
- Each user must have a minimum set of privileges required for operation;
- The ability to disable protection in special circumstances, such as defense mechanisms actually interfere with performance of work [5];
- The independence of the system of protection against the subjects of protection developers should assume that users have the worst intentions (hostile environment) that they will be making a serious mistake and look for ways to circumvent the protection mechanisms [5];
- lack of redundant information in the enterprise of the existence of protection mechanisms [5].
Existing measures should be adequate to protect the probability of this type of threat and the potential damage that might be caused in the event that a threat out (including the cost of protection against it).
Choosing protective measures have to take into account not only the direct costs for the purchase of equipment and software, but also the cost of their implementation, in particular — for training and retraining of staff. An important factor is the compatibility of the new facility with the existing hardware and software structure of the object.
According to experts, organizational activities play a major role in the creation of a reliable mechanism for the protection of information, as the possibility of unauthorized use of confidential information to a large extent due to the technical aspects are not, and malicious acts, negligence, negligence and carelessness of users or security personnel.
Formed by a combination of legal, organizational and engineering — engineering activities results in a proper security policy, as reflected in the concept of information security [5].
The concept is developed on the basis of an analysis of the current state of information security, power, threats and the dynamics of their development. The concept of the protection system is a systematic account of the goals, objectives, principles and means of achieving information security.
The concept of information security should include:
- A general description of the object of protection (description of the composition, functions, and existing technology of information processing);
- The wording of the goals of the protection system, the main objectives of information security and how to achieve goals;
- The major classes of information security threats to be taken into account when designing the security subsystem;
- The basic principles and approaches to the construction of the system of information security measures, methods and means of achieving the objectives of protection.
The concept is an accepted system of official views on the problem of information security and its solutions to meet modern trends of development of information health care facility. It is a methodological basis for policy in the development of practical measures for its implementation.
Currently, well-being and even the lives of many people depend on information security a variety of computer information processing systems, control and management of various objects. Such systems include, and medical information systems [3;5].
Their peculiarity is, first of all, is that they store and process information, comprehensively determines the social status of the person, and this leads to a special form of relationship between those of its forms, and those who use it. So, along with high demands on the reliability of the information should be imposed moral restrictions on the access to it, and the legal responsibility of providing its people.
Any medical officer has overall responsibility (moral, administrative and criminal) for the confidentiality of the information to which they have access in the course of their professional activities [4;5].
From inspection it is clear that information security is a complex task. This is due to the fact that the information environment is a complex multi-dimensional mechanism, which are the components such as electronic hardware, software, personnel.
To solve the problem of information security requires the use of legal, organizational and program- technical measures. Neglect of at least one aspect of this problem can lead to a loss or leakage of information, cost, and its role in modern society becomes more and more important [3;5].
References:
1. Life Safety. Safety of technological processes and production: Health and Safety: Manual. Manual / Kykin PP, Lapin VL, Ponomarev, NL Serduk NI-2nd ed. Corr, and additional.. -M.: Higher School, 2001. -318 C.
2. Life Safety. Textbook for high schools / K. Z. Ushakov, NO Kaledina, BF Kirin, MA Srebreno. Ed. K. Z. Ushakova Moscow: Mosk. State. Horn. University Press, 2000. — 430
3. Life Safety. Textbook for high schools / SV Belov, AV Elias, AF Koziakov etc.; Ed. Ed. SV Belova — M: Vyssh.shk. 2008. — 448 p.
4. Information-analytical systems and technologies in health care and the MLA. «Proceedings of the All-Russian Conference». Krasnoyarsk, 15–17 September 2004 pp. 402–411.
5. Kulikov GB Life Safety: A Textbook for Ing. directions and specials. vyssh. Textbook. institutions. — Wiley books, 2008. — 269 p.
6. Rusak, ON, Malayan KR, Zanko NG Life Safety. Textbook of St. Petersburg, Publishing House «Lan», 2000 448 p.
