magistrsko delo
Abstract
Z vidika dejavnosti, ki jo opravljajo, imajo javni zavodi s področja lekarniške dejavnosti opravka z občutljivimi osebnimi podatki, ki so izpostavljeni raznim grožnjam in posledično varnostnim incidentom, ki lahko resno ogrozijo njih zaupnost, celovitost ali razpoložljivost. Pri tem so pomembni vsi trije vidiki, saj oslabitev enega vpliva tudi na druga dva.
Zato moramo pristopati k varovanju informacij celovito, kar dosežemo z uvedbo menedžmenta informacijske varnosti po enem od standardov oz. dobro prakso s področja informacijske varnosti.
Resnosti groženj, ki pretijo osebnim podatkom, se zavedajo tudi vlade širom sveta, kar dokazujejo s sprejeto zakonodajo. Z ustreznimi zakonskimi akti, sprejetimi na nacionalnem nivoju, urejajo področje varovanja osebnih podatkov, zagotavljanje skladnosti z njimi pa zahteva od zavodov uvedbo sistema upravljanja informacijske varnosti. Vendar bi moralo zdravstvene zavode vsaj toliko kot sankcije zaradi neskladnosti z zakonodajo skrbeti izguba ugleda oz. zaupanja in poslovna škoda, odvisno od vrste varnostnega incidenta, ki bi se zgodil.
Zato je cilj te magistrske naloge, da s predstavitvijo rezultatov raziskav o varnostnih incidentih, ki so jih izvedle razne organizacije v svetu in pri nas, prikažemo izpostavljenost informacij oz. občutljivih osebnih podatkov grožnjam, ki samo čakajo, da izkoristijo ranljivosti. S cilji, ki smo si jih zastavili za teoretični del, želimo prikazati širino področja informacijske varnosti in nakazati poti in rešitve za obvladovanje situacije, seveda v dopuščenih okvirjih.
Zato v teoretičnem delu naloge predstavimo osnovne področja informacijske varnosti, zakonodajo, ki ureja področje varovanja osebnih podatkov, standarde oz. dobre prakse za menedžment informacijske varnosti, stanje na področju informacijske varnosti v svetu in pri nas, predstavimo rezultate raziskave s področja informacijske varnosti, ki smo jo opravili med lekarniškimi zavodi ter nazadnje prikazali model sistema upravljanja informacijske varnosti po standardu ISO 27001:2013, ki je primeren za vse javne zavode s tega področja.
Magistrsko nalogo zaključimo s predstavitvijo rezultatov raziskave, ki smo jo izvedli na vzorcu lekarniških zavodov s ciljem ugotoviti oz. ovrednotiti uvedenost menedžmenta informacijske varnosti v slovenskih lekarniških zavodih.
Keywords
poslovna informatika;informacijska tehnologija;podatki;informacijska varnost;upravljanje tveganj;lekarne;
Data
Language: |
Slovenian |
Year of publishing: |
2016 |
Typology: |
2.09 - Master's Thesis |
Organization: |
UM EPF - Faculty of Economics and Business |
Publisher: |
[P. Gabrijan] |
UDC: |
004.056:005.334(043.2) |
COBISS: |
12371484
|
Views: |
870 |
Downloads: |
83 |
Average score: |
0 (0 votes) |
Metadata: |
|
Other data
Secondary language: |
English |
Secondary title: |
Information security management in public pharmacy |
Secondary abstract: |
From the perspective of the work they are carrying out, public institutes in the field of pharmacy deal with sensitive personal data which is exposed to many threats and security incidents that can seriously harm their confidentiality, integrity, or availability. Hereby all three aspects are important, since the harming of one influences the other two.
Therefore protection of information must be approached integrally, which can be achieved with the implementation of information security management according to one of the norms or good practices in the field of IT security.
Governments all over the world are aware of the seriousness of threats to personal data and they prove this by adopting laws. With suitable legal acts on national level they regulate personal data protection, and the conformity with these acts requires the institutes to implement an information security management system. The institutes should worry about the loss of reputation or trust, and the business damage depending on the occurred security incident as much as they do about the sanctions due to unconformity with the law.
Therefore the aim of this master's thesis is to show the exposure of information or sensitive personal data to threats that are only waiting to abuse their sensitivity. This is done with the presentation of results of the security incidents researches made by various organisations worldwide and in Slovenia. With the aims set for the theoretical part, we want to show the broadness of the field of IT security and show the path and solutions to control situations within the legal framework.
The theoretical part of this thesis deals with the essentials of IT security, the laws dealing with information security, the situation in the field of information security in the world, with the norms or good practices for the information security management internationally and nationally, the results of research in the field of information security that were made in pharmacies and the presentation of the model of an information security management system according to the norm ISO 27001:2013, suitable for all institutions in this field.
We end the master's thesis with the presentation of the research that was carried out on a sample of pharmacies in order to find out or assess the implementation of information security management in Slovenian pharmacies. |
Secondary keywords: |
Sensitive personal data;security incident;information security management;information system security management;risk management; |
URN: |
URN:SI:UM: |
Type (COBISS): |
Master's thesis |
Thesis comment: |
Univ. v Mariboru, Ekonomsko-poslovna fak. |
Pages: |
[VI], 113 str. |
ID: |
9136549 |