Омский научный вестник (Nov 2021)
Methodology for determining actual threats to information security in medical information system
Abstract
In this article based on the processing of statistical data from various electronic resources the most frequent types of threats to information security (UBI) for medical information systems (MIS) are identified and their classification is carried out. The issues of determining the actual UBI when creating MIS that process personal data using a specific technology of expert assessment are considered. The proposed methodology for determining actual threats to information security for MIS, in comparison with those used, eliminates subjective assessments that are a characteristic feature of traditional expert assessments. Its use also makes it possible to assess the relevance of information security threats for MIS that do not have qualified specialists in the field of information security in the staff of a medical institution, which is relevant for a large number of medical institutions. The authors investigate the practical possibilities of using the theory of fuzzy sets and fuzzy logic in determining the actual UBI for MIS for various purposes.
Keywords
