System Security Functions: Introduction
- Ernst & Young Security Survey: Almost 50% of respondents rated information security issues as "less than important." (1)
- Part of the development of a client/server system is an analysis of the threats to information security, and possible steps that can be taken to mitigate these threats.
- Information security is defined as ". . . a set of technical and administrative procedures designed to protect data systems against unwarranted disclosure, modification, or destruction and to safeguard the system itself."(2)
Goals are:
- Maintain the integrity of the data under the Program's stewardship
- Make the data available easily to legitimate users
- Ensure the privacy and appropriate use of patient data (2)
Tradeoff: information security and ease of access
(1) Ernst & Young/Information Week, "2nd Annual Information Security Survey," Sept., 1994.
(2) Lawrence O. Gostin, et al., "Privacy and Security of Personal Information in a New Health Care System," Journal of the American Medical Association, 270(20), Nov. 24, 1993, p 2487.
NJ-CIP is funded by a grant provided by the Robert Wood Johnson Foundation. Direct comments and questions to Dr. Noam Arzt, arzt@isc.upenn.edu [7/25/95]
URL: http://www.cip.upenn.edu/cip/cdc/intro.html