INFORMATION SECURITY RISK ASSESSMENT USING FACTOR OF ANALYSIS INFORMATION RISK (FAIR) IN THE HEALTHCARE SECTOR: SCOPING REVIEW
Abstract
Risk assessment is an effective way to reduce information technology risks in healthcare facilities by determining the severity of potential dangers and weaknesses affecting each vital data element. This enables appropriate actions to be taken by prioritizing data with the highest risk. However, there is still a lack of research on information security risk assessment using Factor Analysis of Information Risk (FAIR) in healthcare information systems, necessitating further studies to understand its implementation in Indonesia. A 21,939 articles were found in four databases, but only three met the inclusion criteria from Indonesia, Japan, and the United States. These studies focus on risk assessment and management in the healthcare sector, including ISO 27005, cloud ecosystem risk analysis, cybersecurity standards, and IoT risk management for COVID-19. The review stresses the significance of risk assessment and management in the health sector to sustain health facilities amidst policy changes, technological advancements, and globalization. FAIR is vital in determining the likelihood and potential consequences of events that can affect organizations, particularly in the competitive healthcare industry where a secure health information system is necessary for business continuity. Hence, studies must develop methods to reduce information security risks in Healthcare services information systems.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
An author who publishes in the Jurnal Darma Agung agrees to the following terms:
- Author retains the copyright and grants the journal the right of first publication of the work simultaneously licensed under the Creative Commons Attribution-ShareAlike 4.0 License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal
- Author is able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book) with the acknowledgement of its initial publication in this journal.
- Author is permitted and encouraged to post his/her work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of the published work (See The Effect of Open Access).