Skip to main content

Advertisement

Table 8 Indicative gaps identified in the PAUSIL hospital

From: Comprehensive user requirements engineering methodology for secure and interoperable health data exchange

Gap analysis template clause Gap analysis objective Question/security control Current status and gap mitigation
Security Policy Information security policy Does the analysis subject facilitate or promote the idea of information security policy document? A formal information security policy document does not yet exist; however, PAUSIL is planning to introduce operational procedures and policies regarding security.
Physical and environmental security Secure areas Does the analysis subject facilitate or promote protecting against external and environmental threats? Protection against external and environmental threats is not centrally documented/planned.
Usability Effectiveness Does the analysis subject facilitate or promote the operability regarding the respective security aspects? The process of changing user passwords could be improved in terms of usability.
Communications and operations management Media handling Does the analysis subject facilitate or promote management of removable media? No formal procedures are enforced for the management of removable media