Table 2.
The Seven Major Regulation Categories and Related Regulations
| Category Names | Reg. No. | Regulations | Preconsideration | Postconsideration |
|---|---|---|---|---|
| Organizational policy (OP) |
OP.1 |
Information security preventive measures |
GL, OP, UO |
ED, GD |
| |
OP.2 |
Information security management points |
GL, OP, UO |
ED, GD, SD |
| |
OP.3 |
System crash emergent processing guideline |
OP, UO, HS, NS, SS |
ED, GD, SD |
| User obligation (UO) |
UO.1 |
Password operating rules |
OP, UO |
SD, PD |
| |
UO.2 |
Official PC authority points |
OP, UO |
SD, PD |
| |
UO.3 |
Official E-mail utilization points |
OP, UO |
SD |
| Hardware security (HS) |
HS.1 |
IT equipment management regulation |
OP, HS |
PV, UV |
| |
HS.2 |
Computer classroom regulation |
OP, UO, HS |
PV, UV |
| |
HS.3 |
IT environment management points |
OP, HS |
PV, UV |
| |
HS.4 |
PC utilization classification guideline |
OP, HS |
PV, UV |
| |
HS.5 |
Information room management guideline |
OP, HS |
PV |
| |
HS.6 |
Vendor maintenance management guideline |
OP, HS |
PV, UV, DV |
| |
HS.7 |
Vendor recognizance |
OP, HS |
PV, UV |
| Networking security (NS) |
NS.1 |
Network utilization management points |
OP, NS |
PV, UV, DV |
| |
NS.2 |
Network utilization recognizance |
OP, NS |
PV, UV |
| |
NS.3 |
Virtual private network management points |
OP, UO, NS |
PV, UV, DV |
| Software security (SS) |
SS.1 |
Software development and maintenance regulation |
OP, SS, DE, AC |
PV, DV |
| |
SS.2 |
Web site setup operating rules |
OP, UO, SS, DE, AC |
PV, UV, DV |
| |
SS.3 |
PACS user privilege regulation |
OP, UO, SS, DE, AC |
PV, UV, DV |
| |
SS.4 |
HIS user privilege regulation |
OP, UO, SS, DE, AC |
PV, UV, DV |
| Access control (AC) |
AC.1 |
Information security management constrain |
GL, OP, DE, AC |
KA, StdA, AI, SecA |
| |
AC.2 |
Database account management regulation |
OP, HS, NS, SS, AC |
KA, StdA, AI, SecA |
| Data exchange (DE) |
DE.1 |
Data request guideline |
GL, OP, UO, DE, AC |
KA, StdA, SecA |
| |
DE.2 |
Data request recognizance |
GL, OP, UO, DE, AC |
KA |
| |
DE.3 |
EHR request management regulation |
GL, OP, UO, DE, AC |
KA, StdA, SecA |
| |
DE.4 |
EHR request guideline for teaching/research |
GL, OP, UO, DE, AC |
KA, SecA |
| DE.5 | Official PC installing packages guideline | OP, AC | AI, SecA |
AI, application integration; DV, data view; ED, enterprise domain; EHR, electronic health record; GD, generic domain; GL, governmental laws; HIS, health information system; IT, information technology; KA, knowledge acquisition; PACS, picture archiving and communication system; PC, personal computer; PD, portal domain; PV, policy view; StdA, standard adoption; SecA, security auditing; SD, service domain; UV, user view.