<![CDATA[This study examines the security of the E-HOS System at RSUD Ibnu Sina Kab. Gresik, identifying critical threats and vulnerabilities, and offering mitigation strategies. Using qualitative methods, including interviews, observations, and documentation, data was collected from December 2022 to May 2023. The OCTAVE framework revealed 17 potential risk events, with user-related risks being the most significant, showing an RPN as high as 162 for access rights abuse. The study recommends implementing ISO 27001 controls—Access Control, Human Resource Security, and Communications Security—to enhance system security. These findings highlight the importance of robust IT security governance in healthcare settings. Highlight: Critical Risks: 17 events, highest risk in user access rights abuse. Methodology: Used OCTAVE framework, interviews, observations, documentation. Recommendations: Implement ISO 27001 controls: Access Control, HR Security, Communications Security. Keyword: E-HOS System, SIMRS security, OCTAVE method, risk assessment, ISO 27001]]>
Copyrights © 2024
