Currently, hospital information system became popular, but security threats were still serious because of untargeted security solutions and lack of human resources. In order to improve the existing solution and protect the system run smoothly, this paper puts forward a hospital information security model which is suitable for China according to WPDRRC protection model, also some security measures. Then construct an evaluation system by Analytic Hierarchy Process, empower and assess the index of each module. The result shows that hospital should focus on the recovery and protection of data and communication through double offsite backup and router redundancy.%目前,医院信息系统已大规模普及,但由于安全方案无针对性、相关人资缺乏,威胁依然严重存在。本文基于改进现有安全方案,保障系统平稳运行的目的,采用WPDRRC防护模型思想,提出符合中国国情的医院信息安全模型及对应安全措施,通过层次分析法构建系统评估体系,对模块安全指标进行赋权与评估,评估结果表明,医院应使用双异地备份、路由冗余等方式,重点关注数据与通信的恢复与保护。
展开▼
