Security implementations in the healthcare enterpriseRoland BrillT, Wolfgang LeetzSiemens AG Medical Solutions, P.O. Box3260, 91050 Erlangen, GermanyAbstract. Adequate enterprise security solutions require a broad understanding of security issues aswell as of limitations of technology based solutions. Many threats which are targeted against abusiness can be countered by risk management to efficiently achieve the intended level of security.Protection should start with an analysis of possible threats, an identification of the costs ofcountermeasures and the decision what security tools to use on basis of a cost/benefit analysis. Asthere is no bone size fits allQ-solution, this paper offers a systematic approach how to implementadequate security in the healthcare enterprise. D 2005 CARS & Elsevier B.V. All rights reserved.Keywords: Security; Healthcare enterprise; Risk management1. Pu rposeSecurity can only be achieved through a combination of various processes usingtechnology as a toolbox while taking into account the specifics of the medical domain.Consideration of guiding aspects is necessary to select and apply appropriate security tools.2. Gu iding aspects2.1. Safeguarding the businessThe medical domain is run as a business where decisions are based on external factorslike: what processes are most efficient, how much personnel is required for what tasks,what equipment needs to be bought, and why it is needed. The economical success of thebusiness is driven byo LiabilityLiability is a key factor in an enterprise environment. Most business drivers translateinto financial liability for the enterprise and/or for its employees.0531-5131/ D 2005 CARS & Elsevier B.V. All rights reserved.doi:10.1016/j.ics.2005.03.033T Corresponding ...