Suratose TritilanuntRuaysungnoen SurapolMahidol University2018-12-112019-03-142018-12-112019-03-142016-12-17ACM International Conference Proceeding Series. (2016), 11-162-s2.0-85018302962https://repository.li.mahidol.ac.th/handle/20.500.14594/43445© 2016 ACM. The purpose of this paper is to propose the risk assessment for an IT security system used in a hospital. The process is developed based on the study of standard and best practices of security risk assessment used in information system. The security assessment includes key processes such as Risk Assessment and Vulnerability Verification along with other factors for supporting the development. Results from the experiment at sample hospitals, our tool was able to assess and rate the security risk which reflects the environment of the hospital's information system. This tool was able to simulate some examples of exploitation in order to test system flaws and generate a report to be used as a reference.Mahidol UniversityComputer ScienceConference PaperSCOPUS10.1145/3033288.3033296