Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

A practical application of CMM to medical security capability

A practical application of CMM to medical security capability Purpose – The manner in which information is used and communicated in the medical environment has been revolutionized by the introduction of electronic storage, manipulation and communication of information. This change has brought with it many challenges in information security. This research seeks to propose a practical application, the capability maturity model (CMM), to meet the needs of medical information security practice. Design/methodology/approach – This paper builds on previous work by the author using the Tactical Information Governance for Security model developed for the medical setting. An essential element of this model is the ability to assess current capability of a practice to meet the needs of security and to identify how improvements can be made. Existing CMM models are reviewed to inform construction of an operational framework for capability assessment. Findings – An operational capability framework for assessing security capability in medical practice, based on CMM principles, is presented. An example of the use of this framework is modelled using backup to provide proof of concept. Practical implications – In an environment that is reliant on doctors and non‐technical staff to implement security, an operational framework to improve practice though capability evaluation is needed. The framework presents activities in simple, non‐technical terms and separates these activities into discrete sections resulting in improvement that can be easily managed and implemented. Originality/value – The operational framework developed demonstrates how practical security practice improvement can be achieved in a medical environment, whilst meeting strategic objectives, best practice and external validation. This paper develops this process through exploration and application of existing CMMs. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information Management & Computer Security Emerald Publishing

A practical application of CMM to medical security capability

Information Management & Computer Security , Volume 16 (1): 16 – Mar 21, 2008

Loading next page...
 
/lp/emerald-publishing/a-practical-application-of-cmm-to-medical-security-capability-FktNYhvx1s
Publisher
Emerald Publishing
Copyright
Copyright © 2008 Emerald Group Publishing Limited. All rights reserved.
ISSN
0968-5227
DOI
10.1108/09685220810862751
Publisher site
See Article on Publisher Site

Abstract

Purpose – The manner in which information is used and communicated in the medical environment has been revolutionized by the introduction of electronic storage, manipulation and communication of information. This change has brought with it many challenges in information security. This research seeks to propose a practical application, the capability maturity model (CMM), to meet the needs of medical information security practice. Design/methodology/approach – This paper builds on previous work by the author using the Tactical Information Governance for Security model developed for the medical setting. An essential element of this model is the ability to assess current capability of a practice to meet the needs of security and to identify how improvements can be made. Existing CMM models are reviewed to inform construction of an operational framework for capability assessment. Findings – An operational capability framework for assessing security capability in medical practice, based on CMM principles, is presented. An example of the use of this framework is modelled using backup to provide proof of concept. Practical implications – In an environment that is reliant on doctors and non‐technical staff to implement security, an operational framework to improve practice though capability evaluation is needed. The framework presents activities in simple, non‐technical terms and separates these activities into discrete sections resulting in improvement that can be easily managed and implemented. Originality/value – The operational framework developed demonstrates how practical security practice improvement can be achieved in a medical environment, whilst meeting strategic objectives, best practice and external validation. This paper develops this process through exploration and application of existing CMMs.

Journal

Information Management & Computer SecurityEmerald Publishing

Published: Mar 21, 2008

Keywords: Data security; Medical informatics; Governance; Information systems

References