TY - GEN
T1 - An approach for developing comparative security metrics for healthcare organizations
AU - Jafari, Said
AU - Mtenzi, Fredrick
AU - Fitzpatrick, Ronan
AU - O'Shea, Brendan
PY - 2009
Y1 - 2009
N2 - Information sharing among different healthcare organizations is critical for efficient and cost effective healthcare service delivery. Isolated information systems need to be interconnected to ensure information exchange. Interconnectivity increases exposure to risk of damage, loss and fraud. Security and privacy of patients' information are concerns of all healthcare organizations. These concerns hinder the willingness to share data across different organizations. An objective assessment of organizational security posture is required in order to build trust among interconnected systems. Security metrics are a collection of several measurements taken at different points in time, compared against baselines and interpreted to reveal an understanding. They provide insight, improve performance and accountability, and can reveal the overall security posture of organization. The current security assessment practices focus either on measuring security programme effectiveness, auditing or assessment of individual information systems components like networks and software. These practices are not sufficient to reveal the overall security posture of organization. Also, their assessment results are not meaningfully comparable among different organizations. In this paper we propose an approach for developing security metrics to be used for assessing security posture of healthcare organizations. The metrics for this approach shall not be tailored to any specific organization to ensure comparable results.
AB - Information sharing among different healthcare organizations is critical for efficient and cost effective healthcare service delivery. Isolated information systems need to be interconnected to ensure information exchange. Interconnectivity increases exposure to risk of damage, loss and fraud. Security and privacy of patients' information are concerns of all healthcare organizations. These concerns hinder the willingness to share data across different organizations. An objective assessment of organizational security posture is required in order to build trust among interconnected systems. Security metrics are a collection of several measurements taken at different points in time, compared against baselines and interpreted to reveal an understanding. They provide insight, improve performance and accountability, and can reveal the overall security posture of organization. The current security assessment practices focus either on measuring security programme effectiveness, auditing or assessment of individual information systems components like networks and software. These practices are not sufficient to reveal the overall security posture of organization. Also, their assessment results are not meaningfully comparable among different organizations. In this paper we propose an approach for developing security metrics to be used for assessing security posture of healthcare organizations. The metrics for this approach shall not be tailored to any specific organization to ensure comparable results.
UR - http://www.scopus.com/inward/record.url?scp=77950325624&partnerID=8YFLogxK
U2 - 10.1109/icitst.2009.5402504
DO - 10.1109/icitst.2009.5402504
M3 - Conference contribution
AN - SCOPUS:77950325624
SN - 9781424456482
T3 - International Conference for Internet Technology and Secured Transactions, ICITST 2009
BT - International Conference for Internet Technology and Secured Transactions, ICITST 2009
PB - IEEE Computer Society
T2 - International Conference for Internet Technology and Secured Transactions, ICITST 2009
Y2 - 9 November 2009 through 12 November 2009
ER -