An approach for developing comparative security metrics for healthcare organizations

Said Jafari, Fredrick Mtenzi, Ronan Fitzpatrick, Brendan O'Shea

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Citations (Scopus)

Abstract

Information sharing among different healthcare organizations is critical for efficient and cost effective healthcare service delivery. Isolated information systems need to be interconnected to ensure information exchange. Interconnectivity increases exposure to risk of damage, loss and fraud. Security and privacy of patients' information are concerns of all healthcare organizations. These concerns hinder the willingness to share data across different organizations. An objective assessment of organizational security posture is required in order to build trust among interconnected systems. Security metrics are a collection of several measurements taken at different points in time, compared against baselines and interpreted to reveal an understanding. They provide insight, improve performance and accountability, and can reveal the overall security posture of organization. The current security assessment practices focus either on measuring security programme effectiveness, auditing or assessment of individual information systems components like networks and software. These practices are not sufficient to reveal the overall security posture of organization. Also, their assessment results are not meaningfully comparable among different organizations. In this paper we propose an approach for developing security metrics to be used for assessing security posture of healthcare organizations. The metrics for this approach shall not be tailored to any specific organization to ensure comparable results.

Original languageEnglish
Title of host publicationInternational Conference for Internet Technology and Secured Transactions, ICITST 2009
PublisherIEEE Computer Society
ISBN (Print)9781424456482
DOIs
Publication statusPublished - 2009
Externally publishedYes
EventInternational Conference for Internet Technology and Secured Transactions, ICITST 2009 - London, United Kingdom
Duration: 9 Nov 200912 Nov 2009

Publication series

NameInternational Conference for Internet Technology and Secured Transactions, ICITST 2009

Conference

ConferenceInternational Conference for Internet Technology and Secured Transactions, ICITST 2009
Country/TerritoryUnited Kingdom
CityLondon
Period9/11/0912/11/09

Fingerprint

Dive into the research topics of 'An approach for developing comparative security metrics for healthcare organizations'. Together they form a unique fingerprint.

Cite this