Search results for "Security management"

showing 10 items of 26 documents

Security Management in Electronic Health Records: Attitudes and Experiences Among Health Care Professionals

2018

Electronic health records play an important role for management, exchange and storage of information within health care organizations. Health care organizations are obliged to adopt strategies for information security and privacy associated with access to medical and sensitive information, but at the same time, the information needs to be available for authorized health care professionals carrying out patient treatment. This paper presents a study about attitudes and experiences among health care professionals towards security management in electronic health records. Qualitative research methods were used, with an initial literature review that was followed by observations and interviews wi…

020205 medical informaticsbusiness.industryAccess controlInformation needs02 engineering and technologyInformation securitySecurity policyInformation sensitivityNursingHealth care0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processingSecurity managementBusinessQualitative research2018 International Conference on Computational Science and Computational Intelligence (CSCI)
researchProduct

Security Management in Health Care Information Systems — A Literature Review

2017

Health care information systems play an important role for communication across the organizational borders of health care services. The electronic health record represents the main entity in the management, exchange and storage of medical information. Health care organizations must adopt strategies for security and privacy risks associated with access to health care information systems, but on the other hand, the information needs to be accessible and readable for authorized health care professionals carrying out patient treatment. This paper presents a literature review on security management in health care information systems. The aim was to analyze descriptions and definitions of informa…

020205 medical informaticsbusiness.industryInternet privacyInformation needsAccess controlUsability02 engineering and technologyInformation securityPeer review03 medical and health sciences0302 clinical medicineHealth careHealth care information systems0202 electrical engineering electronic engineering information engineeringSecurity management030212 general & internal medicinebusiness2017 International Conference on Computational Science and Computational Intelligence (CSCI)
researchProduct

Understanding the Importance of Proper Incentives for Critical Infrastructures Management – How System Dynamics Can Help

2016

International audience; Computer and information systems are now at the core of numerous critical infrastructures. However, their security management is by far not a trivial issue. Further, these systems, by their very nature, belong to the domain of complex systems, where system dynamics (SD) is an established method, which aims at modelling such systems, their analysis and understanding. Further, on this basis it enables simulation of various policies to properly manage complex systems. More precisely, through understanding of the basic elements of the whole mosaic and their interplay, proper incentives can be tested. And this is important, because proper incentives can lead to the desire…

021110 strategic defence & security studiesManagement sciencebusiness.industry020209 energy0211 other engineering and technologiesComplex systemModeling and simulation02 engineering and technologyDomain (software engineering)System dynamicsManagementModeling and simulationCritical infrastructuresIncentiveRisk analysis (engineering)0202 electrical engineering electronic engineering information engineeringInformation systemSecurity managementThe Internet[INFO]Computer Science [cs]BusinessPolicies
researchProduct

Introduction to Emerging Risks and Systemic Concerns in Information Security Research and Applications Minitrack

2013

Critical security studiesCloud computing securityKnowledge managementCertified Information Security Managerbusiness.industryStandard of Good PracticeInformation securityComputer securitycomputer.software_genreSecurity information and event managementInformation security managementSecurity managementBusinesscomputer2013 46th Hawaii International Conference on System Sciences
researchProduct

Managing information security risks during new technology adoption

2012

Author's version of an article in the journal: Computers and Security. Also available from the publisher at: http://dx.doi.org/10.1016/j.cose.2012.09.001 In the present study, we draw on previous system dynamics research on operational transition and change of vulnerability to investigate the role of incident response capability in controlling the severity of incidents during the adoption of new technology. Toward this end, we build a system dynamics model using the Norwegian Oil and Gas Industry as the context. The Norwegian Oil and Gas Industry has started to adopt new information communication technology to connect its offshore platforms, onshore control centers, and suppliers. In oil co…

General Computer Sciencedelaybusiness.industryinformation security managementVDP::Technology: 500::Information and communication technology: 550Context (language use)Information securityIntegrated operationsComputer securitycomputer.software_genreProblem managementreactive investmentInformation security managementRisk analysis (engineering)Information and Communications Technologyproactive investmentsystem dynamicsintegrated operationsbusinessLawcomputerRisk managementVulnerability (computing)Computers & Security
researchProduct

Aligning Two Specifications for Controlling Information Security

2014

Assuring information security is a necessity in modern organizations. Many recommendations for information security management exist, which can be used to define a baseline of information security requirements. ISO/ IEC 27001 prescribes a process for an information security management system, and guidance to implement security controls is provided in ISO/IEC 27002. Finnish National Security Auditing Criteria (KATAKRI) has been developed by the national authorities in Finland as a tool to verify maturity of information security practices. KATAKRI defines both security control objectives and security controls to meet an objective. Here the authors compare and align these two specifications in…

Information Systems and ManagementComputer Networks and Communicationsinformation securitysecurity specification alignmentComputer securitycomputer.software_genreSecurity information and event managementInformation security auditKATAKRIsecurity managementSafety Risk Reliability and Qualitysecurity audit criteriaInformation security management systemta113Certified Information Security ManagerInformation securitySecurity controlsISO/IEC 27001ISO/IEC 27002ITIL security managementRisk analysis (engineering)Security servicesecurity cerificationHardware and ArchitectureBusinessSafety ResearchcomputerSoftwaresecurity controls
researchProduct

Exploring the Relationship between Information Technology Infrastructure Library and Process Management: Theory Development and Empirical Testing

2014

This paper investigates whether information technology (IT) departments that implement the IT Infrastructure Library (ITIL) processes also employ process management. This is a pertinent issue, as ITIL not only implies a time-limited program for redesigning vital IT processes according to best practices but a complete transformation to ITIL also implies that processes are managed on a daily basis. Without process management, ITIL will not be a success beyond its initial implementation. A survey of 444 Nordic ITIL experts was conducted to examine if there is a correlation between the implementation of ITIL processes and process management. The results are unambiguous and promising for sustain…

Information Technology Infrastructure LibraryConfiguration managementITIL security managementProcess managementFinancial management for IT servicesComputer scienceManagement of Technology and InnovationStrategy and ManagementIncident management (ITSM)IT portfolio managementCapacity managementChange management (ITSM)Knowledge and Process Management
researchProduct

Identity and Access Management for Remote Maintenance Services in Business Networks

2007

Access to information systems across corporate boundaries with high demands to privacy and trust result into ambitious research and development targets. This study provides motivation and a roadmap for approaching integrated security management solutions in a business network of partners with heterogeneous ICT and security infrastructures. We aim at describing specifics of identity and access management in inter-organizational collaboration, and a vision and arguments for identity and access management in a business network. A case study with Metso Paper, Inc., the leading manufacturer of paper machinery and related services, validates the results, thus providing a motivating example of the…

Information managementKnowledge managementbusiness.industryData managementBusiness networkingSecurity managementBusinessDigital firmSecurity information and event managementIdentity managementBusiness relationship management
researchProduct

Information Security and Privacy in Medical Application Scenario

2010

This chapter discusses security and privacy aspects for medical application scenario. The chapter analyze what kind security and privacy enforcements would be needed and how it can be achieved by technological means. Authors reviewed cryptographic mechanisms and solutions that can be useful in this context.

Information privacyCloud computing securityPrivacy by Designbusiness.industryPrivacy softwareInternet privacyComputer securitycomputer.software_genreSecurity information and event managementInformation sensitivityInformation security managementbusinessPersonally identifiable informationcomputer
researchProduct

Enabling a culture for IT services; the role of the IT infrastructure library

2016

Building on process management and service climate theories, this paper investigates the pertinent issues of whether firms that implement ITIL best practices for IT service management will also experience growth in their process management activities and IT service climate. First, ITIL practices imply that processes in the IT department should be managed on a daily basis; without process management, ITIL will fail beyond its initial implementation. Second, two of the main reasons for adopting ITIL are to become a service-oriented organisation and to deliver IT services that meet business needs. Thus, we hypothesise that as the implementation status of ITIL increases, process management and …

Knowledge managementComputer Networks and Communicationsbusiness.industry05 social sciencesIT service managementIT portfolio managementCapacity managementChange management (ITSM)Computer Science ApplicationsInformation Technology Infrastructure LibraryITIL security managementHardware and ArchitectureFinancial management for IT services0502 economics and businessIncident management (ITSM)050211 marketingBusiness050203 business & managementSoftwareInternational Journal of Information Technology and Management
researchProduct