Abstract
This paper describes a project involving the planning and management of information security at a large private hospital. A high level model derived using the Soft Systems Methodology [5] named the Orion Strategy, was implemented and further developed during its application using Action Research. This method features a high level of user participation, including education seminars and workshops with senior and middle managers of the hospital. The project resulted in a noticeable improvement in information security measures at the hospital, a raised awareness of security issues and an acceptance of ownership by staff of the resultant security plan
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35515-3_53
Chapter PDF
Similar content being viewed by others
References
Anderson, J.G., 1997, “Clearing the Way for Physicians’ use of Clinical Information Systems”, Communications of the ACM, Vol 40 no 8, pp 83–90
Armstrong H, 1999, `A Soft Approach to the Management of Information Security’, PhD Thesis, Curtin University, Perth, West Australia
Barber B., Davey, J., 1996, `Risk Analysis in Health Care Establishments’, in Barber, Treacher, Louwerse, (Eds), “Towards Security in Medical Telematics”, IOS Press, Amsterdam, pp 120–124
Baskerville, R., Wood-Harper, A.T., 1998, `Diversity in Information Systems Action Research Methods’, European Journal of Information Systems, Vol 7, no 2, June, pp 90–107
Checkland P, 1981, `Systems Thinking, Systems Practice’, John Wiley & Sons, Chichester, UK
Checkland P, 1991, `From Framework through Experience to Learning’, in Nissen, Klein & Hirschheim (Eds), `Information Systems Research: Contemporary Approaches and Emergent Traditions’, Elsevier, Amsterdam
Klein H, Myers M, 1999, ‘A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems, MIS Quarterly, Vol 23, No. 1, pp 67–93
Smith, E. & Eloff, J., 1998, `Modelling Risks in a Health-Care Institution’, Proceedings of the XV IFIP World Computer Congress, Vienna/Budapest, September
Straub D, Welke R, 1999, ‘Coping with Systems Risk: Planning Models for Management Decision Making’, MIS Quarterly, Vol 22 No 4, pp 441–469
Treacher, A. Bleumer, G., 1996, `An Overview of SEISMED’, in Barber, Treacher & Louwerse, (Eds), “Towards Security in Medical Telematics”, IOS Press, Amsterdam, pp 4–9
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 IFIP International Federation for Information Processing
About this paper
Cite this paper
Armstrong, H. (2000). Managing Information Security in Healthcare — an Action Research Experience. In: Qing, S., Eloff, J.H.P. (eds) Information Security for Global Information Infrastructures. SEC 2000. IFIP — The International Federation for Information Processing, vol 47. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35515-3_3
Download citation
DOI: https://doi.org/10.1007/978-0-387-35515-3_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5479-7
Online ISBN: 978-0-387-35515-3
eBook Packages: Springer Book Archive