Abstract
Past research and practical experience in information security suggest that management of information security in general is inadequate, with executives and employees lacking in security awareness. At core, security problems are people related: people use and manage information systems on a day to day basis, and people are both perpetrators and victims. This paper presents an approach to computer security management which is people oriented, developed based upon the Soft Systems Methodology (SSM). The planned application of this security management approach in practice to a private hospital in Western Australia is also discussed.
Keywords
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Becker R.S. (1977) The Data Processing Security Game, Pergamon Press
Checkland P. (1981) Systems Thinking, Systems Practice, John Wiley & Sons, Chichester
Checkland P. & Scholes J (1990) Soft Systems Methodology in Action, John Wiley & Sons, Chichester
Coopers and Lybrand (1988) The Security of Network Systems, USA
Davies L & Ledington P. (1991) Information in Action: Soft Systems Methodology, MacMillan Education, Hampshire, UK
Gasser M (1988) Building a Secure Computer System, Van Nostrand Reinhold
Gritzalis D, Katsikas S & Darzentas J (1994) A High Level Security Policy for Health Care Establishments, Proceedings of IFIP SEC 94, Curacao
Hafner K & Markoff J (1993) Cyberpunk, Corgi Books, London
Hitchings J & Williams B. (1992) Information Technology, Management Control and Security, Management Accounting, October, pp 34–35
Hitchings J (1994) The Need for a New Approach to Information Security, Proceedings of IFIP SEC 94, Curacao
Lane V.P. (1985) Security of Computer Based Information Systems, MacMillan
NCC (1994) IT Security Breaches Survey Summary, National Computing Centre Limited, UK
Office of the Auditor General (1992) Management of Information Systems in the Public Sector, Report of the Auditor General to the Western Australian Parliament
Power, K. (1994) Crooks Among Colleagues, Informatics, November, pp 22–26
Seah V, Kamay V, Adams T, and Sung H (1991) A Study of Computer Security and Computer Abuse in Singapore - 1990, SIM Monograph No. 3, Singapore Institute of Management
Stemman R (1987) The Hidden Face of Fraud, Business Computing & Communications, Sept, pp 34–36
von Burlow I. (1989) The bounding of a problem situation and the concept of a system’s boundary in soft systems methodology, Journal of Applied Systems Analysis, No 16, pp 35–41
Watney D & Turney P (1990) Auditing EDP Systems, Prentice-Hall
Wilson B. (1990) Systems: Concepts, Methodologies and Applications, John Wiley & Sons, Chichester
Wood M (1982) Introducing Computer Security, NCC
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
James, H., Andronis, K., Paul, W. (1996). A human approach to security management in HealthCare. In: Katsikas, S.K., Gritzalis, D. (eds) Information Systems Security. SEC 1996. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-1-5041-2919-0_31
Download citation
DOI: https://doi.org/10.1007/978-1-5041-2919-0_31
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2921-3
Online ISBN: 978-1-5041-2919-0
eBook Packages: Springer Book Archive