To read this content please select one of the options below:

A practical application of CMM to medical security capability

Patricia Williams (School of Computer and Information Science, Edith Cowan University, Joondalup, Australia)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 21 March 2008

1483

Abstract

Purpose

The manner in which information is used and communicated in the medical environment has been revolutionized by the introduction of electronic storage, manipulation and communication of information. This change has brought with it many challenges in information security. This research seeks to propose a practical application, the capability maturity model (CMM), to meet the needs of medical information security practice.

Design/methodology/approach

This paper builds on previous work by the author using the Tactical Information Governance for Security model developed for the medical setting. An essential element of this model is the ability to assess current capability of a practice to meet the needs of security and to identify how improvements can be made. Existing CMM models are reviewed to inform construction of an operational framework for capability assessment.

Findings

An operational capability framework for assessing security capability in medical practice, based on CMM principles, is presented. An example of the use of this framework is modelled using backup to provide proof of concept.

Practical implications

In an environment that is reliant on doctors and non‐technical staff to implement security, an operational framework to improve practice though capability evaluation is needed. The framework presents activities in simple, non‐technical terms and separates these activities into discrete sections resulting in improvement that can be easily managed and implemented.

Originality/value

The operational framework developed demonstrates how practical security practice improvement can be achieved in a medical environment, whilst meeting strategic objectives, best practice and external validation. This paper develops this process through exploration and application of existing CMMs.

Keywords

Citation

Williams, P. (2008), "A practical application of CMM to medical security capability", Information Management & Computer Security, Vol. 16 No. 1, pp. 58-73. https://doi.org/10.1108/09685220810862751

Publisher

:

Emerald Group Publishing Limited

Copyright © 2008, Emerald Group Publishing Limited

Related articles