oru.sePublikationer
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Information security goals in a Swedish hospital
Örebro University, Swedish Business School at Örebro University. (MELAB)
Örebro University, Swedish Business School at Örebro University. (MELAB)ORCID iD: 0000-0003-2304-7170
Örebro University, Swedish Business School at Örebro University. (MELAB)ORCID iD: 0000-0002-3265-7627
2009 (English)In: Security, assurance and privacy: organizaional challenges / [ed] Gurpreet Dhillon, 2009, Article no. 16- p.Conference paper, Published paper (Refereed)
Abstract [en]

One of the problems highlighted within the area of information security is that internatonal standards are implemented in organisations without adopting them to special organisational settings. This paper presents findings of information security goals found in policies, guidelines, and routines at a Swedish hospital. The purpose of the paper is to analyze the information security goals and relate them to confidentiality, integrity and availability (CIA) that are traditional objectives for managing information security in organisations. A critical view on the CIA-triad has been taken in the study, to see how it is related to a hospital setting. Seven main information security goals and 63 sub-goals supporting the main goals were identified. We found that the CIA-triad covers three of these main-goals. Confidentiality and integrity, however, have a broader definition in the hospital-setting than the traditional definitions. In addition, we found four main information security goals that the CIA-triad fails to cover. These are ‘Follow information security laws, rules and standards,’ ‘Traceability,’ ‘Standardized formation’ and ‘Informed patients and/or family.’ These findings shows that there is a need to adopt the traditional information security objective to special organisational settings.

Place, publisher, year, edition, pages
2009. Article no. 16- p.
National Category
Social Sciences Computer and Information Science Information Science
Research subject
Informatics
Identifiers
URN: urn:nbn:se:oru:diva-8887ISBN: 978-1-935160-04-4 (print)OAI: oai:DiVA.org:oru-8887DiVA: diva2:282672
Conference
8th Annual Security Conference, 15-16 April 2009, Las Vegas, USA
Available from: 2009-12-22 Created: 2009-12-21 Last updated: 2016-09-22Bibliographically approved

Open Access in DiVA

fulltext(154 kB)1490 downloads
File information
File name FULLTEXT01.pdfFile size 154 kBChecksum SHA-512
d317330ee74ac68a5ede739ea03025f2ccbd96c517cd445b6e9affe525c00ed9e16db58650afd4b61ecebaa6c51ae393ad75cb76d6c793a45e570b3e2c9c7eaa
Type fulltextMimetype application/pdf

Other links

http://www.security-conference.org/SecurityConf_2009_Proc/Papers/16.pdf

Search in DiVA

By author/editor
Kolkowska, EllaHedström, KarinKarlsson, Fredrik
By organisation
Swedish Business School at Örebro University
Social SciencesComputer and Information ScienceInformation Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 1490 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 488 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf