Information Security Maturity Model for Healthcare Organizations in the United States

Authors

Bridget Barnes, Health Information Security Maturity Model
Tugrul U. Daim, Portland State UniversityFollow

Published In

IEEE Transactions on Engineering Management

Document Type

Citation

Publication Date

1-30-2022

Abstract

This article provides a maturity model for information security for healthcare organizations in the United States. Healthcare organizations are faced with increasing threats to the security of their information systems. The maturity model identifies specific performance metrics, with relative importance measures, that can be used to enhance information security at healthcare organizations allowing them to focus scarce resources on mitigating the most important information security threat vectors. This generalizable, hierarchical decision model uses both qualitative and quantitative metrics based on objective goals. This model may be used as a baseline by which to measure individual organizational performance, to measure performance against other organizations, or to monitor changes in the information security environment over time.

Rights

2021 IEEE.

Locate the Document

https://doi.org/10.1109/TEM.2021.3139836

DOI

10.1109/TEM.2021.3139836

Persistent Identifier

https://archives.pdx.edu/ds/psu/37017

Publisher

IEEE

Citation Details

B. Barnes and T. Daim, "Information Security Maturity Model for Healthcare Organizations in the United States," in IEEE Transactions on Engineering Management, doi: 10.1109/TEM.2021.3139836.