Information Security Maturity Model for Healthcare Organizations in the United States
IEEE Transactions on Engineering Management
This article provides a maturity model for information security for healthcare organizations in the United States. Healthcare organizations are faced with increasing threats to the security of their information systems. The maturity model identifies specific performance metrics, with relative importance measures, that can be used to enhance information security at healthcare organizations allowing them to focus scarce resources on mitigating the most important information security threat vectors. This generalizable, hierarchical decision model uses both qualitative and quantitative metrics based on objective goals. This model may be used as a baseline by which to measure individual organizational performance, to measure performance against other organizations, or to monitor changes in the information security environment over time.
Locate the Document
B. Barnes and T. Daim, "Information Security Maturity Model for Healthcare Organizations in the United States," in IEEE Transactions on Engineering Management, doi: 10.1109/TEM.2021.3139836.