Making Research Real: Is Action Research a Suitable Methodology for Medical Information Security Investigations?
Document Type
Conference Proceeding
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Information Science / Centre for Security Research
RAS ID
4179
Abstract
In the medical field. information security is an important yet vastly underrated issue, Research into the protection of sensitive medical data is often technically focused and does not address information systems and behavioural aspects integral to effective information security implementation, Current information security policy and guidelines are strategically oriented which, whilst relevant to large organisations, are less supportive to smaller enterprises such as primary care practices. Further, the conservative nature of the medical profession has been shown to hinder investigation into information technology use and management, making effective improvement based on research problematical. It is an environment which relies greatly on trust, inhibiting good security practice. Research into how information security practice in this setting can be improved demands an interpretivist approach rather than a positivist one. Action research is one such interpretivist method that allows a creation of scientific /mowledge with practical value. Whilst there is some opposition to the action research method on grounds ()f rigour, its fundamental cyclic process of participation, action and reflection promotes internal rigour and can overcome many of the barriers to research inherent in the primary care medical environment.
DOI
10.4225/75/57b66e3834779
Access Rights
Free_to_read
Comments
Williams, P. (2006). Making research real : Is action research a suitable methodology for medical information security. Proceedings of the 4th Australian Information Security Conference (pp. 196-207). Perth, Western Australia. : SECAU _ Security Research Centre, ECU. Available here