The role of standards in medical information security: an opportunity for improvement
Document Type
Conference Proceeding
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Information Science / Centre for Security Research
RAS ID
4182
Abstract
Standards are an essential feature in an unregulated field such as computing. Thus, when computing and the healthcare environment are combined, the requirement for standards is imperative. For instance, the combination of sensitive information and mobile technology presents increased complexity in information security. Whilst we have many worldwide standards for information security including OS1 17799, little has been done in interpretation of these to ensure quality. Standards are written for specialists in the field and in the case of information security, for security specialists, yet we expect them to be "read and implemented", by non-technical healthcare staff. This results in the limitation of standards to be easily applied. This paper suggests that a more holistic approach is taken to the development of standards, in which, standards and associated context specific guidelines are developed.
Comments
Williams, P. (2006). The role of standards in medical information security: an opportunity for improvement. Proceedings of the 2006 International Conference on Security and Management (pp.415-420) Las Vegas, Nevada, USA. Conference website available here.