论文信息 - Managing Information Security in Healthcare - an Action Research Experience

Managing Information Security in Healthcare - an Action Research Experience

This paper describes a project involving the planning and management of information security at a large private hospital. A high level model derived using the Soft Systems Methodology [5] named the Orion Strategy, was implemented and further developed during its application using Action Research. This method features a high level of user participation, including education seminars and workshops with senior and middle managers of the hospital. The project resulted in a noticeable improvement in information security measures at the hospital, a raised awareness of security issues and an acceptance of ownership by staff of the resultant security plan

Helen L. Armstrong

[1] Helen Armstrong,et al. A soft approach to management of information security. , 1999 .

[2] James G. Anderson,et al. Clearing the way for physicians' use of clinical information systems , 1997, CACM.

[3] John Davey,et al. Risk Analysis in Health Care Establishments , 1996, Towards Security in Medical Telematics.

[4] P. Checkland. From framework through experience to learning: The essential nature of action research , 1991 .

[5] Detmar W. Straub,et al. Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[6] Peter Checkland,et al. Systems Thinking, Systems Practice , 1981 .

[7] Michael D. Myers,et al. A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems , 1999, MIS Q..

[8] H. Klein,et al. Information systems research: contemporary approaches and emergent traditions , 1991 .

[9] Richard Baskerville,et al. Diversity in information systems action research methods , 1998 .