A practical application of CMM to medical security capability

Information Management and Computer Security

Volumn 16, Issue 1, 2008, Pages 58-73

  Williams, Patricia ^a  

^a EDITH COWAN UNIVERSITY   (Australia)

Author keywords

Data security; Governance; Information systems; Medical informatics

Indexed keywords

INFORMATION SYSTEMS; INFORMATION TECHNOLOGY; SECURITY OF DATA;

INFORMATION GOVERNANCE; MEDICAL INFORMATICS; MEDICAL SECURITY;

DATA PRIVACY;

EID: 40949149568     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220810862751     Document Type: Article

References (36)

1. Beecham, S., Hall, T. and Rainer, A. (2005), "Defining a requirements process improvement model", Software Quality Journal, Vol. 13 No. 3, pp. 247-80.
2. Boulet, M-M., Dupuis, C. and Belkhiter, N. (2001), "Selecting continuous training program and activities for computer professionals", Computers and Education, Vol. 36 No. 1, pp. 83-94.
3. BSI Technische Leitlinie (2004), "Risk analysis based on IT baseline protection model", available at: www.bsi.bund.de/english/ gshb/riskanalysis/risiko_en.pdf.
4. Carnegie Mellon University (2003), "Systems security engineering capability maturity model (SSE-CMM): Model Description Document Version 3.0", available at: www.sse-cmm.org/docs/ssecmmv3final.pdf.
5. Center for Software Engineering (2002), COCOMO, available at: sunset.usc.edu/research/COCOMOII/.
6. CERT (2003), OCTAVE, available at: www.cert.org/octave/.
7. Ciampa, M. (2007), Security Awareness: Applying Practical Security in your World, 2nd ed., Thompson Course Technology, Boston, MA.
8. Curtis, B., Hefley, W.E. and Miller, S.A. (2001), "People capability maturity model (P-CMM)", available at: www.sei.cmu.edu/ pub/documents/01.reports/pdf/01mm001.pdf.
9. Dictionary.com (2007), available at: Dictionary.reference.com/.
10. Furnell, S.M., Jusoh, A. and Katsabas, D. (2006), "The challenges of understanding and using security: A survey of end-users", Computers and Security, Vol. 25 No. 1, pp. 27-35.
11. Galin, D. and Avrahami, M. (2006), "Are CMM program investments beneficial? Analyzing past studies", IEEE Software, Vol. 23 No. 6, pp. 81-7.
12. Hefner, R. (1997), "Lessons learned with the systems security engineering capability maturity model", Proceedings of the 19th International Conference on Software Engineering, Boston, MA, USA.
13. Heiser, J.G. (2004), "The regulation of information security", Intermedia, Vol. 32 No. 2, p. 29.
14. Herbsleb, J., Zubrow, D., Goldenson, D., Hayes, W. and Paulk, M.C. (1997), "Software quality and the capability maturity model", Communications of the ACM, Vol. 40 No. 6, pp. 30-40.
15. Hopkinson, J.P. (1996), "System security engineering capability maturity model organization profiles", available at: www.sse-cmm.org/docs/sse-cmm.pdf.
16. Hopkinson, J.P. (2001), "The relationship between the SSE-CMM and IT security guidance documentation", The SSE-CMM and IT Security Guidance Documentation, available at: www.issea.org/docs/ sse-guides_2001.pdf.
17. Huang, S-J. and Han, W-M. (2006), "Selection priority of process areas based on CMMI continuous representation", International Journal of Information Management, Vol. 43 No. 3, pp. 297-307.
18. InfoEdge (2007), "Strategic IT planning and governance: 4.2 IT governance maturity model", available at: www.infoedge.com/in/ IN-6002SITGMM.pdf.
19. ISACA (2006), Information security governance, available at: www.isaca.org/Content/NavigationMenu/Security/CISM_Certification/ Exam_Information1/Content_Areas1/Information_Security_Governance.htm.
20. ISACA (2007), COBIT, available at: www.isaca.org/template.cfm?Section= COBIT6.
21. ISO (2005), "ISO/IEC 17799:2005 information technology - security techniques - code of practice for information security management", available at: www.iso.ch/iso/en/prods-services/popstds/ informationsecurity.html.
22. Jiang, J.J., Klein, G., Hwang, H-G., Huang, J. and Hung, S-Y. (2004), "An exploration of the relationship between software development process maturity and project performance", Information & Management, Vol. 41 No. 3, pp. 279-88.
23. Jokela, T. (2004), "Evaluating the user-centredness of development organisations: Conclusions and implications from empirical usability capability maturity assessments", Interacting with Computers, Vol. 16 No. 6, pp. 1095-132.
24. Krutz, R.L. and Vines, R.D. (2001), The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, WileyNew York, NY.
25. Neame, R. and Kluge, E-H. (1999), "Computerisation and health care: some worries behind the promises", British Medical Journal, Vol. 319 No. 7220, p. 1295.
26. Niazi, M., Wilson, D. and Zowghi, D. (2005), "A maturity model for the implementation of software process improvement: An empirical study", The Journal of Systems and Software, Vol. 74 No. 2, p. 155.
27. Paulk, M.C. (2004), "Surviving the quagmire of process models, integrated models, and standards", Annual Quality Congress Proceedings, Vol. 58, pp. 429-38.
28. RACGP (2005a), RACGP standards for general practice, available at: www.racgp.org.au/standards.
29. RACGP (2005b), "RACGP standards for general practice: Criterion 4.2.2 - information security", available at: www.racgp.org.au/ Content/NavigationMenu/PracticeSupport/StandardsforGeneralPractices/ Criterion4.2.2_Information_security.pdf.
30. Saleh, Y. and Alshawi, M. (2005), "An alternative model for measuring the success of IS projects: The GPIS model", Journal of Enterprise Information Management, Vol. 18 No. 1, pp. 47-63.
31. Sargut, K.U. and Demirörs, O. (2006), "Utilization of statistical process control (SPC) in emergent software organizations: pitfalls and suggestions", Software Quality Journal, Vol. 14 No. 2, pp. 135-57.
32. Schattner, P. (2005), The GPCG Computer Security Self-assessment Guideline and Checklist for General Practitioners, Department of General Practice, Monash University, East Bentleigh.
33. Software Engineering Institute (2006), What is CMMI?, available at: www.sei.cmu.edu/cmmi/general/general.html.
34. University of Massachusetts Dartmouth (n.d.), "SEI capability maturity model", available at: www2.umassd.edu/swpi/ processframework/cmm/cmm.html.
35. Williams, P.A.H. (2007a), "Information governance: A model for security in medical practice", Journal of Digital Forensics, Security and Law, Vol. 2 No. 1.
36. Williams, P.A.H. (2007b), "When trust defies common security sense", Health Informatics Journal, June.