BACKGROUND Availability of information in hospitals is an important prerequisite for good service. Significant resources have been invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed. OBJECTIVE The goal of this study was to assess information security in hospitals through a questionnaire based on the International O...

To protect the information assets of organizations, many different standards and guidelines have been proposed. Among them, International standard ISO 17799 is one of the most prominent international efforts on information security. This standard provides both an authoritative statement on information security and the procedures to be adopted by organizations to ensure information security. Sec...

The principal aim of this paper is to examine an innovative approach to determine the extent that an organisation complies with a generally-accepted information security management standard. This new approach is modelled on the Goal Attainment Scaling (GAS) methodology and is combined with a set of baseline security controls extracted from the International Standard AS/NZS ISO/IEC 17799: 2001. ...

Security is not merely about technical solutions and patching vulnerabilities. Security is about trade-offs and adhering to realistic security needs, employed to support core business processes. Also, modern systems are subject to a highly competitive market, often demanding rapid development cycles, short life-time, short time-to-market, and small budgets. Security evaluation standards, such a...

There is an increase in the interaction of different organizations at the internal Intranet, business Extranet, and the public Internet level. The need to conduct business or exchange confidential information across heterogeneous networks raises the issue of compliance with international information security management standards. It is becoming of increasing importance to establishing a common ...