An evaluation model for information security strategies in healthcare data systems

Abstract

This thesis presents a newly developed evaluation model, EMISHD (An "Evaluation Model for Information Security Strategies in Healthcare Data Systems") which can address the specific requirements of information security in healthcare sector. Based on a systematic literature review and case study, the information security requirements and the existing evaluation models used to examine the information security strategies of healthcare data systems have been analysed. The requirements of information security in any sector generally vary in line with changes in laws and regulations, and the emergence of new technologies and threats, which require existing information security strategies to be strengthened to deal with new challenges. The systemic review of the existing evaluation models identified from the previous research resulted in the development of a new evaluation model (EMISHD) specifically designed to examine the information security strategies in healthcare data systems according to the specific requirements. A case study of a healthcare organisation in Saudi Arabia is conducted in order to apply the newly developed evaluation model (EMISHD) in a real life case and to validate the evaluation results through observation.