Title: An investigation of information security as a service practice: case study in healthcare

Authors: Chalee Vorakulpipat; Siwaruk Siwamogsatham; Asanee Kawtrakul

Addresses: National Electronics and Computer Technology Center, Pathumthani 12120, Thailand ' National Electronics and Computer Technology Center, Pathumthani 12120, Thailand ' National Electronics and Computer Technology Center, Pathumthani 12120, Thailand

Abstract: The paper presents important factors that influence the development of information security as a service in four small-sized healthcare sectors. The analysis shows that information security services have two perspectives: an information security management system (ISMS) perspective and a business-oriented perspective. An organisation needs to determine its perspective before implementing security services. The analysis of the findings leads to the development of a conceptual model of information security as a service that combines these two perspectives. The study suggests that using security services from third parties such as consulting services, network services, helpdesk services and software development services must be highly controlled to archive confidentiality, integrity and availability (CIA). Finally, a variety of services should be provided on an ease-of-use and pay-as-you-go basis to help improve processes and save costs.

Keywords: healthcare information; information security; security as a service; SaaS; modelling; security management; information management; confidentiality; integrity; availability; ease-of-use; pay-as-you-go; conceptual modelling; business-oriented perspective.

DOI: 10.1504/IJCAT.2014.062372

International Journal of Computer Applications in Technology, 2014 Vol.49 No.3/4, pp.365 - 371

Available online: 05 Jun 2014 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article