A value that is obtained by comparing data (or attributes according to ISO-27004) logically related, concerning the behavior of an activity, process or control, within a specified time; a key indicator, that, when taken into account, may be predictive of the overall security posture of an organization (these critical indicators are derived from criteria based on factors like a single point of failure, operational vs. administrative, human factor related). The indicators are guided by security rules, regulations, and standards.
Published in Chapter:
Maturity and Metrics in Health Organizations Information Systems
Alberto Carneiro (Universidade Autónoma de Lisboa (CESITI), Portugal)
Copyright: © 2013
|Pages: 16
DOI: 10.4018/978-1-4666-3990-4.ch049
Abstract
This chapter discusses the issues and choices that researchers and technicians should consider when adapting maturity models to healthcare organizations needs. It discusses the practical utilization of maturity models, including different maners of exploring a model’s usefulness. For a more complete understanding of maturity models and their applicability, the selection of criteria and processes of measurement, called metrics, is briefly reviewed in terms of indicators and daily procedures. Finally, some issues of management information systems security are briefly addressed, along with a note on measuring security assessment.