| 1. |
- Skyvell Nilsson, Maria, 1961-, et al.
(författare)
-
Professional culture, information security and healthcare quality : an interview study of physicians' and nurses' perspectives on value conflicts in the use of electronic medical records
- 2018
-
Ingår i: Safety in health. - : BioMed Central. - 2056-5917. ; 4
-
Tidskriftsartikel (refereegranskat)abstract
- Digital healthcare information systems impose new demands on healthcare professionals, and information security rules may induce stressful value conflicts, which the professional culture may help professionals to handle.The aim of the study was to elucidate physicians' and registered nurses' shared professional assumptions and values, grounded in their professional cultures, and how these assumptions and values explain and guide healthcare professionals' handling of value conflicts involving rules regulating the use of electronic medical records.Methods Healthcare professionals in five organisations in two Swedish healthcare regions were interviewed.Results The study identified ensuring the patients' physical health and well-being as the overarching value and a shared basic assumption among physicians and registered nurses. A range of essential professional and organisational values were identified to help attain this goal. In value conflicts, different values were weighted in relation to each other and to the electronic information security rules.Conclusions The results can be used to guide effective design and implementation of electronic medical records and information security regulations in healthcare.
|
|
| 2. |
- Djebbar, Fatiha, et al.
(författare)
-
A Comparative Analysis of Industrial Cybersecurity Standards
- 2023
-
Ingår i: IEEE Access. - 2169-3536. ; 11, s. 85315-85332
-
Tidskriftsartikel (refereegranskat)abstract
- Cybersecurity standards provide a structured approach to manage and assess cybersecurity risks. They are the primary source for security requirements and controls used by organizations to reduce the likelihood and the impact of cybersecurity attacks. However, the large number of available cybersecurity standards and frameworks make the selection of the right security standards for a specific system challenging. The absence of a comprehensive comparison overlap across these standards further increases the difficulty of the selection process. In situations where new business needs dictate to comply or implement additional security standard, there may be a risk of duplicating existing security requirements and controls between the standards resulting in unnecessary added cost and workload. To optimize the performance and cost benefits of compliance efforts to standards, it is important to analyze cybersecurity standards and identify the overlapping security controls and requirements. In this work, we conduct a comparative study to identify possible overlaps and discrepancies between three security standards: ETSI EN 303 645 v2.1.1 for consumer devices connected to the internet, ISA/IEC 62443-3-3:2019 for industrial automation and control systems, and ISO/IEC 27001:2022 for information security management systems. The standards were carefully chosen for their broad adoption and acceptance by the international community. We intentionally selected standards with different areas of focus to illustrate the significant overlaps that can exist despite being designed for different environments. Our objective is to help organizations select the most suitable security controls for their specific needs and to simplify and clarify the compliance process. Our findings show a significant overlap among the three selected standards. This information can help organizations gain a comprehensive understanding of common security requirements and controls, enabling them to streamline their compliance efforts by eliminating duplicated work especially when meeting the requirements of multiple standards.
|
|
