Search results

The purpose of this paper is to develop a method for information classification. The proposed method draws on established standards, such as the ISO/IEC 27002 and information classification practices. The long-term goal of the method is to decrease the subjective judgement in the implementation of information classification in organisations, which can lead to information security breaches because the information is under- or over-classified.

The results are based on a design science research approach, implemented as five iterations spanning the years 2013 to 2019.

The paper presents a method for information classification and the design principles underpinning the method. The empirical demonstration shows that senior and novice information security managers perceive the method as a useful tool for classifying information assets in an organisation.

Existing research has, to a limited extent, provided extensive advice on how to approach information classification in organisations systematically. The method presented in this paper can act as a starting point for further research in this area, aiming at decreasing subjectivity in the information classification process. Additional research is needed to fully validate the proposed method for information classification and its potential to reduce the subjective judgement.

The research contributes to practice by offering a method for information classification. It provides a hands-on-tool for how to implement an information classification process. Besides, this research proves that it is possible to devise a method to support information classification. This is important, because, even if an organisation chooses not to adopt the proposed method, the very fact that this method has proved useful should encourage any similar endeavour.

The proposed method offers a detailed and well-elaborated tool for information classification. The method is generic and adaptable, depending on organisational needs.

The purpose of this paper is to analyze two case studies with a trust matrix tool, to identify trust issues related to electronic health records.

A qualitative research approach is applied using two case studies. The data analysis of these studies generated a problem list, which was mapped to a trust matrix.

Results demonstrate flaws in current practices and point to achieving balance between organizational, person and technology trust perspectives. The analysis revealed three challenge areas, to: achieve higher trust in patient-focussed healthcare; improve communication between patients and healthcare professionals; and establish clear terminology. By taking trust into account, a more holistic perspective on healthcare can be achieved, where trust can be obtained and optimized.

A trust matrix is tested and shown to identify trust problems on different levels and relating to trusting beliefs. Future research should elaborate and more fully address issues within three identified challenge areas.

The trust matrix’s usefulness as a tool for organizations to analyze trust problems and issues is demonstrated.

Healthcare trust issues are captured to a greater extent and from previously unchartered perspectives.

Regardless of who or where we are and when we get sick, we expect healthcare to make us well and to handle us and our information with care and respect. Today, most healthcare institutions work separately, making the flow of patient information sub‐optimal and the use of common standards practically unheard of. The purpose of this paper is to emphasise the use for standards to improve information security in process‐oriented distributed healthcare.

The paper introduces a real‐life case which is analysed to highlight how and where standards can and should be used in order to improve information security in process‐oriented distributed healthcare.

In total, 11 flaws or problems in information security and process‐orientation are identified. From these, six changes are suggested which address how information is handled, and how organizational routines should be standardized.

The case setting is Swedish healthcare, but problems can be shared across international borders. The purpose is to highlight the issues at hand.

If suggested changes are implemented, healthcare processes will be more streamlined and focused on patients. Routines will be standardized and uncertainties thus removed in terms of how to act in certain situations.

Healthcare and academia has yet to address both document and process issues concerning standardization in distributed healthcare. There are also few actual cases from a patient perspective. This paper provides lessons learned from a real‐life case, where results may impact how standardization is addressed in healthcare organizations.