Developing security metrics scorecard for health care organizations




Elrefaey, Heba

Journal Title

Journal ISSN

Volume Title



Information security and privacy in health care is a critical issue, it is crucial to protect the patients’ privacy and ensure the systems availability all the time. Managing information security systems is a major part of managing information systems in health care organizations. The purpose of this study is to discover the security metrics that can be used in health care organizations and to provide the security managers with a security metrics scorecard that enable them to measure the performance of the security system in a monthly basis. To accomplish this a prototype with a suggested set of metrics was designed and examined in a usability study and semi-structured interviews. The study participants were security experts who work in health care organizations. In the study security management in health care organizations was discussed, the preferable security metrics were identified and the usable security metrics scorecard specifications were collected. Applying the study results on the scorecard prototype resulted in a security metrics scorecard that matches the security experts’ recommendations.



Information security management in health care, health care information security, security metrics scorecard usability study