{"id":"https://openalex.org/W2046187078","doi":"https://doi.org/10.1108/09685220810862751","title":"A practical application of CMM to medical security capability","display_name":"A practical application of CMM to medical security capability","publication_year":2008,"publication_date":"2008-03-21","ids":{"openalex":"https://openalex.org/W2046187078","doi":"https://doi.org/10.1108/09685220810862751","mag":"2046187078"},"language":"en","primary_location":{"id":"doi:10.1108/09685220810862751","is_oa":false,"landing_page_url":"https://doi.org/10.1108/09685220810862751","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007882077","display_name":"Patricia Williams","orcid":"https://orcid.org/0000-0003-3479-3523"},"institutions":[{"id":"https://openalex.org/I12079687","display_name":"Edith Cowan University","ror":"https://ror.org/05jhnwe22","country_code":"AU","type":"education","lineage":["https://openalex.org/I12079687"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Patricia Williams","raw_affiliation_strings":["School of Computer and Information Science, Edith Cowan University, Joondalup, Australia","(School of Computer and Information Science, Edith Cowan University, Joondalup, Australia)"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Computer and Information Science, Edith Cowan University, Joondalup, Australia","institution_ids":["https://openalex.org/I12079687"]},{"raw_affiliation_string":"(School of Computer and Information Science, Edith Cowan University, Joondalup, Australia)","institution_ids":["https://openalex.org/I12079687"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5007882077"],"corresponding_institution_ids":["https://openalex.org/I12079687"],"apc_list":null,"apc_paid":null,"fwci":6.9612,"has_fulltext":false,"cited_by_count":38,"citation_normalized_percentile":{"value":0.96530413,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"16","issue":"1","first_page":"58","last_page":"73"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.989300012588501,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.989300012588501,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11719","display_name":"Data Quality and Management","score":0.9757000207901001,"subfield":{"id":"https://openalex.org/subfields/1803","display_name":"Management Science and Operations Research"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T14306","display_name":"Technology Assessment and Management","score":0.9409000277519226,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backup","display_name":"Backup","score":0.6923627257347107},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6649449467658997},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.571884036064148},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.561312735080719},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.4742029011249542},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.4459984004497528},{"id":"https://openalex.org/keywords/engineering-management","display_name":"Engineering management","score":0.4285627007484436},{"id":"https://openalex.org/keywords/capability-maturity-model","display_name":"Capability Maturity Model","score":0.42813605070114136},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.4178237318992615},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.4113357663154602},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.34329402446746826},{"id":"https://openalex.org/keywords/systems-engineering","display_name":"Systems engineering","score":0.32682156562805176},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2545582056045532},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2077036201953888},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.1891382932662964},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.11840265989303589}],"concepts":[{"id":"https://openalex.org/C2780945871","wikidata":"https://www.wikidata.org/wiki/Q194274","display_name":"Backup","level":2,"score":0.6923627257347107},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6649449467658997},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.571884036064148},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.561312735080719},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.4742029011249542},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.4459984004497528},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.4285627007484436},{"id":"https://openalex.org/C85890633","wikidata":"https://www.wikidata.org/wiki/Q929673","display_name":"Capability Maturity Model","level":3,"score":0.42813605070114136},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.4178237318992615},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4113357663154602},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.34329402446746826},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.32682156562805176},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2545582056045532},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2077036201953888},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.1891382932662964},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.11840265989303589},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1108/09685220810862751","is_oa":false,"landing_page_url":"https://doi.org/10.1108/09685220810862751","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management &amp; Computer Security","raw_type":"journal-article"},{"id":"pmh:oai:ro.ecu.edu.au:ecuworks-2178","is_oa":false,"landing_page_url":"https://ro.ecu.edu.au/ecuworks/1179","pdf_url":null,"source":{"id":"https://openalex.org/S2765015692","display_name":"Australasian Journal of Paramedicine","issn_l":"2202-7270","issn":["2202-7270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ECU Publications Pre. 2011","raw_type":"journalarticle"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W17087517","https://openalex.org/W36879828","https://openalex.org/W599836493","https://openalex.org/W1574179703","https://openalex.org/W1966021446","https://openalex.org/W1988370024","https://openalex.org/W2000365161","https://openalex.org/W2007447113","https://openalex.org/W2025197328","https://openalex.org/W2037155618","https://openalex.org/W2050618934","https://openalex.org/W2052827706","https://openalex.org/W2054766523","https://openalex.org/W2057553235","https://openalex.org/W2072576780","https://openalex.org/W2104134129","https://openalex.org/W2105627575","https://openalex.org/W2135139710","https://openalex.org/W2163251797","https://openalex.org/W2183146151","https://openalex.org/W2476467821","https://openalex.org/W4234676465"],"related_works":["https://openalex.org/W2049188895","https://openalex.org/W2126017555","https://openalex.org/W40842196","https://openalex.org/W1567258312","https://openalex.org/W3005750480","https://openalex.org/W2000891179","https://openalex.org/W2010781006","https://openalex.org/W2584162156","https://openalex.org/W2188290711","https://openalex.org/W2388107496"],"abstract_inverted_index":{"Purpose":[0],"The":[1,191,217],"manner":[2],"in":[3,10,36,138,195,207,230],"which":[4],"information":[5,37,58],"is":[6,90,145,155,170,189],"used":[7],"and":[8,24,106,174,199,214,240,250],"communicated":[9],"the":[11,18,47,54,69,72,81,91,102,150],"medical":[12,57,82,139,232],"environment":[13,168],"has":[14,30],"been":[15],"revolutionized":[16],"by":[17,68],"introduction":[19],"of":[20,26,56,87,97,104,122,149,152,162,252],"electronic":[21],"storage,":[22],"manipulation":[23],"communication":[25],"information.":[27],"This":[28,39,62,243],"change":[29],"brought":[31],"with":[32],"it":[33],"many":[34],"challenges":[35],"security.":[38],"research":[40],"seeks":[41],"to":[42,52,93,100,107,119,159,177,183],"propose":[43],"a":[44,98,231],"practical":[45,223],"application,":[46],"capability":[48,96,127,132,137,187],"maturity":[49],"model":[50,78,89],"(CMM),":[51],"meet":[53,101],"needs":[55,103],"security":[59,105,136,224],"practice.":[60],"Design/methodology/approach":[61],"paper":[63,244],"builds":[64],"on":[65,142,172],"previous":[66],"work":[67],"author":[70],"using":[71,157],"Tactical":[73],"Information":[74],"Governance":[75],"for":[76,80,126,134],"Security":[77],"developed":[79,220],"setting.":[83],"An":[84,130,147],"essential":[85],"element":[86],"this":[88,153,246],"ability":[92],"assess":[94],"current":[95],"practice":[99,185,225,239],"identify":[108],"how":[109,222],"improvements":[110],"can":[111,210,227],"be":[112,211,228],"made.":[113],"Existing":[114],"CMM":[115,143],"models":[116],"are":[117],"reviewed":[118],"inform":[120],"construction":[121],"an":[123,167,180],"operational":[124,131,181,218],"framework":[125,133,154,182,192,219],"assessment.":[128],"Findings":[129],"assessing":[135],"practice,":[140],"based":[141],"principles,":[144],"presented.":[146],"example":[148],"use":[151],"modelled":[156],"backup":[158],"provide":[160],"proof":[161],"concept.":[163],"Practical":[164],"implications":[165],"In":[166],"that":[169,209],"reliant":[171],"doctors":[173],"non\u2010technical":[175,197],"staff":[176],"implement":[178],"security,":[179],"improve":[184],"though":[186],"evaluation":[188],"needed.":[190],"presents":[193],"activities":[194,202],"simple,":[196],"terms":[198],"separates":[200],"these":[201],"into":[203],"discrete":[204],"sections":[205],"resulting":[206],"improvement":[208,226],"easily":[212],"managed":[213],"implemented.":[215],"Originality/value":[216],"demonstrates":[221],"achieved":[229],"environment,":[233],"whilst":[234],"meeting":[235],"strategic":[236],"objectives,":[237],"best":[238],"external":[241],"validation.":[242],"develops":[245],"process":[247],"through":[248],"exploration":[249],"application":[251],"existing":[253],"CMMs.":[254]},"counts_by_year":[{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":2},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":6},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":2},{"year":2012,"cited_by_count":3}],"updated_date":"2026-07-02T09:51:11.867554","created_date":"2025-10-10T00:00:00"}
