Location
Hilton Hawaiian Village, Honolulu, Hawaii
Event Website
https://hicss.hawaii.edu/
Start Date
3-1-2024 12:00 AM
End Date
6-1-2024 12:00 AM
Description
In an effort to address escalating cybersecurity risks, healthcare organizations are increasingly turning to shared service operations centers to help coordinate day-to-day cybersecurity activities, such as training, incident response, and policy management. This research examines an early-stage program to establish a series of cybersecurity operations centers within a large, regional, publicly funded healthcare system. Over 13 months, the authors acted as expert advisors on the project and simultaneously undertook an ethnographic study, including a review of project documents, observation of stakeholder meetings, and an examination of 29 interview transcripts. The results of our analysis highlight the challenges facing healthcare leaders seeking to implement operational cybersecurity initiatives. In particular, we highlight tensions that emerged related to the oversight structure, guiding framework, performance management, and initiative validation. Our analysis points to a series of responses that healthcare leaders can undertake to avoid common pitfalls and achieve positive outcomes from such projects.
Recommended Citation
Cram, W. Alec and Mckillop, Ian, "Evaluating a Cybersecurity Operations Center Implementation Program in a Regional Healthcare System: Challenges and Lessons Learned" (2024). Hawaii International Conference on System Sciences 2024 (HICSS-57). 4.
https://aisel.aisnet.org/hicss-57/hc/security_and_privacy/4
Evaluating a Cybersecurity Operations Center Implementation Program in a Regional Healthcare System: Challenges and Lessons Learned
Hilton Hawaiian Village, Honolulu, Hawaii
In an effort to address escalating cybersecurity risks, healthcare organizations are increasingly turning to shared service operations centers to help coordinate day-to-day cybersecurity activities, such as training, incident response, and policy management. This research examines an early-stage program to establish a series of cybersecurity operations centers within a large, regional, publicly funded healthcare system. Over 13 months, the authors acted as expert advisors on the project and simultaneously undertook an ethnographic study, including a review of project documents, observation of stakeholder meetings, and an examination of 29 interview transcripts. The results of our analysis highlight the challenges facing healthcare leaders seeking to implement operational cybersecurity initiatives. In particular, we highlight tensions that emerged related to the oversight structure, guiding framework, performance management, and initiative validation. Our analysis points to a series of responses that healthcare leaders can undertake to avoid common pitfalls and achieve positive outcomes from such projects.
https://aisel.aisnet.org/hicss-57/hc/security_and_privacy/4