Designing Information Systems Security: Interpretations from British
National Health Services Hospital

Gurpreet Dhillon 
Pages: 20-28
http://www.albany.edu/iasymposium/2007/8-dhillon.pdf

in 

3RD ANNUAL SYMPOSIUM ON INFORMATION ASSURANCE 
11th Annual New York State Cyber Security Conference
June 4 - 5, 2008 
Empire State Plaza (Albany, NY)
http://www.albany.edu/iasymposium/proceedings.html

Abstract: When designing information systems, an issue of major
concern is that control issues are generally considered when user
requirements have been abstracted into a logical model. Since such
control measures are usually acontextual, they generally lack
catalyzing effects that were originally claimed for them. The intent
of this paper is to review the logical form of the security measures
and the manner in which these have been implemented in a British
Hospital. It interprets the ad hoc nature of the security controls and
argues that a fuller analysis of organizational contexts is necessary
in order to develop secure environments.