Nicole’s thesis is entitled HI-risk: a socio-technical method to identify and monitor healthcare information security risks in the information society. The doctoral work was supervised by Professor Alistair Duff and Professor Bill Buchanan.
In her thesis Nicole argues that information security risk analysis should include include consideration of human and societal factors, and that collaboration amongst organisations and experts is essential to improve knowledge about potential risks. A key outcome of the work is a information security risk identification method entitled “HI-risk”.
HI-risk takes security incident data from several organisations and translates these into overviews of potential risks, which are continuously moderated by an expert panel. Although Nicole’s empirical work focused on security risks in healthcare environments, the method could be developed as a knowledge-based or expert system for use in a number of other contexts, for example: as a tool for managers to benchmark their organisations against others; to make security investment decisions; to learn from past incidents; and to provide input for policy makers.
There is further information about the thesis, and Nicole’s wider interests in information security, on her blog Information security and society. The full pdf of Nicole’s thesis is available from the web site of the Institute for Informatics and Digital Innovation. You can also follow Nicole’s updates on pervasive information security from her Twitter stream @nicoletwits.