This research defines a structured methodology for security risk self-assessments, aimed at small, community-based organizations with limited resources. Our community partnering organization on the project has been Healthcare Alternative Systems (HAS).
This research project essentially has four components:
A self-assessment questionnaire,
A scoring method based on answers to the questionnaire,
Recommendations to improve security based on an organization’s score, and
Dissemination to community-based organizations.
The first two quarters of this academic year were spent on developing the questionnaire in partnership with HAS. As part of the work with HAS, there were multiple rounds of question development, feedback on the language and reasonableness of each question, and revisions. With each round of feedback, the questionnaire was ‘tweaked.’ Early revisions were based on making the language clearer and shortening the questions. There are now 70 questions across 8 domains (topic areas). During the winter quarter, we also accomplished the second component of this research project: developing a scoring method based on an organization’s results. In the spring, I submitted a paper to the ARNOVA (Association for Research on Nonprofit Organizations and Voluntary Action) conference, purported to be among the top academic conferences on nonprofit organizations. On June 17, 2015, a colleague and I submitted a conference paper to HICSS (Hawaii International Conference on System Sciences).