THaW’s A.J. Burns and Eric Johnson recently published a piece in IT Professional:
In a recent study examining data from 243 hospitals, THaW researcher Eric Johnson found that while compliance with state and federal IT security mandates like HIPAA helps the worst hospitals protect patient information better, organizations that maintain and regularly update a security plan get far more from their security investments. Eric defines these organizations as “operationally mature.” These strategic plans — along with periodic reviews — enable organizations to learn of potential new risks and evaluate their own security posture. As a consequence, organizations’ security resources are better targeted to address their specific needs and the environments in which they operate. Eric’s results show that the impact of security investments varies depending on the operational maturity of the organization.