91 Copyright © 2012, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. Chapter 5 DOI: 10.4018/978-1-4666-0978-5.ch005 INTRODUCTION A strong trend in information security management in organisations under the last decade has been standardization, certifications and development of best practices (B. von Solms, 2000). Consequently, information security management standards are seen as a basis for successful security management in organisations and have become widely used for security management (Siponen, 2006). The most known and widespread standard today is the ISO/IEC 17799 – Information Security Code of Practice (Freeman, 2007; ISO/IEC 17799, 2005). Although there are obvious advantages of using international standard for security management, various researchers point out that applying such standards without enough consideration to the specifics of the organisation may be detrimental Ella Kolkowska Örebro University School of Business, Sweden Karin Hedström Örebro University School of Business, Sweden Fredrik Karlsson Örebro University School of Business, Sweden Analyzing Information Security Goals ABSTRACT One of the problems highlighted within the area of information security is that international standards are implemented in organisations without adopting them to special organisational settings. In this chapter the authors analyse information security goals found in hospital settings. They found that the CIA-triad fails to cover organisational specifc information security goals in hospital settings. They found also that information security goals held by information security managers and business managers are not the same, implying that both these groups should be involved in designing of information security goals, in order to fnd information security goals relevant for the organisation. Finally, the authors found goal maps used in this study for analysis of empirical data, to be a useful tool for analysis and communica- tion of information security goals in an organisation.