Agile project management is most often examined in relation to software development, while information security frameworks are often examined with respect to certain risk management capabilities rather than in terms of successful implementation approaches. This dissertation extended the study of both Agile project management and information security frameworks by examining the efficacy of implementing a security framework using a nontraditional project management approach. Such an investigation is significant because of the high rate of failed IT projects, gaps in the current security framework implementation literature, and increased regulatory pressure on Health Insurance Portability and Accountability (HIPAA)-covered entities to become compliant with the HIPAA Security Rule. HIPAA-covered entities have struggled to achieve HIPAA compliance since the Act's enforcement date. Specifically, academic medical centers have struggled to achieve and authoritatively document their compliance with the HIPAA Security Rule. To aid HIPAA-covered entities in confirming and documenting their HIPAA Security Rule compliance, the HITRUST Alliance has published the Common Security Framework. Thomas Jefferson University selected the Common Security Framework to help them assess and document their HIPAA Security Rule compliance. However, there is a documented gap in the literature on successful methods for implementing information security-related projects, particularly HIPAA compliance. In this single-case case study, the author examined the implementation of an Information Security Framework based on Agile values. Specifically examined were the values of (a) individuals and interactions over processes and tools; (b) working software over comprehensive documentation; (c) customer collaboration over contract negotiation; and (d) responding to change over following a plan. The results of this investigation indicated that an information security framework implementation based on Agile values is a viable approach for successfully implementing the Common Security Framework at an academic medical center. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com/en-US/products/dissertations/individuals.shtml.]