Skip to main content
SpringerLink
Log in

Evaluating Information Security Effectiveness with Health Professionals

  • Conference paper
Biomedical Engineering Systems and Technologies (BIOSTEC 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 273))

Abstract

This paper outlines an alternative view on the information security discipline. We argue that information security is, in general, viewed from a technological and means-end oriented perspective. Our approach can be seen as an initial attempt to approach information security in a broader, more holistic, sense. For this purpose, we approach information security from a health professional’s perspective. An instrument, The Information Security Employee’s Evaluation (ISEE), is presented to evaluate and discuss information security with health professionals. The ISEE instrument consists of seven dimensions: priority, responsibility, incident handling, functionality, communication, supervision and training and education. The ISEE instrument can be used to better understand health professional’s perception, needs and problems when dealing with information security in practice. Following the design science approach, the ISEE instrument was validated within a focus group of security experts and pilot tested as workshops across five hospital departments in two medical centers. Although the ISEE instrument has by no means the comprehensiveness of existing security standards, we do argue that the instrument can provide valuable insights for both practitioners and research communities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ashenden, D.: Information security management: A human challenge? Information Security Technical Report 13(4), 195–201 (2008)

    Article  Google Scholar 

  2. Barber, B.: Patient data and security: an overview. International Journal of Medical Informatics 49(1), 19–30 (1998)

    Article  Google Scholar 

  3. Dhillon, G., Backhouse, J.: Current directions in IS security research: towards socio-organizational perspectives. Information Systems Journal 11(2), 127–154 (2001)

    Article  Google Scholar 

  4. Fernando, J.I., Dawson, L.L.: The health information system security threat lifecycle: An informatics theory. International Journal of Medical Informatics 78(12), 815–826 (2009)

    Article  Google Scholar 

  5. Ferreira, A., Antunes, L., Chadwick, D., Correia, R.: Grounding information security in healthcare. International Journal of Medical Informatics 79(4), 268–283 (2010)

    Article  Google Scholar 

  6. Gollman, D.: Computer Security, 1st edn. John Wiley & Sons (1999)

    Google Scholar 

  7. Gaunt, N.: Practical approaches to creating a security culture. International Journal of Medical Informatics 60(2), 151–157 (2000)

    Article  Google Scholar 

  8. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Quarterly 28(1), 75–105 (2004)

    Google Scholar 

  9. International Organization for Standardization. Information technology – security techniques – code of practice for information security management. Technical Report ISO/IEC 27002:2005 (2005)

    Google Scholar 

  10. Kraemer, S., Carayon, P.: Computer and information security culture: Findings from two studies. In: Human factors and the Ergonomics Environment, pp. 1483–1487. Human Factors and the Ergonomics Society, Orlando (2005)

    Google Scholar 

  11. Nosworthy, J.D.: Implementing information security in the 21st century do you have the balancing factors? Computers & Security 19(4), 337–347 (2000)

    Article  Google Scholar 

  12. OECD: Guidelines for the security of information systems and networks: Towards a culture of security. Technical report, Organization for Economic Cooperation and Development, Paris (2002)

    Google Scholar 

  13. Parker, D., Hudson, P.T.: HSE: Understanding your culture. Shell International Exploration and Production EP 2001 - 5124 (2001)

    Google Scholar 

  14. Pope, C., Mays, N., Kitzinger, J. (eds.): Qualitative research in health care, chapter Focus Groups, 3rd edn., pp. 21–31. Blackwell Publishing, Oxford (2006)

    Google Scholar 

  15. Reason, J.: The identification of latent organizational failures in complex systems. In: Wise, J.A., Hopkin, V.D., Stager, P. (eds.) Verification and Identification of Complex Systems: Human Factor Issues, pp. 223–237. Springer, New York (1993)

    Google Scholar 

  16. Siponen, M.T.: An analysis of the traditional IS security approaches: implications for research and practice. European Journal of Information Systems 14(3), 305–315 (2005)

    Article  Google Scholar 

  17. Siponen, M.T.: Information security standards focus on the existence of process, not its content. Communications of the ACM 49(8), 97–100 (2006)

    Article  Google Scholar 

  18. Stamp, M.: Information security: principles and practice, 2nd edn. John Wiley & Sons, Hoboken (2006)

    Google Scholar 

  19. University of Manchester and National Patient Safety Agency: Manchester Patient Safety Framework MaPSaF, http://www.nrls.npsa.nhs.uk

  20. Westrum, R.: Cultures with requisite imagination. In: Wise, J.A., Hopkin, V.D., Stager, P. (eds.) Verification and Validation in Complex Man-machine Systems, pp. 401–416. Springer, New York (1993)

    Google Scholar 

  21. Williams, P.A.H.: When trust defies common security sense. Health Informatics Journal 14(3), 211–221 (2008)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University Medical Center Utrecht, Heidelberglaan 100, Utrecht, The Netherlands

    Robin Krens & Nathalie Urbanus

  2. Department of Information and Computing Science, Utrecht University, Padualaan 8, Utrecht, The Netherlands

    Marco Spruit

Authors
  1. Robin Krens
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marco Spruit
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nathalie Urbanus
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IST - Technical University of Lisbon, Av.Rovisco Pais, 1, 1049-001, Lisbon, Portugal

    Ana Fred

  2. Departament of Systems and Informatics, Polytechnic Institute of Setúbal – INSTICC, Rua do Vale de Chaves - Estefanilha, 2910-761, Setúbal, Portugal

    Joaquim Filipe

  3. Institute of Telecommunications, Av. Rovisco Pais, 1, 1049-001, Lisboa, Portugal

    Hugo Gamboa

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Krens, R., Spruit, M., Urbanus, N. (2013). Evaluating Information Security Effectiveness with Health Professionals. In: Fred, A., Filipe, J., Gamboa, H. (eds) Biomedical Engineering Systems and Technologies. BIOSTEC 2011. Communications in Computer and Information Science, vol 273. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29752-6_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29752-6_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29751-9

  • Online ISBN: 978-3-642-29752-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation