Skip to main content
SpringerLink
Log in

Constructing Conceptual Model for Security Culture in Health Information Systems Security Effectiveness

  • Conference paper
Advances in Information Systems and Technologies

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 206))

  • 2225 Accesses

Abstract

The security of information systems (IS) depends on many factors, however, numerous technical advances alone cannot always create a safe and secure environment. Security incidents related to patients’ data in healthcare organizations continue to increase due to human behaviors causes serious concerns. This study attempts the exploration of security culture in Health Information Systems (HIS). The scope of this paper is confined to the literature review on existing models on security culture. A conceptual model was constructed in identifying the antecedents that could influence security culture in HIS security effectiveness. We found that education and training, and communication may contribute towards a more effective implementation of security culture for HIS users. This in-progress work will then proceed to the next phase in evaluating the proposed model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Colwill, C.: Human Factors in Information Security: The Insider Threat–Who Can You Trust These Days? Information Security Technical Report 14(4), 186–196 (2009)

    Article  Google Scholar 

  2. Ma, Q., Johnston, A.C., Pearson, J.M.: Information Security Management Objectives and Practices: A Parsimonious Framework. Information Management & Computer Security 16(3), 251–270 (2008)

    Article  Google Scholar 

  3. HIMSS Analytics: The 2010 HIMSS Analytics Report: Security of Patient Data. Technical Report (2010)

    Google Scholar 

  4. Winter, A., Haux, R., Ammenwerth, E., Brigl, B., Hellrung, N., Jahn, F.: Quality of Health Information Systems. Health Information Systems, 201–236 (2011)

    Google Scholar 

  5. Torres, J., Sarriegi, J., Santos, J., Serrano, N.: Managing Information Systems Security: Critical Success Factors and Indicators to Measure Effectiveness. Information Security 4176, 530–545 (2006)

    Article  Google Scholar 

  6. Straub, D.W.: Effective IS Security. Information Systems Research 1(3), 255–276 (1990)

    Article  Google Scholar 

  7. Filho, E.L., Souza, J.H.P., Chaves, A.T., Hashimoto, G.T., Rosa, P.F.: The Impact of Corporate Culture in Security Policies – A Methodology. In: The Seventh International Conference on Networking and Services (ICNS 2011), Venice/Mestre, Italy, May 22-27, pp. 98–103 (2011)

    Google Scholar 

  8. OECD: OECD guidelines for the security of information systems and networks: towards a culture of security. Organisation for Economic Co-operation Development (2002)

    Google Scholar 

  9. Brady, J.W.: Securing Health Care: Assessing Factors That Affect HIPAA Security Compliance in Academic Medical Centers. In: 44th Hawaii International Conference on System Sciences, Kauai, HI, Kauai, HI, pp. 1–10. IEEE (2011)

    Google Scholar 

  10. Knapp, K.J., Marshall, T.E., Rainer Jr, R.K., Ford, F.N.: Information Security Effectiveness: Conceptualization and Validation of a Theory. International Journal of Information Security and Privacy (IJISP) 1(2), 37–60 (2007)

    Article  Google Scholar 

  11. Benhocine, A., Laouamer, L., Hadji, H.: Toward an Efficient Security: A New Methodology for Information Security. Journal of Economics and Administration 1(1) (2011)

    Google Scholar 

  12. Ball, D.M., Levy, Y., Lauderdale, F.: Emerging Educational Technology: Assessing the Factors that Influence Instructors’ Acceptance in Information Systems and Other Classrooms. Journal of Information Systems Education 19(4), 431–444 (2008)

    Google Scholar 

  13. Figg, W.C., Kam, H.J.: Medical Information Security. International Journal of Security (IJS) 5(1), 22 (2011)

    Google Scholar 

  14. Schlienger, T., Teufel, S.: Analyzing Information Security Culture: Increased Trust by an Appropriate Information Security Culture. In: 14th International Workshop on Database and Expert Systems Applications 2003, pp. 405–409 (2003)

    Google Scholar 

  15. Schlienger, T., Teufel, S.: Information Security Culture - From Analysis to Change. South African Computer Journal 7(31), 46–52 (2003)

    Google Scholar 

  16. Da Veiga, A., Eloff, J.: A Framework and Assessment Instrument for Information Security Culture. Computers & Security 29(2), 196–207 (2010)

    Article  Google Scholar 

  17. Appari, A., Johnson, M.E.: Information Security and Privacy in Healthcare: Current State of Research. International Journal of Internet and Enterprise Management 6(4), 279–314 (2010)

    Article  Google Scholar 

  18. Ennis, M.R.: Competency Models: A Review of The Literature and The Role of The Employment and Training Administration (ETA). US Department of Labor, 1–24 (2008)

    Google Scholar 

  19. Sardinha, F., Costa, C.J.: Training and Interface Features in Technology Acceptance. In: Proceedings of the 2011 Workshop on Open Source and Design of Communication 2011, pp. 55–60. ACM (2011)

    Google Scholar 

  20. Puhakainen, P., Siponen, M.: Improving Employees’ Compliance through Information Systems Security Training: An Action Research Study. MIS Quarterly 34(4), 757–778 (2010)

    Google Scholar 

  21. Moos, D.C., Azevedo, R.: Learning with Computer-Based Learning Environments: A Literature Review of Computer Self-Efficacy. Review of Educational Research 79(2), 576–600 (2009)

    Article  Google Scholar 

  22. Van Niekerk, J., Von Solms, R.: A Web-Based Portal for Information Security Education. In: Information Security South Africa (ISSA), Johannesburg, South Africa, July 10-12, 2002, pp. 1–10. ISSA (2007)

    Google Scholar 

  23. Van Niekerk, J., Von Solms, R.: An Holistic Framework for the Fostering of an Information Security Sub-Culture in Organizations. Information Security South Africa (ISSA), Johannesburg (2005)

    Google Scholar 

  24. Whitman, M.E., Mattord, H.J.: Principles of Information Security. Course Technology Ptr., Boston (2011)

    Google Scholar 

  25. Lineberry, S.: The Human Element: The Weakest Link in Information Security. Journal of Accountancy 204(5), 44 (2007)

    Google Scholar 

  26. Sennewald, C.A.: Effective Security Management. Butterworth-Heinemann (2011)

    Google Scholar 

  27. Gebrasilase, T., Lessa, L.F.: Information Security Culture in Public Hospitals: The Case of Hawassa Referral Hospital. The African Journal of Information Systems 3(3), 72–86 (2011)

    Google Scholar 

  28. Karjalainen, M.: Imroving Employees’ Information Systems (IS) Security Behavior. University of Oulu (2011)

    Google Scholar 

  29. Vroom, C., Von Solms, R.: Towards Information Security Behavioural Compliance. Computers & Security 23(3), 191–198 (2004)

    Article  Google Scholar 

  30. D’Arcy, J., Greene, G.: The Multifaceted Nature of Security Culture and Its Influence on End User Behavior. In: International Workshop on Information Systems Security Research 2009, pp. 145–157 (2009)

    Google Scholar 

  31. Pattinson, M.R., Anderson, G.: How Well Are Information Risks Being Communicated to Your Computer End-Users? Information Management & Computer Security 15(5), 362–371 (2007)

    Article  Google Scholar 

  32. Mussa, C.C.: A Prudent Access Control Behavioral Intention Model for the Healthcare Domain. Nova Southeastern University (2012)

    Google Scholar 

  33. Knapp, K.J., Marshall, T.E., Rainer, R., Ford, F.N.: Managerial Dimensions in Information Security: A Theoretical Model of Organizational Effectiveness. International Information Systems Security Certification Consortium (ISC) 2 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science and Information Systems, Universiti Teknologi Malaysia, 81310, Johor Bahru, Malaysia

    Ahmad Bakhtiyari Shahri

  2. Advanced Informatics School (AIS), Universiti Teknologi Malaysia, 54100, Kuala Lumpur, Malaysia

    Zuraini Ismail & Nor Zairah Ab. Rahim

Authors
  1. Ahmad Bakhtiyari Shahri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zuraini Ismail
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nor Zairah Ab. Rahim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ahmad Bakhtiyari Shahri .

Editor information

Editors and Affiliations

  1. , Faculty of Science and Technology, University Fernando Pessoa, Praça 9 de Abril 349, Porto, 4249-004, Portugal

    Álvaro Rocha

  2. , Instituto Superior de Estatística e, Universidade Nova de Lisboa, Campus de Campolide, Lisboa, 1070-312, Portugal

    Ana Maria Correia

  3. Broomfield Road 9, Sheffield, S10 2SE, United Kingdom

    Tom Wilson

  4. Empirica GmbH, Oxfordstr. 2, Bonn, 53111, Germany

    Karl A. Stroetmann

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shahri, A.B., Ismail, Z., Rahim, N.Z.A. (2013). Constructing Conceptual Model for Security Culture in Health Information Systems Security Effectiveness. In: Rocha, Á., Correia, A., Wilson, T., Stroetmann, K. (eds) Advances in Information Systems and Technologies. Advances in Intelligent Systems and Computing, vol 206. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36981-0_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-36981-0_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-36980-3

  • Online ISBN: 978-3-642-36981-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation