Abstract
The security of information systems (IS) depends on many factors, however, numerous technical advances alone cannot always create a safe and secure environment. Security incidents related to patients’ data in healthcare organizations continue to increase due to human behaviors causes serious concerns. This study attempts the exploration of security culture in Health Information Systems (HIS). The scope of this paper is confined to the literature review on existing models on security culture. A conceptual model was constructed in identifying the antecedents that could influence security culture in HIS security effectiveness. We found that education and training, and communication may contribute towards a more effective implementation of security culture for HIS users. This in-progress work will then proceed to the next phase in evaluating the proposed model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Colwill, C.: Human Factors in Information Security: The Insider Threat–Who Can You Trust These Days? Information Security Technical Report 14(4), 186–196 (2009)
Ma, Q., Johnston, A.C., Pearson, J.M.: Information Security Management Objectives and Practices: A Parsimonious Framework. Information Management & Computer Security 16(3), 251–270 (2008)
HIMSS Analytics: The 2010 HIMSS Analytics Report: Security of Patient Data. Technical Report (2010)
Winter, A., Haux, R., Ammenwerth, E., Brigl, B., Hellrung, N., Jahn, F.: Quality of Health Information Systems. Health Information Systems, 201–236 (2011)
Torres, J., Sarriegi, J., Santos, J., Serrano, N.: Managing Information Systems Security: Critical Success Factors and Indicators to Measure Effectiveness. Information Security 4176, 530–545 (2006)
Straub, D.W.: Effective IS Security. Information Systems Research 1(3), 255–276 (1990)
Filho, E.L., Souza, J.H.P., Chaves, A.T., Hashimoto, G.T., Rosa, P.F.: The Impact of Corporate Culture in Security Policies – A Methodology. In: The Seventh International Conference on Networking and Services (ICNS 2011), Venice/Mestre, Italy, May 22-27, pp. 98–103 (2011)
OECD: OECD guidelines for the security of information systems and networks: towards a culture of security. Organisation for Economic Co-operation Development (2002)
Brady, J.W.: Securing Health Care: Assessing Factors That Affect HIPAA Security Compliance in Academic Medical Centers. In: 44th Hawaii International Conference on System Sciences, Kauai, HI, Kauai, HI, pp. 1–10. IEEE (2011)
Knapp, K.J., Marshall, T.E., Rainer Jr, R.K., Ford, F.N.: Information Security Effectiveness: Conceptualization and Validation of a Theory. International Journal of Information Security and Privacy (IJISP) 1(2), 37–60 (2007)
Benhocine, A., Laouamer, L., Hadji, H.: Toward an Efficient Security: A New Methodology for Information Security. Journal of Economics and Administration 1(1) (2011)
Ball, D.M., Levy, Y., Lauderdale, F.: Emerging Educational Technology: Assessing the Factors that Influence Instructors’ Acceptance in Information Systems and Other Classrooms. Journal of Information Systems Education 19(4), 431–444 (2008)
Figg, W.C., Kam, H.J.: Medical Information Security. International Journal of Security (IJS) 5(1), 22 (2011)
Schlienger, T., Teufel, S.: Analyzing Information Security Culture: Increased Trust by an Appropriate Information Security Culture. In: 14th International Workshop on Database and Expert Systems Applications 2003, pp. 405–409 (2003)
Schlienger, T., Teufel, S.: Information Security Culture - From Analysis to Change. South African Computer Journal 7(31), 46–52 (2003)
Da Veiga, A., Eloff, J.: A Framework and Assessment Instrument for Information Security Culture. Computers & Security 29(2), 196–207 (2010)
Appari, A., Johnson, M.E.: Information Security and Privacy in Healthcare: Current State of Research. International Journal of Internet and Enterprise Management 6(4), 279–314 (2010)
Ennis, M.R.: Competency Models: A Review of The Literature and The Role of The Employment and Training Administration (ETA). US Department of Labor, 1–24 (2008)
Sardinha, F., Costa, C.J.: Training and Interface Features in Technology Acceptance. In: Proceedings of the 2011 Workshop on Open Source and Design of Communication 2011, pp. 55–60. ACM (2011)
Puhakainen, P., Siponen, M.: Improving Employees’ Compliance through Information Systems Security Training: An Action Research Study. MIS Quarterly 34(4), 757–778 (2010)
Moos, D.C., Azevedo, R.: Learning with Computer-Based Learning Environments: A Literature Review of Computer Self-Efficacy. Review of Educational Research 79(2), 576–600 (2009)
Van Niekerk, J., Von Solms, R.: A Web-Based Portal for Information Security Education. In: Information Security South Africa (ISSA), Johannesburg, South Africa, July 10-12, 2002, pp. 1–10. ISSA (2007)
Van Niekerk, J., Von Solms, R.: An Holistic Framework for the Fostering of an Information Security Sub-Culture in Organizations. Information Security South Africa (ISSA), Johannesburg (2005)
Whitman, M.E., Mattord, H.J.: Principles of Information Security. Course Technology Ptr., Boston (2011)
Lineberry, S.: The Human Element: The Weakest Link in Information Security. Journal of Accountancy 204(5), 44 (2007)
Sennewald, C.A.: Effective Security Management. Butterworth-Heinemann (2011)
Gebrasilase, T., Lessa, L.F.: Information Security Culture in Public Hospitals: The Case of Hawassa Referral Hospital. The African Journal of Information Systems 3(3), 72–86 (2011)
Karjalainen, M.: Imroving Employees’ Information Systems (IS) Security Behavior. University of Oulu (2011)
Vroom, C., Von Solms, R.: Towards Information Security Behavioural Compliance. Computers & Security 23(3), 191–198 (2004)
D’Arcy, J., Greene, G.: The Multifaceted Nature of Security Culture and Its Influence on End User Behavior. In: International Workshop on Information Systems Security Research 2009, pp. 145–157 (2009)
Pattinson, M.R., Anderson, G.: How Well Are Information Risks Being Communicated to Your Computer End-Users? Information Management & Computer Security 15(5), 362–371 (2007)
Mussa, C.C.: A Prudent Access Control Behavioral Intention Model for the Healthcare Domain. Nova Southeastern University (2012)
Knapp, K.J., Marshall, T.E., Rainer, R., Ford, F.N.: Managerial Dimensions in Information Security: A Theoretical Model of Organizational Effectiveness. International Information Systems Security Certification Consortium (ISC) 2 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shahri, A.B., Ismail, Z., Rahim, N.Z.A. (2013). Constructing Conceptual Model for Security Culture in Health Information Systems Security Effectiveness. In: Rocha, Á., Correia, A., Wilson, T., Stroetmann, K. (eds) Advances in Information Systems and Technologies. Advances in Intelligent Systems and Computing, vol 206. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36981-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-36981-0_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36980-3
Online ISBN: 978-3-642-36981-0
eBook Packages: EngineeringEngineering (R0)