Evaluating Information Security Effectiveness with Health Professionals

Many organizations have initiated efforts to manage the security of their information by implementing an Information Security Management System (ISMS). ISMS is a set of guiding principles for managing organization’s confidential information and minimizing risk for business continuity. However, information security remains a major challenge and the effectiveness of ISMS is often argued due to the exposure of organizations to information security threats, incidents, risks, and vulnerabilities. One of the reasons is the unsuccessful ISMS current practices amongst all employees and lack of ISMS awareness in organizations. Several critical success factors are identified from previous studies that lead to the ISMS success. Among the success factors are human, organizational and technical factors. This study explores the factors that contribute to the success of ISMS and identify the organizational factors that relate to the information security effectiveness. The conceptual model is developed and will be tested within the Malaysian Public Sectors (MPS) organizations to provide a preliminary insight, understanding, and clarification of the organizational factors, together with the significant effects on ISMS effectiveness. This study used a quantitative approach and data collected from personnel’s that were directly involved with the ISMS implementation through a questionnaire survey.

Download Full-text

Big Data Analytics Adoption Factors in Improving Information Systems Security

10.4018/978-1-6684-3662-2.ch059 ◽

2022 ◽

pp. 1231-1248

Author(s):

Marouane Balmakhtar ◽

Scott E. Mensch

Keyword(s):

Big Data ◽

Information Systems ◽

Information Security ◽

Data Analytics ◽

Big Data Analytics ◽

Review Of The Literature ◽

Information Systems Security ◽

Systems Security ◽

Security Effectiveness ◽

Research Questions

This research measured determinants that influence the willingness of IT/IA professionals to recommend Big Data analytics to improve information systems security in an organization. A review of the literature as well as the works of prior researchers provided the basis for formulation of research questions. Results of this study found that security effectiveness, organizational need, and reliability play a role in the decision to recommend big data analytics to improve information security. This research has implications for both consumers and providers of big data analytics services through the identification of factors that influence IT/IA professionals. These factors aim to improve information systems security, and therefore, which service offerings are likely to meet the needs of these professionals and their organizations.

Download Full-text

Information Security Program Effectiveness in Organizations

Journal of Organizational and End User Computing ◽

10.4018/joeuc.2014010102 ◽

2014 ◽

Vol 26 (1) ◽

pp. 27-46 ◽

Cited By ~ 1

Author(s):

Kenneth J. Knapp ◽

Claudia J. Ferrante

Keyword(s):

Information Security ◽

Program Effectiveness ◽

Task Interdependence ◽

Management Support ◽

Security Culture ◽

Training Support ◽

Structural Support ◽

Security Effectiveness ◽

Criterion Variables

This research investigates the moderating role of task interdependence on factors influencing information security effectiveness in organizations. Drawing on the literature, the authors develop a theoretical model depicting top management support and awareness & training support as predictors of information security program effectiveness. Further, the model shows security culture as a partial mediator between the predictor and criterion variables. The authors then apply task interdependence as a moderator to the model. Results from a survey given to a sample of 371 certified information security professionals find support for the model while showing certain paths to be significant only under high task interdependence while others only under low task interdependence. In high task interdependence environments, security culture did not mediate the relationships between the predictor and criterion variables suggesting that managers focus on providing greater structural support to maximize security effectiveness. However, in low task interdependence, security culture fully mediated the relationships between the predictor and criterion variables suggesting that the role of culture is amplified and central in those environments.

Download Full-text

Indirect effect of management support on users’ compliance behaviour towards information security policies

Health Information Management Journal ◽

10.1177/1833358317700255 ◽

2017 ◽

Vol 47 (1) ◽

pp. 17-27 ◽

Cited By ~ 5

Author(s):

Norshima Humaidi ◽

Vimala Balakrishnan

Keyword(s):

Information Security ◽

Indirect Effect ◽

Health Professionals ◽

Public Hospitals ◽

Security Policies ◽

Unique Contribution ◽

Management Support ◽

Planned Behaviour ◽

Compliance Behaviour ◽

Significant Factors

Background: Health information systems are innovative products designed to improve the delivery of effective healthcare, but they are also vulnerable to breaches of information security, including unauthorised access, use, disclosure, disruption, modification or destruction, and duplication of passwords. Greater openness and multi-connectedness between heterogeneous stakeholders within health networks increase the security risk. Objective: The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment. Method: Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs. Results: Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study. Conclusion: The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management–user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management–user values and the nature of compliance towards ISPs among selected health professionals, this study has made a unique contribution to the literature.

Download Full-text

INFORMATION SECURITY IN HEALTH CARE - Evaluation with Health Professionals

Proceedings of the International Conference on Health Informatics ◽

10.5220/0003157700610069 ◽

2011 ◽

Keyword(s):

Health Care ◽

Information Security ◽

Health Professionals ◽

Health Care Evaluation ◽

Care Evaluation

Download Full-text