Exploring Information Security Risks in Healthcare Systems

The volume and severity of information security breaches encountered continues to increase as organizations, including healthcare organizations, struggle to identify more effective security policies and procedures. Publicly available guidelines such as GASSP or ISO17799 that are designed to facilitate development of effective security policies and procedures have been criticized for, among other things, inadequate attention to differences in organizational security needs (Baskerville & Siponen, 2002), and for inadequate attention to the social dimensions of security problems (Dhillon & Backhouse, 2001). In this contribution, we argue that the diversity of organizational security needs, as well as the need to recognize the social dimensions to security problems, will continue to grow as companies move away from employing unique, proprietary approaches to software and network development, in favor of adopting standards-based plug-and-play applications, and related standards-based methods and technologies designed to enable interorganizational as well as local systems interoperability.

Download Full-text

Do Information Security Policies Reduce the Incidence of Security Breaches

Information Resources Management Journal ◽

10.4018/irmj.2005100102 ◽

2005 ◽

Vol 18 (4) ◽

pp. 21-39 ◽

Cited By ~ 37

Author(s):

Neil F. Doherty ◽

Heather Fulford

Keyword(s):

Information Security ◽

Security Policies ◽

Security Breaches

Download Full-text

Information Security Policies and Procedures Guidance for Agencies

Impact of Digital Transformation on Security Policies and Standards - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2367-4.ch004 ◽

2020 ◽

pp. 47-62

Author(s):

Dasari Kalyani

Keyword(s):

Information Security ◽

Security Policy ◽

Large Scale ◽

Management Strategies ◽

Security Policies ◽

Risk Levels ◽

Security Models ◽

Policies And Procedures ◽

Good Policy ◽

The Right

In today's digital e-commerce and m-commerce world, the information itself acts as an asset and exists in the form of hardware, software, procedure, or a person. So the security of these information systems and management is a big challenging issue for small and large-scale agencies. So this chapter discusses the major role and responsibility of the organization's management in identifying the need for information security policy in today's world of changing security principles and controls. It focuses on various policy types suitable for all kinds of security models and procedures with the background details such as security policy making, functionality, and its impact on an agency culture. Information security policies are helpful to identify and assess risk levels with the available set of technological security tools. The chapter describes the management strategies to write a good policy and selection of the right policy public announcement. The agencies must also ensure that the designed policies are properly implemented and ensure compliance through frequent intermediate revisions.

Download Full-text

Exploring the Effectiveness of Information Security Policies

Advances in Information Resources Management - Emerging Information Resources Management and Technologies ◽

10.4018/978-1-59904-286-2.ch003 ◽

2011 ◽

pp. 43-66

Author(s):

Neil F. Doherty ◽

Heather Fulford

Keyword(s):

Information Security ◽

Security Policy ◽

Human Error ◽

Security Policies ◽

Unexpected Finding ◽

Security Breaches ◽

The United Kingdom ◽

Significant Relationships ◽

It Managers ◽

Information Assets

Ensuring the security of corporate information assets has become an extremely complex, challenging and high-priority activity, due partly to their growing organizational importance, but also because of their increasing vulnerability to attacks from viruses, hackers, criminals, and human error. Consequently, organizations are having to prioritise the security of their computer systems, to ensure that their information assets retain their accuracy, confidentiality, and availability. Whilst the importance of the information security policy (InSPy) in ensuring the security of information is widely acknowledged, there has, to date, been little empirical analysis of its impact or effectiveness in this role. To help fill this gap an exploratory study was initiated that sought to investigate the relationship between the uptake and application of information security policies and the accompanying levels of security breaches. To this end a questionnaire was designed, validated, and then targeted at IT managers within large organisations in the United Kingdom. The findings, presented in this chapter, are somewhat surprising, as they show no statistically significant relationships between the adoption of information security policies and the incidence or severity of security breaches. The chapter concludes by exploring the possible interpretations of this unexpected finding, and its implications for the practice of information security management.

Download Full-text

Information Security Policies in Large Organizations

Information Security and Ethics ◽

10.4018/978-1-59140-286-7.ch012 ◽

2011 ◽

pp. 238-260

Author(s):

Neil F. Doherty ◽

Heather Fulford

Keyword(s):

United Kingdom ◽

Information Security ◽

Conceptual Framework ◽

Security Policy ◽

Progress Report ◽

Security Policies ◽

Security Breaches ◽

The United Kingdom ◽

It Managers ◽

The Relationship

While the importance of the information security policy (ISP) is widely acknowledged in the academic literature, there has, to date, been little empirical analysis of its impact. To help fill this gap a study was initiated that sought to explore the relationship between the uptake, scope and dissemination of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated and then targeted at IT managers within large organisations in the United Kingdom. The aim of this chapter is to provide a progress report on this study by describing the objectives of the research and the design of the conceptual framework.

Download Full-text

Information Security Policies and Procedures

The Frugal CISO ◽

10.1201/b16888-8 ◽

2014 ◽

pp. 183-226

Author(s):

Kerry Ann Anderson

Keyword(s):

Information Security ◽

Security Policies ◽

Policies And Procedures

Download Full-text

Curriculum development related to information security policies and procedures

Proceedings of the 2nd annual conference on Information security curriculum development - InfoSecCD '05 ◽

10.1145/1107622.1107634 ◽

2005 ◽

Cited By ~ 1

Author(s):

Allyson Mader ◽

S. Srinivasan

Keyword(s):

Information Security ◽

Curriculum Development ◽

Security Policies ◽

Policies And Procedures

Download Full-text

Do Information Security Policies Reduce the Incidence of Security Breaches

Social and Human Elements of Information Security ◽

10.4018/978-1-60566-036-3.ch019 ◽

2011 ◽

pp. 326-342

Author(s):

Neil F. Doherty

Keyword(s):

Information Security ◽

Security Policy ◽

Human Error ◽

Security Policies ◽

Unexpected Finding ◽

Security Breaches ◽

Significant Relationships ◽

It Managers ◽

The Uk ◽

The Relationship

Information is a critical corporate asset that has become increasingly vulnerable to attacks from viruses, hackers, criminals, and human error. Consequently, organizations are having to prioritize the security of their computer systems in order to ensure that their information assets retain their accuracy, confidentiality, and availability. While the importance of the information security policy (InSPy) in ensuring the security of information is acknowledged widely, to date there has been little empirical analysis of its impact or effectiveness in this role. To help fill this gap, an exploratory study was initiated that sought to investigate the relationship between the uptake and application of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated, and then targeted at IT managers within large organizations in the UK. The findings presented in this chapter are somewhat surprising, as they show no statistically significant relationships between the adoption of information security policies and the incidence or severity of security breaches. The chapter concludes by exploring the possible interpretations of this unexpected finding and its implications for the practice of information security management.

Download Full-text

Do Information Security Policies Reduce the Incidence of Security Breaches

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch066 ◽

2008 ◽

pp. 964-980

Author(s):

Neil F. Doherty ◽

Heather Fulford

Keyword(s):

Information Security ◽

Security Policy ◽

Human Error ◽

Security Policies ◽

Unexpected Finding ◽

Security Breaches ◽

Significant Relationships ◽

It Managers ◽

The Uk ◽

The Relationship

Information is a critical corporate asset that has become increasingly vulnerable to attacks from viruses, hackers, criminals, and human error. Consequently, organizations are having to prioritize the security of their computer systems in order to ensure that their information assets retain their accuracy, confidentiality, and availability. While the importance of the information security policy (InSPy) in ensuring the security of information is acknowledged widely, to date there has been little empirical analysis of its impact or effectiveness in this role. To help fill this gap, an exploratory study was initiated that sought to investigate the relationship between the uptake and application of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated, and then targeted at IT managers within large organizations in the UK. The findings presented in this paper are somewhat surprising, as they show no statistically significant relationships between the adoption of information security policies and the incidence or severity of security breaches. The paper concludes by exploring the possible interpretations of this unexpected finding and its implications for the practice of information security management.

Download Full-text

Enlisting human resources to mitigate information security risks

Strategic HR Review ◽

10.1108/shr-09-2020-0080 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Kamphol Wipawayangkool ◽

Juliana Lilly

Keyword(s):

Information Technology ◽

Information Security ◽

Human Resources ◽

Human Factors ◽

Security Issue ◽

Security Risks ◽

Content Type ◽

Security Breaches ◽

Security Training ◽

Corporate Information Systems

Purpose The purpose of this paper is to suggest ways to integrate human resources (HR) and information security management (ISM) within a firm to help reduce expensive and embarrassing failures in information security breaches. Design/methodology/approach This paper is written for the practitioners. It includes a general review of literature in information technology and HR to help explain ways to decrease the chance of ISM failures. Findings Employees often become careless about information security in the workplace, and the threat to corporate information systems is serious. Although security training is essential, a more comprehensive approach to addressing the security issue is needed. As human factors account for most security breaches, including HR personnel as a partner with IT may help address some of the weaknesses that training alone cannot resolve. Originality/value This paper discusses the human factors that cause information technology breaches and how combining HR practices and ISM may generate a competitive advantage for the organization. This paper then offers practical suggestions that HR may use to help with ISM issues.

Download Full-text