The Impact of the Security Competency on “Self-efficacy in Information Security” for Effective Health Information Security in Iran

  • Ahmad Bakhtiyari ShahriEmail author
  • Shahram Mohanna
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 445)


The security effectiveness based on users’ behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies ‘Self-efficacy in Information Security’ (SEIS) and ‘Security Competency’ (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users’ behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively.


Health information system Security effectiveness Security competency Self-efficacy in information security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Health Information Systems, 27 07 2009. [Online]. Available: XFTO56S8S0.
  2. 2.
    Chu, A.M. and P.Y. Chau, Development and Validation of Instruments of Information Security Deviant Behavior. Decision Support Systems, 2014. 66: p. 93-101.Google Scholar
  3. 3.
    Hagen, J.M., The Contributions of Information Security Culture and Human Relations to the Improvement of Situational Awareness, in Situational Awareness in Computer Network Defense: Principles, Methods and Applications. 2012, Cyril Onwubiko: UK.Google Scholar
  4. 4.
    Appari, A. and M.E. Johnson, Information Security and Privacy in Healthcare: Current State of Research. International Journal of Internet and Enterprise Management, 2010. 6(4): p. 279-314.Google Scholar
  5. 5.
    Asai, T. and S. Fernando, Human-Related Problems in Information Security in Thai Cross-Cultural Environments. Contemporary Management Research, 2011. 7(2): p. 117-142.Google Scholar
  6. 6.
    Ma, Q., A.C. Johnston, and J.M. Pearson, Information Security Management Objectives and Practices: A Parsimonious Framework. Information Management & Computer Security, 2008. 16(3): p. 251-270.Google Scholar
  7. 7.
    Sedlack, D.J. and G.P.S. Tejay. Improving Information Security Through Technological Frames of Reference. in Southern Association for Information Systems Conference. 2011. Atlanta, GA, USA.Google Scholar
  8. 8.
    Rhee, H.S., C. Kim, and Y.U. Ryu, Self-Efficacy in Information Security: Its Influence on End Users’ Information Security Practice Behavior. Computers & Security, 2009. 28(8): p. 816-826.Google Scholar
  9. 9.
    Al-Omari, A., O. El-Gayar, and A. Deokar. Security Policy Compliance: User Acceptance Perspective. in 45th Hawaii International Conference on System Sciences (HICSS). 2012. USA: IEEE.Google Scholar
  10. 10.
    Doherty, N.F., L. Anastasakis, and H. Fulford, Reinforcing the Security of Corporate Information Resources: A Critical Review of the Role of the Acceptable Use Policy. International Journal of Information Management, 2011. 31(3): p. 201-209.Google Scholar
  11. 11.
    D’Arcy, J. and A. Hovav, Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures. Journal of Business Ethics, 2009. 89: p. 59-71.Google Scholar
  12. 12.
    Knapp, K.J., et al., Information Security Policy: An Organizational-Level Process Model. Computers & Security, 2009. 28(7): p. 493-508.Google Scholar
  13. 13.
    Rindfleisch, T.C., Privacy, Information Technology, and Health Care. Communications of the ACM, 1997. 40(8): p. 92-100.Google Scholar
  14. 14.
    Dimitropoulos, L. and S. Rizk, A State-Based Approach to Privacy and Security for Interoperable Health Information Exchange. Health Affairs, 2009. 28(2): p. 428-434.Google Scholar
  15. 15.
    Benhocine, A., L. Laouamer, and H. Hadji, Toward an Efficient Security: A New Methodology for Information Security. Journal of Economics and Administration, 2011. 1(1).Google Scholar
  16. 16.
    Yoon, C. and H. Kim, Understanding Computer Security Behavioral Intention in the Workplace: An Empirical Study of Korean Firms. Information Technology & People, 2013. 26(4): p. 401-419.Google Scholar
  17. 17.
    Aydın, Ö.M. and O. Chouseinoglou, Fuzzy Assessment of Health Information System Users’ Security Awareness. Journal of Medical Systems, 2013. 37(6): p. 1-13.Google Scholar
  18. 18.
    Straub, D.W., Effective IS Security. Information Systems Research, 1990. 1(3): p. 255-276.Google Scholar
  19. 19.
    Stanton, J.M., et al., Analysis of End User Security Behaviors. Computers & Security, 2005. 24(2): p. 124-133.Google Scholar
  20. 20.
    Sandoval, R., Information Technology Change and the Effects on User Behavior and Cyber Security. 2015.Google Scholar
  21. 21.
    Farzandipour, M., et al., Security Requirements and Solutions in Electronic Health Records: Lessons Learned from a Comparative Study. Journal of Medical Systems, 2010. 34(4): p. 629-642.Google Scholar
  22. 22.
    Bandura, A., Social Foundations of Thought and Action: A Social Cognitive Theory. 1986, Englewood Cliffs NJ: Prentice Hall.Google Scholar
  23. 23.
    Bandura, A., Perceived Self-Efficacy in the Exercise of Control Over AIDS Infection. Evaluation and Program Planning, 1990. 13(1): p. 9-17.Google Scholar
  24. 24.
    Davis, F.D., R.P. Bagozzi, and P.R. Warshaw, User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science, 1989. 35(8): p. 982-1003.Google Scholar
  25. 25.
    Madhavan, P. and R.R. Phillips, Effects of Computer Self-efficacy and System Reliability on User Interaction with Decision Support Systems. Computers in Human Behavior, 2010. 26(2): p. 199-204.Google Scholar
  26. 26.
    Thatcher, J.B., et al., Individual and Human-Assisted Computer Self Efficacy: An Empirical Examination. Wirtschaftinformatik Proceedings 2007, 2007. Paper 68: p. 199-216.Google Scholar
  27. 27.
    Lending, D. and T.W. Dillon, The Effects of Confidentiality on Nursing Self-Efficacy with Information Systems. International Journal of Healthcare Information Systems and Informatics, 2007. 2(3): p. 49-64.Google Scholar
  28. 28.
    He, W., X. Yuan, and X. Tian. The Self-Efficacy Variable in Behavioral Information Security Research. in Enterprise Systems Conference (ES), 2014. 2014: IEEE.Google Scholar
  29. 29.
    Enrici, I., M. Ancilli, and A. Lioy. A Psychological Approach to Information Technology Security. in 3rd Conference on System Interactions Human. 2010. Torino, Italy: IEEE.Google Scholar
  30. 30.
    Rodriguez, D., et al., Developing Competency Models to Promote Integrated Human Resource Practices. Human Resource Management, 2002. 41(3): p. 309-324.Google Scholar
  31. 31.
    Mussa, C.C., A Prudent Access Control Behavioral Intention Model for the Healthcare Domain, in Computer and Information Sciences. 2012, Nova Southeastern University.Google Scholar
  32. 32.
    Yeratziotis, A., D. Van Greunen, and D. Pottas. Recommendations for Usable Security in Online Health Social Networks. in 6th International Conference on Pervasive Computing and Applications (ICPCA). 2011. Port Elizabeth: IEEE.Google Scholar
  33. 33.
    Taneja, A., Determinants of Adverse Usage of Information Systems Assets: A Study of Antecedents of IS Exploit in Organizations, in Faculty of the Graduate School. 2007, THE UNIVERSITY OF TEXAS AT ARLINGTON.Google Scholar
  34. 34.
    Brady, J., An Investigation of Factors that Affect HIPAA Security Compliance in Academic Medical Centers. 2010, Nova Southeastern University: Florida, USA. p. 219.Google Scholar
  35. 35.
    Workman, M., W.H. Bommer, and D. Straub, Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test. Computers in Human Behavior, 2008. 24(6): p. 2799-2816.Google Scholar
  36. 36.
    Chan, M., I. Woon, and A. Kankanhalli, Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior. Journal of Information Privacy and Security, 2005. 1(3): p. 18-41.Google Scholar
  37. 37.
    Hair, J., et al., Multivariate Data Analysis.(7th). 2010, New Jersey: Prentice Hall.Google Scholar
  38. 38.
    Ng, B.Y., A. Kankanhalli, and Y.C. Xu, Studying Users’ Computer Security Behavior: A Health Belief Perspective. Decision Support Systems, 2009. 46(4): p. 815-825.Google Scholar
  39. 39.
    Brady, J.W. Securing Health Care: Assessing Factors That Affect HIPAA Security Compliance in Academic Medical Centers. in 44th Hawaii International Conference on System Sciences. 2011. Kauai, HI: IEEE.Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Faculty of Electrical and Computer EngineeringUniversity of Sistan and BaluchestanZahedanIran

Personalised recommendations