Abstract
Despite the widely recognized importance of information security as vital assets in organization, there is a little understanding of how organizations actually promote information security culture among the employees in a particular environment. The diversity of problems facing the public-service organization is paramount than before because of competitive growth of services and rapid changes in technology. As information technology is widely adopted, the health organization must undergo boundless transformation to fulfil the nation’s demand yet provide a good information security. This research looks into the social aspects of information security. It further identifies key factors influencing the information security culture in health informatics. A review based on multiple definitions and descriptions of security culture from a previous study was conducted. This study proposes a conceptual model taking into consideration the influencing factors in information security culture that is developed based on Detert organizational culture model and health belief model (HBM). This in-progress study suggests organization in promoting information security culture particularly for health informatics. The proposed conceptual model will be further evaluated with selected healthcare organization.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Albrechtsen E (2007) A qualitative study of users’ view on information security. Comput Secur 26(4):276–289. doi:10.1016/j.cose.2006.11.004
Bansal G, Zahedi F, Gefen D (2010) The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decis Support Syst 49(2):138–150
Carpenter CJ (2010) A meta-analysis of the effectiveness of health belief model variables in predicting behavior. Health Comm 25(8):661–669. doi:10.1080/10410236.2010.521906
Chia PA, Maynard SB, Ruighaver AB (2002) Understanding organizational security culture. In: Proceedings of Pacific Asia conference on information system 2002. Japan, pp 1–23
Da Veiga A, Eloff JHP (2010) A framework and assessment instrument for information security culture. Comput Secur 29(2):196–207. doi:10.1016/j.cose.2009.09.002
Detert JR, Schroeder RG, Mauriel JJ (2000) A framework for linking culture and improvement initiatives in organizations. Acad Manage Rev 25(4):850–863
Garg V, Brewer J (2011) Telemedicine security: a systematic review. J Diabetes Sci Technol 5(3):768–777
Gaunt N (2000) Practical approaches to creating a security culture. Int J Med Inform 60(2):151–157
Gebrasilase T, Lessa L (2011) Information security culture in public hospitals: the case of Hawassa referral hospital. Afr J Inform Syst 3(3):72–86
Hersh W, Bhupatiraju R (2006) Adopting e-learning standards in health care: competency-based learning in the medical informatics domain. AMIA Annual Symposium Proceedings, pp 334–338
Humaidi N, Balakrishnan V (2012) The influence of security awareness and security technology on users’ behavior towards the implementation of health information system: a conceptual framework. In: Proceeding of international conference on management and artificial intelligence, Singapore, 35:1–6
Katsikas S (2000) Health care management and information systems security: awareness, training or education? Int J Med Informat 2(1):129–135
Knapp K, Marshall T (2006) Information security: management’s effect on culture and policy. Inform Manag Comput Secur 14(1):24–36. doi:10.1108/09685220610648355
Kraemer S, Carayon P, Clem J (2009) Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput Secur 28(7):509–520. doi:10.1016/j.cose.2009.04.006
Lim JS, Ahmad A, Chang S, Maynard S (2010) Embedding information security culture. In: Proceedings of the PACIS 2010, pp 463–474
Meingast M, Roosta T, Sastry S (2006) Security and privacy issues with health care information technology. Conference proceedings. Annual international conference of the IEEE engineering in medicine and biology society. IEEE engineering in medicine and biology society. conference, vol 1, pp 5453–5458. doi:10.1109/IEMBS.2006.260060
Ng B-Y, Kankanhalli A, Xu Y (2009) Studying users’ computer security behavior: a health belief perspective. Decis Support Syst 46(4):815–825. doi:10.1016/j.dss.2008.11.010
Parkin SE, van Moorsel A, Coles R (2009) An information security ontology incorporating human-behavioural implications. In: Proceedings of the 2nd international conference on security of information and networks, ACM, pp 46–55
Samy GN, Ahmad R, Ismail Z (2010) Security threats categories in healthcare information systems. Health Informat J 16(3):201–209. doi:10.1177/1460458210377468
Savastano M, Hovsto A, Pharow P, Blobel B (2008) Identity-management factors in e-health and telemedicine applications. J Telemed Telecare 14(7):386–388
Stahl B, Doherty N, Shaw M (2012) Information security policies in the UK healthcare sector: a critical evaluation. Inform Syst J 22(1):77–94
Stanton JM, Mastrangelo P, Stam KR, Jolton J (2004) Behavioral information security: two end user survey studies of motivation and security practices. In: Association for information system conference (AMCIS), pp 175–181
Thomson K, Von Solms R, Louw L (2006) Cultivating an organizational information security culture. Comput Fraud Secur 2006:49–50
Van Niekerk JF, Von Solms R (2010) Information security culture: a management perspective. Comput Secur 29(4):476–486. doi:10.1016/j.cose.2009.10.005
Von Solms B, Von Solms R (2004) The 10 deadly sins of information security management. Comput Secur 23(5):371–376. doi:10.1016/j.cose.2004.05.002
Vroom C, Von Solms R (2004) Towards information security behavioural compliance. Comput Secur 23(3):191–198. doi:10.1016/j.cose.2004.01.012
Whitman ME (2008) Security policy: from design to maintenance. Adv Manag Inform Syst 11(2007):123–151
Williams P (2009) Capturing culture in medical information security research. Methodological Innovat Online 4(3):15–26. doi:10.4256/mio.2010.0003
Zakaria O, Gani A, Nor MM, Anuar NB (2007) Reengineering information security culture formulation through management perspective. Proceedings of the international conference on electrical engineering and informatics institut Teknologi Bandung, pp 638–641
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer Japan
About this paper
Cite this paper
Hassan, N.H., Ismail, Z. (2015). A Conceptual Model Towards Information Security Culture in Health Informatics. In: Ab. Hamid, K., Ono, O., Bostamam, A., Poh Ai Ling, A. (eds) The Malaysia-Japan Model on Technology Partnership. Springer, Tokyo. https://doi.org/10.1007/978-4-431-54439-5_17
Download citation
DOI: https://doi.org/10.1007/978-4-431-54439-5_17
Published:
Publisher Name: Springer, Tokyo
Print ISBN: 978-4-431-54438-8
Online ISBN: 978-4-431-54439-5
eBook Packages: EngineeringEngineering (R0)