Abstract
The security effectiveness based on users’ behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies ‘Self-efficacy in Information Security’ (SEIS) and ‘Security Competency’ (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users’ behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Health Information Systems, 27 07 2009. [Online]. Available: http://go.worldbank.org/ XFTO56S8S0.
Chu, A.M. and P.Y. Chau, Development and Validation of Instruments of Information Security Deviant Behavior. Decision Support Systems, 2014. 66: p. 93-101.
Hagen, J.M., The Contributions of Information Security Culture and Human Relations to the Improvement of Situational Awareness, in Situational Awareness in Computer Network Defense: Principles, Methods and Applications. 2012, Cyril Onwubiko: UK.
Appari, A. and M.E. Johnson, Information Security and Privacy in Healthcare: Current State of Research. International Journal of Internet and Enterprise Management, 2010. 6(4): p. 279-314.
Asai, T. and S. Fernando, Human-Related Problems in Information Security in Thai Cross-Cultural Environments. Contemporary Management Research, 2011. 7(2): p. 117-142.
Ma, Q., A.C. Johnston, and J.M. Pearson, Information Security Management Objectives and Practices: A Parsimonious Framework. Information Management & Computer Security, 2008. 16(3): p. 251-270.
Sedlack, D.J. and G.P.S. Tejay. Improving Information Security Through Technological Frames of Reference. in Southern Association for Information Systems Conference. 2011. Atlanta, GA, USA.
Rhee, H.S., C. Kim, and Y.U. Ryu, Self-Efficacy in Information Security: Its Influence on End Users’ Information Security Practice Behavior. Computers & Security, 2009. 28(8): p. 816-826.
Al-Omari, A., O. El-Gayar, and A. Deokar. Security Policy Compliance: User Acceptance Perspective. in 45th Hawaii International Conference on System Sciences (HICSS). 2012. USA: IEEE.
Doherty, N.F., L. Anastasakis, and H. Fulford, Reinforcing the Security of Corporate Information Resources: A Critical Review of the Role of the Acceptable Use Policy. International Journal of Information Management, 2011. 31(3): p. 201-209.
D’Arcy, J. and A. Hovav, Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures. Journal of Business Ethics, 2009. 89: p. 59-71.
Knapp, K.J., et al., Information Security Policy: An Organizational-Level Process Model. Computers & Security, 2009. 28(7): p. 493-508.
Rindfleisch, T.C., Privacy, Information Technology, and Health Care. Communications of the ACM, 1997. 40(8): p. 92-100.
Dimitropoulos, L. and S. Rizk, A State-Based Approach to Privacy and Security for Interoperable Health Information Exchange. Health Affairs, 2009. 28(2): p. 428-434.
Benhocine, A., L. Laouamer, and H. Hadji, Toward an Efficient Security: A New Methodology for Information Security. Journal of Economics and Administration, 2011. 1(1).
Yoon, C. and H. Kim, Understanding Computer Security Behavioral Intention in the Workplace: An Empirical Study of Korean Firms. Information Technology & People, 2013. 26(4): p. 401-419.
Aydın, Ö.M. and O. Chouseinoglou, Fuzzy Assessment of Health Information System Users’ Security Awareness. Journal of Medical Systems, 2013. 37(6): p. 1-13.
Straub, D.W., Effective IS Security. Information Systems Research, 1990. 1(3): p. 255-276.
Stanton, J.M., et al., Analysis of End User Security Behaviors. Computers & Security, 2005. 24(2): p. 124-133.
Sandoval, R., Information Technology Change and the Effects on User Behavior and Cyber Security. 2015.
Farzandipour, M., et al., Security Requirements and Solutions in Electronic Health Records: Lessons Learned from a Comparative Study. Journal of Medical Systems, 2010. 34(4): p. 629-642.
Bandura, A., Social Foundations of Thought and Action: A Social Cognitive Theory. 1986, Englewood Cliffs NJ: Prentice Hall.
Bandura, A., Perceived Self-Efficacy in the Exercise of Control Over AIDS Infection. Evaluation and Program Planning, 1990. 13(1): p. 9-17.
Davis, F.D., R.P. Bagozzi, and P.R. Warshaw, User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science, 1989. 35(8): p. 982-1003.
Madhavan, P. and R.R. Phillips, Effects of Computer Self-efficacy and System Reliability on User Interaction with Decision Support Systems. Computers in Human Behavior, 2010. 26(2): p. 199-204.
Thatcher, J.B., et al., Individual and Human-Assisted Computer Self Efficacy: An Empirical Examination. Wirtschaftinformatik Proceedings 2007, 2007. Paper 68: p. 199-216.
Lending, D. and T.W. Dillon, The Effects of Confidentiality on Nursing Self-Efficacy with Information Systems. International Journal of Healthcare Information Systems and Informatics, 2007. 2(3): p. 49-64.
He, W., X. Yuan, and X. Tian. The Self-Efficacy Variable in Behavioral Information Security Research. in Enterprise Systems Conference (ES), 2014. 2014: IEEE.
Enrici, I., M. Ancilli, and A. Lioy. A Psychological Approach to Information Technology Security. in 3rd Conference on System Interactions Human. 2010. Torino, Italy: IEEE.
Rodriguez, D., et al., Developing Competency Models to Promote Integrated Human Resource Practices. Human Resource Management, 2002. 41(3): p. 309-324.
Mussa, C.C., A Prudent Access Control Behavioral Intention Model for the Healthcare Domain, in Computer and Information Sciences. 2012, Nova Southeastern University.
Yeratziotis, A., D. Van Greunen, and D. Pottas. Recommendations for Usable Security in Online Health Social Networks. in 6th International Conference on Pervasive Computing and Applications (ICPCA). 2011. Port Elizabeth: IEEE.
Taneja, A., Determinants of Adverse Usage of Information Systems Assets: A Study of Antecedents of IS Exploit in Organizations, in Faculty of the Graduate School. 2007, THE UNIVERSITY OF TEXAS AT ARLINGTON.
Brady, J., An Investigation of Factors that Affect HIPAA Security Compliance in Academic Medical Centers. 2010, Nova Southeastern University: Florida, USA. p. 219.
Workman, M., W.H. Bommer, and D. Straub, Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test. Computers in Human Behavior, 2008. 24(6): p. 2799-2816.
Chan, M., I. Woon, and A. Kankanhalli, Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior. Journal of Information Privacy and Security, 2005. 1(3): p. 18-41.
Hair, J., et al., Multivariate Data Analysis.(7th). 2010, New Jersey: Prentice Hall.
Ng, B.Y., A. Kankanhalli, and Y.C. Xu, Studying Users’ Computer Security Behavior: A Health Belief Perspective. Decision Support Systems, 2009. 46(4): p. 815-825.
Brady, J.W. Securing Health Care: Assessing Factors That Affect HIPAA Security Compliance in Academic Medical Centers. in 44th Hawaii International Conference on System Sciences. 2011. Kauai, HI: IEEE.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Shahri, A.B., Mohanna, S. (2016). The Impact of the Security Competency on “Self-efficacy in Information Security” for Effective Health Information Security in Iran. In: Rocha, Á., Correia, A., Adeli, H., Reis, L., Mendonça Teixeira, M. (eds) New Advances in Information Systems and Technologies. Advances in Intelligent Systems and Computing, vol 445. Springer, Cham. https://doi.org/10.1007/978-3-319-31307-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-31307-8_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31306-1
Online ISBN: 978-3-319-31307-8
eBook Packages: EngineeringEngineering (R0)