Awareness Training Transfer and Information Security Content Development for Healthcare Industry

Ghazvini, Arash; Shukur, Zarina

doi:10.14569/ijacsa.2016.070549

Cited by 16 publications

(10 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, it is deduced that there is a high risk of security incidents triggered by non-ICT employees because the aforementioned threats and attacks and the associated impact of potential incidents have not been efficiently communicated to them by the ICT staff. All the above indicate that decreasing the end-point complexity as proposed in [ 32 ], along with training conduction, is essential in raising awareness amongst personnel and motivating them to pay attention to cyber-threats and policies to limit human errors [ 33 , 34 , 35 ]. The adoption of a risk-aware attitude and associated skills by the non-ICT staff through cybersecurity trainings and a robust organizational monitoring strategy could lead to a more GDPR-compliant status.…”

Section: Discussionmentioning

confidence: 99%

A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures

et al. 2022

View full text Add to dashboard Cite

Recent studies report that cybersecurity breaches noticed in hospitals are associated with low levels of personnel’s cybersecurity awareness. This work aims to assess the cybersecurity culture in healthcare institutions from middle- to low-income EU countries. The evaluation process was designed and performed via anonymous online surveys targeting individually ICT (internet and communication technology) departments and healthcare professionals. The study was conducted in 2019 for a health region in Greece, with a significant number of hospitals and health centers, a large hospital in Portugal, and a medical clinic in Romania, with 53.6% and 6.71% response rates for the ICT and healthcare professionals, respectively. Its findings indicate the necessity of establishing individual cybersecurity departments to monitor assets and attitudes while underlying the importance of continuous security awareness training programs. The analysis of our results assists in comprehending the countermeasures, which have been implemented in the healthcare institutions, and consequently enhancing cybersecurity defense, while reducing the risk surface.

show abstract

Section: Discussionmentioning

confidence: 99%

A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures

et al. 2022

View full text Add to dashboard Cite

show abstract

“…These kinds of errors can be corrected through training programs with an intention to promote behaviors of individuals toward organizational policy. Training programs in organizations can help to improve employees' awareness toward the security of E-health systems and help them to adhere to appropriate behaviors that do not compromise the security of the system (Ghazvini and Shukur, 2016). Based on these facts, the information security awareness programs have positive influences on the employees' knowledge, attitude, and behavior in real life.…”

Section: Discussionmentioning

confidence: 99%

“…Organizations should make continual efforts to ensure that the content of policy is effectively communicated to the employees (Ghazvini and Shukur, 2016). Therefore, the factors that play a significant role in shaping perceived security should be enhanced (Peikari et.al, 2018).…”

Section: Introductionmentioning

confidence: 99%

“…Since training programs are effective approaches to reduce the risks in electronic health systems (Olusegun and Ithnin, 2013), the organizations can develop several training modules that target employees who need to be aware of their requirements for compliance based on legislative policies and acts (Arain et.al, 2019;Tsohou et.al, 2008 (Ghazvini and Shukur, 2016). Finally, human error is considered as the biggest threat to information security effectiveness owing to lack of employees' attention (Ghazvini and Shukur, 2016). Therefore, many organizations establish the awareness programs to ensure that their employees are informed about security risks, thereby protecting themselves and their profitability (Gebrasilase and Ferede, 2011).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Evaluation of the Effects of Information Security Training on Employees: A Study From a Private Hospital

Özaslan¹,

AKSU²,

Tekin³

et al. 2020

International Journal of Health Management and Tourism

View full text Add to dashboard Cite

show abstract

“…Moreover, implementing user awareness campaigns, by educating and training end-users can help to improve the use of systems (Ghazvini & Shukur, 2016). However, as mentioned by Caldwell (2016), awareness without any other activity is not enough.…”

Section: Office 365 Sharepoint Onlinementioning

confidence: 99%

Office 365 SharePoint Online: Establishing Content Security Awareness with End-Users using Campaigns

Sikhitha¹,

Bergh²

Kalpa Publications in Computing

View full text Add to dashboard Cite

Cloud based information systems such as Office 365 SharePoint Online, could be subject to serious content security risks, because of the lack of awareness of end-users when sharing content in an online environment. Information security awareness campaigns governing the “people problem” of properly securing information systems, are used in aid of organisational efforts towards creating awareness with end-users. Although many research studies determined what should be included in awareness campaigns, they do not always clarify which steps to take to achieve the different elements. The current study contributes its findings to this area of research, by interviewing ten industry experts to determine what practical steps could be taken to achieve the different elements of an awareness campaign aimed at creating awareness among Office 365 Share-Point online end-users. A theoretical model, derived from literature, was presented to experts. Experts were purposively selected because of their knowledge of, and responsibility for, conducting awareness campaigns within their respective organisations. Their recommendations, via interviews, were applied to the theoretical model to include practical steps for achieving the main elements of: addressing user behaviour; including awareness activities and competitions; using multiple communication channels; promoting an information security culture and individual responsibility; having champions for awareness and measuring the effectiveness of awareness campaigns. Future studies could expand this model, both the main elements of awareness campaigns, and the practical steps taken to achieve the main elements.

show abstract

Awareness Training Transfer and Information Security Content Development for Healthcare Industry

Cited by 16 publications

References 13 publications

A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures

A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures

Evaluation of the Effects of Information Security Training on Employees: A Study From a Private Hospital

Office 365 SharePoint Online: Establishing Content Security Awareness with End-Users using Campaigns

Contact Info

Product

Resources

About