Hospital Staff’s Adherence to Information Security Policy: A Quest for the Antecedents of Deterrence Variables

Kuo, Kuang-Ming; Talley, Paul C.; Lin, Dyi-Yih Michael

doi:10.1177/00469580211029599

Cited by 7 publications

(5 citation statements)

References 56 publications

(111 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The following factors appeared in two studies: Perceived certainty is derived from GDT, which can examine different acts or processes, such as detection [ 80 ] and punishment [ 73 ]. Two selected studies evaluated the impacts of peer influence and superior influence on different types of security behavior: protection intention [ 70 ] and non-compliance intention [ 82 ].…”

Section: Resultsmentioning

confidence: 99%

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

et al. 2022

View full text Add to dashboard Cite

This study aims to review the literature on antecedent factors of information security related to the protection of health information systems (HISs) in the healthcare organization. We classify those factors into organizational and individual aspects. We followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework. Academic articles were sourced from five online databases (Scopus, PubMed, IEEE, ScienceDirect, and SAGE) using keywords related to information security, behavior, and healthcare facilities. The search yielded 35 studies, in which the three most frequent individual factors were self-efficacy, perceived severity, and attitudes, while the three most frequent organizational factors were management support, cues to action, and organizational culture. Individual factors for patients and medical students are still understudied, as are the organizational factors of academic healthcare facilities. More individual factors have been found to significantly influence security behavior. Previous studies have been dominated by the security compliance behavior of clinical and non-clinical hospital staff. These research gaps highlight the theoretical implications of this study. This study provides insight for managers of healthcare facilities and governments to consider individual factors in establishing information security policies and programs for improving security behavior.

show abstract

Section: Resultsmentioning

confidence: 99%

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

et al. 2022

View full text Add to dashboard Cite

show abstract

“…The different perspectives of these theories and the facilitating conditions show the whole chain of the InfoSec behaviour adoption process. Thus, it helps organisations reduce information security breaches by changing employees' behaviour to match information security policies and rules [7,15,[17][18][19][20][21][22]. An assessment of theories utilised in related work revealed that the theories of TPB, PMT, and GDT are most often used [23]; [24].…”

Section: Theoretical Background and Conceptual Modelmentioning

confidence: 99%

“…GDT has been chiefly used in criminology to minimise deviant behaviour in people. In recent decades, it has been successfully and efficiently used for information technology as well as preventative information security [15], [19], [20], [27], [43]. In GDT, the deterrence model is built on three core constructs: certainty of sanctions, the severity of sanctions, and celerity of sanctions.…”

Section: Deterrence Factorsmentioning

confidence: 99%

“…Such determinants impact people's attitudes toward preventing activities that are regarded as undesirable in society. The constructs' of GDT: perceived www.ijacsa.thesai.org certainty of sanctions and perceived severity of sanctions are included in the study model due to their positive influence in the relevant literature [20], [43]. Perceived certainty of sanctions refers to a person's belief that the authorities are likely to detect delinquent behaviour.…”

Section: Deterrence Factorsmentioning

confidence: 99%

“…The study's findings reveal that SETA programs strongly affect public institution employees' ISA intentions towards InfoSec behaviour. According to prior studies, SETA programs motivate employees to follow information security policies and procedures [20], [21]. When public sector employees get appropriate SETA programs, they will gain an essential awareness of security knowledge and abilities.…”

Section: Comparative Evaluation Of the Study Modelmentioning

confidence: 99%

See 2 more Smart Citations

Determinants of Information Security Awareness and Behaviour Strategies in Public Sector Organizations among Employees

Al-Shanfari¹,

Yassin²,

Tabook³

et al. 2022

IJACSA

View full text Add to dashboard Cite

In this digital era, protecting an organisation's sensitive information system assets against cyberattacks is challenging. Globally, organisations spend heavily on information security (InfoSec) technological countermeasures. Public and private sectors often fail to secure their information assets because they depend primarily on technical solutions. Human components create the bulk of cybersecurity incidents directly or indirectly, causing many organisational information security breaches. Employees' information security awareness (ISA) is crucial to preventing poor information security behaviours. Until recently, there was little combined information on how to improve ISA and how investigated factors influencing employees' ISA levels were. This paper proposed a comprehensive theoretical model based on the Protection Motivation Theory, the Theory of Planned Behaviour, the General Deterrence Theory, and Facilitating Conditions for assessing public sector employees' ISA intentions for information security behaviour. Using a survey and the structural equation modelling (SEM) method, this research reveals that the utilised factors are positively associated with actual information security behaviour adoption, except for perceived sanction certainty. The findings suggest that the three theories and facilitating conditions provide the most influential theoretical framework for explaining public sector employees' information security adoption behaviour. These findings support previous empirical research on why employees' information on security behaviours vary. Consistent with earlier research, these psychological factors are just as critical as facilitating conditions in ensuring more significant behavioural intention to engage in ISA activities, ensuring information security behaviour. The study recommends that public-sector organisations invest in their employees' applied information security training.

show abstract

Enhancing Government Hospital Information Security: A Framework Integrating Modified ISO 27001 and HIPAA Standards

Alam,

Manongga,

Sembiring

et al. 2024

2024 7th International Conference on Informatics and Computational Sciences (ICICoS)

View full text Add to dashboard Cite

Hospital Staff’s Adherence to Information Security Policy: A Quest for the Antecedents of Deterrence Variables

Cited by 7 publications

References 56 publications

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

Determinants of Information Security Awareness and Behaviour Strategies in Public Sector Organizations among Employees

Enhancing Government Hospital Information Security: A Framework Integrating Modified ISO 27001 and HIPAA Standards

Contact Info

Product

Resources

About