Academic Journals Database
Disseminating quality controlled scientific knowledge

Evaluation of users Information Security Practices at King Saud University Hospitals

Author(s): Ahmed I. Albarrak

Journal: International Journal of Collaborative Research on Internal Medicine & Public Health
ISSN 1840-4529

Volume: 3;
Issue: 3;
Start page: 197;
Date: 2011;
Original page

Keywords: Information security | Privacy | Hospital systems | Insider threats | User behavior

Background: The growing dependence on information technology by healthcare organizations has madeinformation security to be a permanent challenge for these organizations. While the risk of externalthreats can be assessed and accounted for by intrusion detection and other relevant tools, insider threats,are difficult to detect and manage because they primarily emerge from the authorized user maliciouspractices.Objectives: This paper investigates the security behavior and awareness of employee at King SaudUniversity hospitals, Saudi Arabia.Methods: The study was conducted at King Saud University Hospitals (KSUHs) namely; King KhalidUniversity Hospital (KKUH) and King Abdul Aziz University Hospital (KAUH). Data collection wasdone by a means of a questionnaire distributed to a random sample of 2000 employees (220administrative staff, 380 physicians, 900 nursing staff and 500 technical staff). The questions were set toaddress the security behavior of users and explore their awareness on basics security issues. In total, 554completed questionnaires were collected on which analysis was based. The (SPSS 16©) was usedthroughout the analysis to generate the summary tables and perform all data analysis. Comparison washeld statistically significant if (p≤ 0.05).Results: Results show that significant differences were reported between employee categories withrespect to security awareness issues such as sharing of computers, communication of password betweenoffice mates, and changing of password after being known by others or after being generated by thesystem. In all these situations, nursing staff appeared to be the most vulnerable group from whichinformation security threats are expected. They are the least to comply with preliminary securityrequirements (p=0.0001).Conclusion: Increasing security awareness and embedding security culture in the work environmentthrough continuous training of staff are very important to minimize user threats in healthcareorganizations. In addition, systematic monitoring and evaluation of employees’ security behavior, andsetting concrete policies and procedures for employees to follow are of high importance.

Tango Rapperswil
Tango Rapperswil

     Affiliate Program