Main human factors affecting information system security

In this research relevant areas that are important in Information System Security have been reviewed based on the health care industry of Malaysia. Some concepts such as definition of Information System Security, System Security Goals, System Security Threats and human error have been studied. The Human factors that are effective on Information System Security have been highlighted and also some relevant models have been introduced. Reviewing the pervious factors helped to find out the Health Information System factors. Finally, the effective human factors on Health Information System have been identified and the structure of Healthcare industry has been studied. Moreover, these factors are categorized in three new groups: Organizational Factors, Motivational Factors and Learning. This information will help to design a framework in Health Information System.

[1]  Jens Rasmussen,et al.  Cognitive Control and Human Error Mechanisms , 1987 .

[2]  F. Nelson Ford,et al.  Information security: management's effect on culture and policy , 2006, Inf. Manag. Comput. Secur..

[3]  M. Lo,et al.  Does transformational leadership style foster commitment to change? The case of higher education in Malaysia , 2010 .

[4]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[5]  Theodoros Nikolakopoulos Evaluating the Human Factor in Information Security , 2009 .

[6]  Jose M. Sarriegi,et al.  Modeling Security Management of Information Systems : Analysis of a Ongoing Practical Case , 2006 .

[7]  Liene Kreicberga Internal threat to information security : countermeasures and human factor within SME , 2010 .

[8]  P. Carayon,et al.  Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists. , 2007, Applied ergonomics.

[9]  Yongge Wang,et al.  Constructivist Approach to Information Security Awareness in the Middle East , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[10]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[11]  Anthony M. Cresswell,et al.  Organizational Impacts of Cyber Security Provisions: A Sociotechnical Framework , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[12]  Vimala Balakrishnan,et al.  Exploratory Factor Analysis of UserâÂÂs Compliance Behaviour towards Health Information SystemâÂÂs Security , 2013 .

[13]  G. Aarons Transformational and transactional leadership: association with attitudes toward evidence-based practice. , 2006, Psychiatric services.

[14]  Yao Wang,et al.  A simplified CREAM prospective quantification process and its application , 2008, Reliab. Eng. Syst. Saf..

[15]  Agata Sawicka,et al.  A Framework for Human Factors in Information Security , 2002 .

[16]  John E. Canavan,et al.  Fundamentals of Network Security , 2012 .

[17]  Erik Hollnagel,et al.  Cognitive reliability and error analysis method , 1998 .

[18]  R. Panko Corporate Computer and Network Security , 2003 .

[19]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[20]  A. B. Ruighaver,et al.  Organisational security culture: Extending the end-user perspective , 2007, Comput. Secur..

[21]  John Leach,et al.  Improving user security behaviour , 2003, Comput. Secur..

[22]  Neil F. Doherty,et al.  The application of information security policies in large UK-based organizations: an exploratory investigation , 2003, Inf. Manag. Comput. Secur..

[23]  A. D. Swain,et al.  Handbook of human-reliability analysis with emphasis on nuclear power plant applications. Final report , 1983 .

[24]  Steven Furnell Making security usable: Are things improving? , 2007, Comput. Secur..

[25]  Sarika Kaushal,et al.  Effect of leadership and organizational culture on information technology effectiveness: A review , 2011, 2011 International Conference on Research and Innovation in Information Systems.

[26]  E. Eugene Schultz,et al.  The human factor in security , 2005, Comput. Secur..

[27]  Pascale Carayon,et al.  A Human Factors Vulnerability Evaluation Method for Computer and Information Security , 2003 .

[28]  J. Shaoul Human Error , 1973, Nature.

[29]  R. Jensen Pilot Judgment: Training and Evaluation , 1982 .

[30]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[31]  ColwillCarl Human factors in information security , 2009 .

[32]  William L. Simon,et al.  The Art of Deception , 2002 .

[33]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[34]  V. Balakrishnan,et al.  Exploratory Factor Analysis of User’s Compliance Behaviour towards Health Information System’s Security , 2013 .

[35]  Mo Adam Mahmood,et al.  Employees' Behavior towards IS Security Policy Compliance , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[36]  Munir Ahmed,et al.  Human Errors in Information Security , 2012 .

[37]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[38]  P. Reason,et al.  Human inquiry : a sourcebook of new paradigm research , 1983 .

[39]  Raymond R. Panko,et al.  IT employment prospects: beyond the dotcom bubble , 2008, Eur. J. Inf. Syst..

[40]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[41]  Mo Adam Mahmood,et al.  Compliance with Information Security Policies: An Empirical Investigation , 2010, Computer.

[42]  Taurayi Rupere,et al.  Towards Minimizing Human Factors In End-User Information Security , 2012 .

[43]  D. Norman Categorization of action slips. , 1981 .

[44]  S. Fischer-h bner IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[45]  John L. Rice,et al.  Cybercrime: Understanding and addressing the concerns of stakeholders , 2011, Comput. Secur..

[46]  B. Bass LEADERSHIP AND PERFORMANCE BEYOND EXPECTATIONS , 1985 .

[47]  Heiner Bubb Human reliability: A key to improved quality in manufacturing , 2003 .

[48]  S. Wiedenbeck,et al.  Human Factors and Information Security , 2004 .

[49]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[50]  Iván Arce,et al.  The Weakest Link Revisited , 2003, IEEE Secur. Priv..

[51]  Ganthan Narayana Samy,et al.  Security threats categories in healthcare information systems , 2010, Health Informatics J..

[52]  Kirstie Hawkey,et al.  An integrated view of human, organizational, and technological challenges of IT security management , 2009, Inf. Manag. Comput. Secur..

[53]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[54]  Eirik Albrechtsen,et al.  A qualitative study of users' view on information security , 2007, Comput. Secur..

[55]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[56]  Jens Rasmussen,et al.  Human errors. a taxonomy for describing human malfunction in industrial installations , 1982 .

[57]  Gavriel Salvendy,et al.  A Survey of Factors Influencing People's Perception of Information Security , 2007, HCI.

[58]  D. Spence The art of deception , 2013, BMJ.

[59]  Steven Furnell,et al.  Why users cannot use security , 2005, Comput. Secur..

[60]  Ivan Flechais,et al.  Designing Secure and Usable Systems , 2005 .

[61]  Evangelos A. Kiountouzis,et al.  Information systems security policies: a contextual perspective , 2005, Comput. Secur..

[62]  Erik Hollnagel,et al.  Human Reliability Analysis: Context and Control , 1994 .

[63]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[64]  Mica R. Endsley,et al.  Design and Evaluation for Situation Awareness Enhancement , 1988 .