A Linguistic Approach to Information Security Awareness Education in a Healthcare Environment

Drevin, Lynette; Kruger, Hendrik G.; Bell, Anna-Marie; Steyn, T.F.J.

doi:10.1007/978-3-319-58553-6_8

Cited by 6 publications

(5 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The reviewed frameworks [8,[14][15][16]31,38,41,44,45,[49][50][51][52][53][54][55][56][57][58][59][60][61][62][63][64][65][66] were not fully comprehensive. Meanwhile, security issues are affected by all these aspects and not just psychological, social, cultural, or sociodemographic aspects alone [38].…”

Section: Problem Specification Scope and Contribution Of The Studymentioning

confidence: 99%

“…Based on the overview of existing literature [8,[14][15][16]31,38,41,44,45,[49][50][51][52][53][54][55][56][57][58][59][60][61][62][63][64][65][66], we concluded that existing frameworks lack a comprehensive and holistic perspective. Furthermore, not all frameworks provide strong empirical support for the inclusion of variables from the perspective of both security related-behaviors and professionals' characteristics [14,45,49,52,55,[57][58][59].…”

Section: Principal Findingsmentioning

confidence: 99%

See 1 more Smart Citation

Mapping the Psychosocialcultural Aspects of Healthcare Professionals’ Information Security Practices: Systematic Mapping Study

et al. 2021

View full text Add to dashboard Cite

Background Data breaches in health care are on the rise, emphasizing the need for a holistic approach to mitigation efforts. Objective The purpose of this study was to develop a comprehensive framework for modeling and analyzing health care professionals’ information security practices related to their individual characteristics, such as their psychological, social, and cultural traits. Methods The study area was a hospital setting under an ongoing project called the Healthcare Security Practice Analysis, Modeling, and Incentivization (HSPAMI) project. A literature review was conducted for relevant theories and information security practices. The theories and security practices were used to develop an ontology and a comprehensive framework consisting of psychological, social, cultural, and demographic variables. Results In the review, a number of psychological, social, and cultural theories were identified, including the health belief model, protection motivation theory, theory of planned behavior, and social control theory, in addition to some social demographic variables, to form a comprehensive set of health care professionals’ characteristics. Furthermore, an ontology was developed from these theories to systematically organize the concepts. The framework, called the psychosociocultural (PSC) framework, was then developed from the various combined psychological and sociocultural attributes of the ontology. The Human Aspect of Information Security Questionnaire was adopted as a comprehensive tool for gathering staff security practices as mediating variables in the framework. Conclusions Data breaches occur often in health care today. This frequency has been attributed to the lack of experience of health care professionals in information security, the lack of development of conscious care security practices, and the lack of motivation to incentivize health care professionals. The frequent data breaches in health care threaten the mutual trust between health care professionals and patients, which implicitly impacts the quality of the health care service. The modeling and analysis of health care professionals’ security practices can be conducted with the PSC framework by combining methods of statistical survey, observations, and interviews in relation to PSC variables, such as perceptions (perceived benefits, perceived threats, and perceived barriers) or psychological traits, social factors, cultural factors, and social demographics.

show abstract

Section: Problem Specification Scope and Contribution Of The Studymentioning

confidence: 99%

Section: Principal Findingsmentioning

confidence: 99%

Mapping the Psychosocialcultural Aspects of Healthcare Professionals’ Information Security Practices: Systematic Mapping Study

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Health care facilities should offer educational sessions featuring health care information technology and cybersecurity experts who can provide clinicians with the necessary foundational knowledge. Noting the “ongoing need for information security education, and particularly for ensuring high levels of information security awareness among health care workers,” Drevin and colleagues used a vocabulary test to assess health care workers' level of awareness and knowledge 25. They concluded that certain security terms, concepts, and behaviors need to be clarified for health care workers, highlighting the importance of ongoing cybersecurity awareness education 25…”

Section: Clinician and Patient Educationmentioning

confidence: 99%

“…Noting the "ongoing need for information security education, and particularly for ensuring high levels of information security awareness among health care workers," Drevin and colleagues used a vocabulary test to assess health care workers' level of awareness and knowledge. 25 They concluded that certain security terms, concepts, and behaviors need to be clarified for health care workers, highlighting the importance of ongoing cybersecurity awareness education. 25 Nurses who are educated about cybersecurity can play a critical role in informing patients who use medical devices and other clinicians about the risks and methods for reducing attacks on these devices.…”

Section: Clinician and Patient Educationmentioning

confidence: 99%

“…25 They concluded that certain security terms, concepts, and behaviors need to be clarified for health care workers, highlighting the importance of ongoing cybersecurity awareness education. 25 Nurses who are educated about cybersecurity can play a critical role in informing patients who use medical devices and other clinicians about the risks and methods for reducing attacks on these devices. They should first convey to patients that they don't have to be technologically savvy to reduce their cybersecurity risks.…”

Section: Clinician and Patient Educationmentioning

confidence: 99%

See 1 more Smart Citation

Preventing Medjacking

Cuningkin

Riley

Rainey

2021

AJN, American Journal of Nursing

View full text Add to dashboard Cite

Advances in medical device technology have led to greater connectivity with other devices, networks, and systems, raising concerns about associated security risks. Many clinicians, as well as the patients who rely on these lifesaving devices, are unaware of these risks and how they can be mitigated. This article describes several types of cyberattacks, including medjacking, hacking, and ransomware, and what nurses can do to guard against security threats and educate patients.

show abstract

Applying PDCA to Security, Education, Training and Awareness Programs

Casanove

Leleu

Sèdes

2022

Human Aspects of Information Security and Assurance

View full text Add to dashboard Cite

Security standards help to create security policies, but they are often very descriptive, especially when it comes to security awareness. Information systems security awareness is vital to maintain a high level of security. SETA programs (Security Education, Training and Awareness) increase information systems security awareness and play an important role in finding the strategic balance between the prevention and response paradigms. By reviewing the literature, we identify guidelines for designing a SETA program following a PDCA (Plan Do Check Act) cycle.

show abstract

A Linguistic Approach to Information Security Awareness Education in a Healthcare Environment

Cited by 6 publications

References 17 publications

Mapping the Psychosocialcultural Aspects of Healthcare Professionals’ Information Security Practices: Systematic Mapping Study

Mapping the Psychosocialcultural Aspects of Healthcare Professionals’ Information Security Practices: Systematic Mapping Study

Preventing Medjacking

Applying PDCA to Security, Education, Training and Awareness Programs

Contact Info

Product

Resources

About