Login | Register

An Employee-based Risk Management Strategy for reducing security incidents in a Canadian PHIPA Regulated Environment

Title:

An Employee-based Risk Management Strategy for reducing security incidents in a Canadian PHIPA Regulated Environment

DeSouza, Eduardo and Valverde, Raul (2015) An Employee-based Risk Management Strategy for reducing security incidents in a Canadian PHIPA Regulated Environment. In: International Conference on Innovations in Computer Science and Information Technology (ICICSIT -2015), Hyderabad, India.

[img]
Preview
Text (application/pdf)
PaperFinal.pdf
276kB

Abstract

The paper uses a case study research approach in defining how an employee based risk management strategy such as employee information security training, employee motivation, and quality assurance can be used to reduce security incidents in a Canadian PHIPA regulated environment. During the research, information security professionals and employees were asked direct questions aimed at understanding the reasons why internal data breaches are recurrent, and what are users' perception and understanding of existing security policies, processes, and their role in protecting information in their work environment. By using a qualitative case study research design method, data was collect from a small but targeted group of information security professionals and employees within healthcare organization in Ontario. The gathered data was analyzed to identify what are the main causes of security incidents, and what organizations, in the healthcare field can do to better involve their employees for the reduction of breaches and incidents. The recommendations made by this research paper have the potential of influencing an organization's organizational culture and employee behavior. The main goal of this paper was to develop an employee based risk management strategy for enterprise level risk management focused on positively influencing employee behaviour.

Divisions:Concordia University > John Molson School of Business > Decision Sciences and Management Information Systems
Item Type:Conference or Workshop Item (Paper)
Refereed:Yes
Authors:DeSouza, Eduardo and Valverde, Raul
Date:1 December 2015
Keywords:Risk Management, Incident Management, Risk Reduction, PHIPA, Training Programs, Health Care Information Security.
ID Code:981333
Deposited By: RAUL VALVERDE
Deposited On:16 Jun 2016 13:52
Last Modified:18 Jan 2018 17:52
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top