DeSouza, Eduardo and Valverde, Raul (2016) Reducing Security Incidents in a Canadian PHIPA Regulated Environment with an Employee-Based Risk Management Strategy. Journal of Theoretical and Applied Information Technology, 90 (2). pp. 197-208. ISSN 1992-8645
Preview |
Text (application/pdf)
520kB22Vol90No2.pdf |
Official URL: http://www.jatit.org/volumes/ninety2.php
Abstract
The paper uses a case study research approach in defining how an employee based risk management strategy such as employee information security training, employee motivation, and quality assurance can be used to reduce security incidents in a Canadian PHIPA regulated environment. During the research, information security professionals and employees were asked direct questions aimed at understanding the reasons why internal data breaches are recurrent, and what are users’ perception and understanding of existing security policies, processes, and their role in protecting information in their work environment. By using a qualitative case study research design method, data was collect from a small but targeted group of information security professionals and employees within healthcare organization in Ontario. The gathered data was analyzed to identify what are the main causes of security incidents, and what organizations,in the healthcare field can do to better involve their employees for the reduction of breaches and incidents.
The recommendations made by this research paper have the potential of influencing an organization’s
organizational culture and employee behavior. The main goal of this paper was to develop an employee based risk management strategy for enterprise level risk management focused on positively influencing employee behaviour.
Divisions: | Concordia University > John Molson School of Business > Decision Sciences and Management Information Systems |
---|---|
Item Type: | Article |
Refereed: | Yes |
Authors: | DeSouza, Eduardo and Valverde, Raul |
Journal or Publication: | Journal of Theoretical and Applied Information Technology |
Date: | 31 August 2016 |
Funders: |
|
Keywords: | Risk Management, Incident Management, Risk Reduction, PHIPA, Training Programs, Health Care Information Security. |
ID Code: | 981740 |
Deposited By: | Raul Valverde |
Deposited On: | 12 Sep 2016 13:08 |
Last Modified: | 18 Jan 2018 17:53 |
Repository Staff Only: item control page