Login | Register

Reducing Security Incidents in a Canadian PHIPA Regulated Environment with an Employee-Based Risk Management Strategy

Title:

Reducing Security Incidents in a Canadian PHIPA Regulated Environment with an Employee-Based Risk Management Strategy

DeSouza, Eduardo and Valverde, Raul (2016) Reducing Security Incidents in a Canadian PHIPA Regulated Environment with an Employee-Based Risk Management Strategy. Journal of Theoretical and Applied Information Technology, 90 (2). pp. 197-208. ISSN 1992-8645

[thumbnail of 22Vol90No2.pdf]
Preview
Text (application/pdf)
22Vol90No2.pdf
520kB

Official URL: http://www.jatit.org/volumes/ninety2.php

Abstract

The paper uses a case study research approach in defining how an employee based risk management strategy such as employee information security training, employee motivation, and quality assurance can be used to reduce security incidents in a Canadian PHIPA regulated environment. During the research, information security professionals and employees were asked direct questions aimed at understanding the reasons why internal data breaches are recurrent, and what are users’ perception and understanding of existing security policies, processes, and their role in protecting information in their work environment. By using a qualitative case study research design method, data was collect from a small but targeted group of information security professionals and employees within healthcare organization in Ontario. The gathered data was analyzed to identify what are the main causes of security incidents, and what organizations,in the healthcare field can do to better involve their employees for the reduction of breaches and incidents.
The recommendations made by this research paper have the potential of influencing an organization’s
organizational culture and employee behavior. The main goal of this paper was to develop an employee based risk management strategy for enterprise level risk management focused on positively influencing employee behaviour.

Divisions:Concordia University > John Molson School of Business > Decision Sciences and Management Information Systems
Item Type:Article
Refereed:Yes
Authors:DeSouza, Eduardo and Valverde, Raul
Journal or Publication:Journal of Theoretical and Applied Information Technology
Date:31 August 2016
Funders:
  • Concordia Open Access Author Fund
Keywords:Risk Management, Incident Management, Risk Reduction, PHIPA, Training Programs, Health Care Information Security.
ID Code:981740
Deposited By: Raul Valverde
Deposited On:12 Sep 2016 13:08
Last Modified:18 Jan 2018 17:53
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top