Culture Dimensions of Information Systems Security in Saudi Arabia National Health Services
Authors: Saleh Alumaran, Giampaolo Bella, Feng Chen
Abstract:
The study of organisations’ information security cultures has attracted scholars as well as healthcare services industry to research the topic and find appropriate tools and approaches to develop a positive culture. The vast majority of studies in Saudi national health services are on the use of technology to protect and secure health services information. On the other hand, there is a lack of research on the role and impact of an organisation’s cultural dimensions on information security. This research investigated and analysed the role and impact of cultural dimensions on information security in Saudi Arabia health service. Hypotheses were tested and two surveys were carried out in order to collect data and information from three major hospitals in Saudi Arabia (SA). The first survey identified the main cultural-dimension problems in SA health services and developed an initial information security culture framework model. The second survey evaluated and tested the developed framework model to test its usefulness, reliability and applicability. The model is based on human behaviour theory, where the individual’s attitude is the key element of the individual’s intention to behave as well as of his or her actual behaviour. The research identified a set of cultural and sub-cultural dimensions in SA health information security and services.
Keywords: Behaviour theory, Culture dimensions, Electronic health records, Information security.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1099268
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2299References:
[1] J. M. Marchibroda, “Health Information Exchange Policy and Evaluation, Journal of Biomedical Informatics”, vol. 40, No 6, pp. 11- 16, 2007.
[2] J. H. P. Eloff and M. Eloff, “Information Security Management-A New Paradigm”, in proc. of The 2003 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on Enablement through Technology (SAICSIST 2003), 2003, pp. 130-136.
[3] A. Da Veiga and J. H. P. Eloff. “A framework and assessment instrument for information security culture”, Computers & Security, vol. 29, no 2, pp. 196-207, 2010.
[4] S. Walston, Y. Al-Harbi, B. Al-Omar, “The changing face of healthcare in Saudi Arabia”, Annals of Saudi Medicine, vol. 28, pp.243–250, 2008.
[5] M. Almalki, G. Fitzgerald and M. Clark, “Health care system in Saudi Arabia: an overview”, Eastern Mediterranean Health Journal (EMHJ), vol. 17, no. 10, pp. 784-793, 2011.
[6] Colliers international. “Kingdom of Saudi Arabia Healthcare Overview”, 2012, http://www.colliers.com/~/media/Files/EMEA/emea/research/ speciality/2012q1-saudi-arabia-healthcare-overview.ashx
[7] M. Househ, M. Al-Tuwaljiri and B. Al-Dosari, “Establishing an Electronic Health Center of Research Excellence (E-CORE) within the Kingdom of Saudi Arabia”, Journal of Health Informatics in Developing Countries (JHIDC), vol. 4, no. 1, pp. 42-46, 2010.
[8] M. Aldajani, “Electronic Patient Record Security Policy in Saudi Arabia National Health Services”, PhD Thesis, De Montfort University UK, 2012.