Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics.

摘要

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at the center of information security activities for many years, often only the technical management components (firewall, anti-virus, etc.) have been the main area of interest for many practitioners. The problem addressed in this quantitative study was the dearth of non-technical security management perspectives in the management of information security in health informatics. Two prominent bodies of research, the theory of reasoned action and general deterrents theory were integrated to formulate the study framework. This quantitative, non-experimental study examined the impact of nontechnical security management factors including organizational culture, security policy and human actions on information security management. The survey instrument was hand delivered to healthcare practitioners at Korle-Bu Teaching Hospital, as well as to technocrats at the Ministry of Health in Ghana. A total of usable 177 out of two hundred surveys were returned. Survey data were analyzed using correlation and regression analyses. The results indicated a significant positive relationship between information security management and security policy (r=.612, p<.001), organizational culture (r=.751, p<.001), and human behavior actions (r=.646, p<.001). Findings from this study confirm that when non-technical factors are better appreciated and thus incorporated into organizations' overall security strategy at the onset, effective management of information security in (healthcare) organizations is ensured. Given the seriousness of the threats to the security environment today and the lack of effective control mechanisms in place, findings from this study could offer important and potentially new perspective on information security management issues; the growing recognition of the influences of non-technical factors for developing comprehensive information security management, particularly health organizations' security. A follow-up study on non-technical security management factors' effect on information security management would reapply the present study's instrument, and compare the combined scores between this and future studies.