Research Repository

Employee Perspective on Information Security Related Human Error in Healthcare: Proactive Use of IS-CHEC in Questionnaire Form

Evans, Mark and He, Ying and Luo, Cunjin and Yevseyeva, Iryna and Janicke, Helge and Maglaras, Leandros A (2019) 'Employee Perspective on Information Security Related Human Error in Healthcare: Proactive Use of IS-CHEC in Questionnaire Form.' IEEE Access, 7. 102087 - 102101. ISSN 2169-3536

[img]
Preview
Text
08755984.pdf - Published Version
Available under License Creative Commons Attribution.

Download (31MB) | Preview

Abstract

The objective of the research was to establish data relating to underlying causes of human error which are the most common cause of information security incidents within a private sector healthcare organization. A survey questionnaire was designed to proactively apply the IS-CHEC information security human reliability analysis (HRA) technique. The IS-CHEC technique questionnaire identified the most likely core human error causes that could result in incidents, their likelihood, the most likely tasks that could be affected, suggested remedial and preventative measures, systems or processes that would be likely to be affected by human error and established the levels of risk exposure. The survey was operational from 15th November 2018 to 15th December 2018. It achieved a response rate of 65% which equated to 485 of 749 people targeted by the research. The research found that, in the case of this particular participating organization, the application of the IS-CHEC technique through a questionnaire added beneficial value as an enhancement to a standard approach of holistic risk assessment. The research confirmed that the IS-CHEC in questionnaire form can be successfully applied within a private sector healthcare organization and also that a distributed approach for information security human error assessment can be successfully undertaken in order to add beneficial value. The results of this paper indicate, from the questionnaire responses supplied by employees, that organizational focus on its people and their working environment can improve information security posture and reduce the likelihood of associated information security incidents through a reduction in human error.

Item Type: Article
Divisions: Faculty of Science and Health > Computer Science and Electronic Engineering, School of
Depositing User: Elements
Date Deposited: 03 Mar 2021 10:34
Last Modified: 03 Mar 2021 10:34
URI: http://repository.essex.ac.uk/id/eprint/29987

Actions (login required)

View Item View Item