Improving information system security by evaluating human factors

Abstract

Health Information System (HIS) has been implemented in Malaysia since late 1990s. HIS is an integration of several hospitals’ information system to manage administration works, patients and clinical records. Accessing HIS data through the internet make it more vulnerable to data lost, misuses and attacks. Health data is extremely sensitive, therefore they require high protection and information security must be carefully watched as it plays an important role to protect the data from being stolen or harmed. Despite the vast research in information security, the human factor has been neglected from the research community, with most security research giving focus on the technological component of an information technology system. The human factor is still subject to attacks and thus, in need of auditing and addressing any existing vulnerabilities. This research evaluates the human factor by the creation of a survey which examines three distinct user properties. Each of these properties comprises a series of questions, which with their turn assist on confirmation or refutation of three hypotheses. The survey was conducted on five public and private hospitals in Malaysia and distributed to all members of staff who have access on electronic information. Results have shown that the human factor has a significant role in information security; among the surveyed factors (organizational factor, motivational factor and learning), it is confirmed that Learning has the most effect on information system security. This research has addressed two sub factors of learning that are organizational learning and individual learning. In order to improve the information system security in hospitals, it is recommended for future study to consider some other factors except these two sub factors in learning.