The impact of the security competency on "Self-Efficacy in Information Security" for effective Health Information Security in Iran

The security effectiveness based on users’ behaviors is becoming a top priority of Health Information System (HIS). In the first step of this study, through the review of previous studies ‘Self-efficacy in Information Security’ (SEIS) and ‘Security Competency’ (SCMP) were identified as the important factors to transforming HIS users to the first line of defense in the security. Subsequently, a conceptual model was proposed taking into mentioned factors for HIS security effectiveness. Then, this quantitative study used the structural equation modeling to examine the proposed model based on survey data collected from a sample of 263 HIS users from eight hospitals in Iran. The result shows that SEIS is one of the important factors to cultivate of good end users’ behaviors toward HIS security effectiveness. However SCMP appears a feasible alternative to providing SEIS. This study also confirms the mediation effects of SEIS on the relationship between SCMP and HIS security effectiveness. The results of this research paper can be used by HIS and IT managers to implement their information security process more effectively

Cybersecurity Strategies for Universities With Bring Your Own Device Programs

The bring your own device (BYOD) phenomenon has proliferated, making its way into different business and educational sectors and enabling multiple vectors of attack and vulnerability to protected data. The purpose of this multiple-case study was to explore the strategies information technology (IT) security professionals working in a university setting use to secure an environment to support BYOD in a university system. The study population was comprised of IT security professionals from the University of California campuses currently managing a network environment for at least 2 years where BYOD has been implemented. Protection motivation theory was the study\u27s conceptual framework. The data collection process included interviews with 10 IT security professionals and the gathering of publicly-accessible documents retrieved from the Internet (n = 59). Data collected from the interviews and member checking were triangulated with the publicly-accessible documents to identify major themes. Thematic analysis with the aid of NVivo 12 Plus was used to identify 4 themes: the ubiquity of BYOD in higher education, accessibility strategies for mobile devices, the effectiveness of BYOD strategies that minimize risk, and IT security professionals\u27 tasks include identifying and implementing network security strategies. The study\u27s implications for positive social change include increasing the number of users informed about cybersecurity and comfortable with defending their networks against foreign and domestic threats to information security and privacy. These changes may mitigate and reduce the spread of malware and viruses and improve overall cybersecurity in BYOD-enabled organizations

Cybersecurity Strategies for Universities With Bring Your Own Device Programs

The bring your own device (BYOD) phenomenon has proliferated, making its way into different business and educational sectors and enabling multiple vectors of attack and vulnerability to protected data. The purpose of this multiple-case study was to explore the strategies information technology (IT) security professionals working in a university setting use to secure an environment to support BYOD in a university system. The study population was comprised of IT security professionals from the University of California campuses currently managing a network environment for at least 2 years where BYOD has been implemented. Protection motivation theory was the study\u27s conceptual framework. The data collection process included interviews with 10 IT security professionals and the gathering of publicly-accessible documents retrieved from the Internet (n = 59). Data collected from the interviews and member checking were triangulated with the publicly-accessible documents to identify major themes. Thematic analysis with the aid of NVivo 12 Plus was used to identify 4 themes: the ubiquity of BYOD in higher education, accessibility strategies for mobile devices, the effectiveness of BYOD strategies that minimize risk, and IT security professionals\u27 tasks include identifying and implementing network security strategies. The study\u27s implications for positive social change include increasing the number of users informed about cybersecurity and comfortable with defending their networks against foreign and domestic threats to information security and privacy. These changes may mitigate and reduce the spread of malware and viruses and improve overall cybersecurity in BYOD-enabled organizations

Developing Cloud Computing Infrastructures in Developing Countries in Asia

Developing Cloud Computing Infrastructures in Developing Countries in Asia by Daryoush Charmsaz Moghaddam MS, Sharif University, 2005 BS, Civil Aviation Higher Education Complex, 1985 Doctoral Study Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Information Technology Walden University March 202

Segurança da informação e proteção de dados pessoais: estudo de caso e proposta de governança para serviços de saúde.

A segurança da informação é fundamental para a governança corporativa, especialmente nos últimos anos, na era da saúde digital. A tecnologia de informação e comunicação na saúde desempenha um papel fundamental na gestão do cuidado, na segurança do paciente e na qualidade assistencial. As violações da segurança da informação na área da saúde podem levar à quebra de confidencialidade, da privacidade de indivíduos, perda e/ou indisponibilidade de dados e comprometer a qualidade dos serviços prestados e a segurança dos pacientes. O uso de novas tecnologias como a inteligência artificial, a internet das coisas, a robótica, e suas aplicações na saúde, cria um ambiente mais complexo para assegurar a confidencialidade das informações. Recentemente o Governo Brasileiro implementou a Lei Geral de Proteção de Dados (LGPD), que acrescenta mais desafio à segurança da informação, pois institui novas exigências para garantia da privacidade dos indivíduos e confidencialidade de dados considerados sensíveis. O objetivo geral da pesquisa foi propor um modelo de governança de segurança da informação, denominado “Guia de Segurança da Informação e Proteção de Dados Pessoais para Serviços de Saúde”, que contemple boas práticas e inclua requisitos da Lei Geral de Proteção de Dados (LGPD). O guia foi elaborado baseado nas normas ABNT/ISO 27799, ABNT NBR ISO/IEC 27002 e nos requisitos da Lei nº 13.709 (LGPD). Também foi avaliado o conhecimento de profissionais de saúde sobre a LGPD e segurança da informação. Para apoio à pesquisa, foi realizada uma revisão de normativas de referência no estudo, regulamentação específica de proteção de dados pessoais e um mapeamento sistemático da literatura, que incluiu estudos sobre segurança da informação em saúde, no período de 2010 a 2020, de acordo com as estratégias descritas. A pesquisa foi desenvolvida em um serviço de saúde ambulatorial de especialidades médicas, público, de média complexidade, da Rede de Assistência à Saúde (RAS) do interior do estado de São Paulo. Os resultados obtidos evidenciaram a complexidade da governança da segurança da informação, considerando a especificidade dos serviços de saúde e o contexto analisado, sugerindo que as dificuldades de implantação de boas práticas estão em grande parte relacionadas às restrições de recursos financeiros para investimento em estrutura e equipe especializada de tecnologia de informação e comunicação, no foco da segurança da informação e proteção de dados pessoais. O guia resultante da pesquisa será um valioso instrumento organizacional para melhores práticas na segurança da informação e proteção de dados pessoais nos serviços de saúde. A pesquisa sugere a necessidade de estudos futuros para dar continuidade a ações que proponham melhorias no gerenciamento da segurança da informação em saúde e na proteção de dados pessoais. Foi considerada de grande valia e relevância social a perspectiva do desenvolvimento de uma ferramenta de software que apoie o guia apresentado nesta dissertação, como implementação da melhoria da gestão do processo de governança da segurança da informação e também a utilização desse guia como base na construção de sequências didáticas para o ensino/educação sobre segurança da informação na área da saúde. A aplicação das boas práticas recomendadas nesse guia em serviços de saúde é alvo de um estudo futuro.Information security is fundamental to corporate governance, especially in recent years, in the era of digital health. Information and communication technology in health plays a fundamental role in the management of care, patient safety and quality of care. Violations of information security in the health area can lead to breaches of confidentiality, privacy of individuals, loss and / or unavailability of data and compromise the quality of services provided and the safety of patients. The use of new technologies such as artificial intelligence, the internet of things, robotics, and their applications in health, creates a more complex environment to ensure the confidentiality of information. The Brazilian Government recently implemented the General Data Protection Law (LGPD), which adds more challenge to information security, as it imposes new requirements to guarantee the privacy of individuals and the confidentiality of sensitive data. The general objective of the research was to propose an information security governance model, called “Guide to Information Security and Protection of Personal Data for Health Services”, which includes good practices and includes requirements of the General Data Protection Law (LGPD Requirements). The guide was prepared based on ABNT / ISO 27799, ABNT NBR ISO / IEC 27002 and of Law No. 13.709 (LGPD). The health professionals' knowledge about LGPD and information security was also assessed. To support the research, a review of reference standards in the study, specific regulation for the protection of personal data and a systematic mapping of the literature was carried out, which included studies on health information security, in the period from 2010 to 2020, according to the strategies described. The research was developed in an outpatient health service of medical specialties, public, of medium complexity, of the Health Assistance Network (RAS) in the interior of the state of São Paulo. The results obtained demonstrated the complexity of information security governance, considering the specificity of health services and the context analyzed, suggesting that the difficulties in implementing good practices are largely related to the restrictions on financial resources for investment in structure and staff. specialized in information and communication technology, focusing on information security and protection of personal data. The resulting research guide will be a valuable organizational tool for best practices in information security and protection of personal data in health services. The research suggests the need for future studies to continue actions that propose improvements in the management of health information security and the protection of personal data. The perspective of developing a software tool that supports the guide presented in this dissertation was considered of great value and social relevance, as an implementation of the improvement of the management of the information security governance process and also the use of this guide as a basis for the construction of didactic sequences for teaching / education on information security in the health area. The application of the good practices recommended in this guide in health services is the subject of a future study.Não recebi financiament