AN EMPIRICAL ASSESSMENT OF USER ONLINE SECURITY BEHAVIOR: EVIDENCE FROM A UNIVERSITY

The ever-increasing number and severity of cybersecurity breaches makes it vital to understand the factors that make organizations vulnerable. Since humans are considered the weakest link in the cybersecurity chain of an organization, this study evaluates users’ individual differences (demographic factors, risk-taking preferences, decision-making styles and personality traits) to understand online security behavior. This thesis studies four different yet tightly related online security behaviors that influence organizational cybersecurity: device securement, password generation, proactive awareness and updating. A survey (N=369) of students, faculty and staff in a large mid-Atlantic U.S. public university identifies individual characteristics that relate to online security behavior and characterizes the higher-risk individuals that pose threats to the university’s cybersecurity. Based on these findings and insights from interviews with phishing victims, the study concludes with recommendations to help similat organizations increase end-user cybersecurity compliance and mitigate the risks caused by humans in the organizational cybersecurity chain

The Public Health Information Technology Maturity Index: An Approach to Evaluating the Adoption and Use of Public Health Information Technology

Background: Public health information technology (PHIT) has the potential to improve the effective and efficient use of information in achieving public health objectives. Information technology maturity models have been extensively used in other domains to guide information technology assessment and planning, but an information technology maturity model tailored for public health departments has heretofore been unavailable. Purpose: The purpose of this study was to develop a Public Health Information Technology Maturity Index. Methods: An extensive literature review and content analysis was conducted of information system adoption, use, and maturity in general and in the public health systems and services research context in particular. Primary data were collected through staff interviews (61), staff observations (16), patient focus groups (3), and staff surveys (3) over the course of a multi-year technology implementation, including pre- and post-implementation of an electronic health record system at a large suburban public health department. Data were analyzed using qualitative and quantitative methods to extract potential categories for inclusion in the index. A Delphi exercise whose panelists included experts from state and local public health departments and national multi-stakeholder groups was conducted. Results: A Public Health Information Technology Maturity Index, questionnaire, and scoring guide were created. The Maturity Index consisted of four primary categories: Scale and Scope of PHIT Use; PHIT Quality; PHIT Human Capital, Policy and Resources; and, PHIT Community Infrastructure, along with fourteen subdimensions. Implications: The PHIT Maturity Index represents a practical approach to aid public health system stakeholders, notably health departments, in the evaluation of their information technology deployment decisions. As benchmark data become available, it will enable comparative assessment and possible linking of information technology maturity and multi-agency interoperability to population health outcomes