Information Security Content Development for Awareness Training Programs in Healthcare

International Journal of Security and Its Applications Pub Date : 2017-07-31 DOI:10.14257/IJSIA.2017.11.7.07
A. Ghazvini, Z. Shukur
{"title":"Information Security Content Development for Awareness Training Programs in Healthcare","authors":"A. Ghazvini, Z. Shukur","doi":"10.14257/IJSIA.2017.11.7.07","DOIUrl":null,"url":null,"abstract":"Human error is recognized as the major cause of data breaches across the healthcare industry. Training and education are effective approaches to help employees adhere to appropriate behaviors that do not compromise information assets. However, not all awareness training programs are effective. One of the main failures in implementing successful awareness programs is the training content. In many cases, the training content is reported to be too informative or too advance. The aim of this paper is to propose a guideline to develop information security content for awareness training programs. Developing a rich and attractive training content is the key to an effective awareness program. It is necessary to ensure that important information security issues are effectively communicated with employees during awareness training programs, and employees are not over-trained or under-trained. The paper demonstrates the process of information security policy augmentation for a selected healthcare organization, and develops information security content from the augmented policy document. The focus of the training content is to enforce the organization’s internal information security policies.","PeriodicalId":46187,"journal":{"name":"International Journal of Security and Its Applications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Security and Its Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14257/IJSIA.2017.11.7.07","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

Abstract

Human error is recognized as the major cause of data breaches across the healthcare industry. Training and education are effective approaches to help employees adhere to appropriate behaviors that do not compromise information assets. However, not all awareness training programs are effective. One of the main failures in implementing successful awareness programs is the training content. In many cases, the training content is reported to be too informative or too advance. The aim of this paper is to propose a guideline to develop information security content for awareness training programs. Developing a rich and attractive training content is the key to an effective awareness program. It is necessary to ensure that important information security issues are effectively communicated with employees during awareness training programs, and employees are not over-trained or under-trained. The paper demonstrates the process of information security policy augmentation for a selected healthcare organization, and develops information security content from the augmented policy document. The focus of the training content is to enforce the organization’s internal information security policies.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
医疗保健领域意识培训项目的信息安全内容开发
在整个医疗保健行业,人为错误被认为是导致数据泄露的主要原因。培训和教育是帮助员工遵守不损害信息资产的适当行为的有效方法。然而,并不是所有的意识训练项目都有效。实施成功的意识项目的主要失败之一是培训内容。在许多情况下,培训内容被报告为信息量太大或太高级。本文的目的是提出一个指导方针,以制定信息安全内容的意识培训计划。开发丰富而有吸引力的培训内容是有效开展意识培训的关键。有必要确保重要的信息安全问题在意识培训项目中有效地与员工沟通,员工不会培训过度或培训不足。本文演示了选定医疗保健组织的信息安全策略增强过程,并从增强的策略文档中开发信息安全内容。培训内容的重点是执行组织的内部信息安全策略。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
International Journal of Security and Its Applications
International Journal of Security and Its Applications COMPUTER SCIENCE, INFORMATION SYSTEMS-
自引率
0.00%
发文量
0
期刊介绍: IJSIA aims to facilitate and support research related to security technology and its applications. Our Journal provides a chance for academic and industry professionals to discuss recent progress in the area of security technology and its applications. Journal Topics: -Access Control -Ad Hoc & Sensor Network Security -Applied Cryptography -Authentication and Non-repudiation -Cryptographic Protocols -Denial of Service -E-Commerce Security -Identity and Trust Management -Information Hiding -Insider Threats and Countermeasures -Intrusion Detection & Prevention -Network & Wireless Security -Peer-to-Peer Security -Privacy and Anonymity -Secure installation, generation and operation -Security Analysis Methodologies -Security assurance -Security in Software Outsourcing -Security products or systems -Security technology -Systems and Data Security
期刊最新文献
Capturing Security Mechanisms Applied to Ecommerce: An Analysis of Transaction Security Blockchain Approach to Cyber Security Vulnerabilities Attacks and Potential Countermeasures Mitigation of Wireless Body Area Networks Challenges using Cooperation Improving the Security Quality of Use Case Models through the Application of Software Refactoring Using Genetic Algorithm LTA: A Linked Timestamp based Authentication Protocol for Sensor Network
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1