Social action theory for understanding information security non-compliance in hospitals: The importance of user rationale
نویسندگان
چکیده
Purpose – Employees’ compliance with information security policies is considered an essential component of information security management. The research aims to illustrate the usefulness of social action theory (SAT) for management of information security. Design/methodology/approach – This research was carried out as a longitudinal case study at a Swedish hospital. Data were collected using a combination of interviews, information security documents, and observations. Data were analysed using a combination of a value-based compliance model and the taxonomy laid out in SAT to determine user rationality. Findings – The paper argues that management of information security and design of countermeasures should be based on an understanding of users’ rationale covering both intentional and unintentional non-compliance. The findings are presented in propositions with practical and theoretical implications: P1. Employees’ non-compliance is predominantly based on means-end calculations and based on a practical rationality, P2. An information security investigation of employees’ rationality should not be based on an a priori assumption about user intent, P3. Information security management and choice of countermeasures should be based on an understanding of the use rationale, and P4. Countermeasures should target intentional as well as unintentional non-compliance. Originality/value – This work is an extension of Hedström et al. arguing for the importance of addressing user rationale for successful management of information security. The presented propositions can form a basis for information security management, making the objectives underlying the study presented in Hedström et al. more clear.
منابع مشابه
Ranking Effective Behavioural Factors Affecting Non –compliance in Business Tax from the Professional Perspective
The country's tax system has always faced many challenges in the business sector, and various factors have caused lack of tax compliance in this sector. In this research, the identification and ranking of effective behavioural factors affecting non-compliance of business tax has been pursued with the aim[1] of answering the question that " what are the most important factors affecting the non-c...
متن کاملChoosing appropriate theories for understanding hospital reporting of adverse drug events, a theoretical domains framework approach
Adverse drug events (ADEs) may cause serious injuries including death. Spontaneous reporting of ADEs plays a great role in detection and prevention of them, however, underreporting always exists. Although several interventions have been utilized to solve this problem, they are mainly based on experience and the rationale for choosing them has no theoretical base. The vast variety of behavioral ...
متن کاملChoosing appropriate theories for understanding hospital reporting of adverse drug events, a theoretical domains framework approach
Adverse drug events (ADEs) may cause serious injuries including death. Spontaneous reporting of ADEs plays a great role in detection and prevention of them, however, underreporting always exists. Although several interventions have been utilized to solve this problem, they are mainly based on experience and the rationale for choosing them has no theoretical base. The vast variety of behavioral ...
متن کاملUsability evaluation of the user interface in electronic prescribing systems of Iran Health Insurance Organization and Social Security Organization
Introduction: The e-prescribing system is one of the basic technologies in the health system structure which was developed with the aim of properly managing healthcare resources and services, preventing common manual prescribing errors, and increasing patient safety. Given that the user interface of e-prescribing system is considered as the main factor of user acceptance, the purpose of the pre...
متن کاملInformation Security Requirements for Implementing Electronic Health Records in Iran
Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Inf. Manag. Comput. Security
دوره 21 شماره
صفحات -
تاریخ انتشار 2013