ELEVATING INFORMATION SECURITY PRACTICES WITHIN SUDANESE HEALTHCARE ESTABLISHMENTS' STAFF

Abstract

: In today’s digital era healthcare establishments find information technologies invaluable in daily tasks. The paper strongly based upon a research that is currently being conducted by the author and according to the results from the research survey only 20% of healthcare establishments in Sudan has security initiatives for their employees and make use of electronic security systems or even physical instruments to protect their assets and patients’ information, whilst on the contrary, 80% have no security measures or any security policies. This is due to there is a lack of academic and professional literature about information security management and information security culture. Moreover, as grew to the best knowledge of the author and extracted from the results, healthcare community thought their role is to heal patients and they do not have any responsibility to protect patients’ information, whereas they deem such role belong to the computer department, even if, these security breaches computer related (e.g. viruses), or socially motivated (e.g. theft of equipment). Therefore, the overall aim of this paper is to identify factors that assist the implementation of information security culture and practices within healthcare establishments, and assist when conducting awareness programmers, so it discusses the need to promote information security issues within contemporary Sudanese healthcare establishments and the consequent need for appropriate training and awareness schemes. In addition, the paper highlights sequence basic elements that healthcare establishments should consider when construct a training and awareness program.