{"title":"检测和纠正医疗保健设置中的非恶意内部威胁","authors":"Humayun Zafar","doi":"10.4018/ijsssp.315766","DOIUrl":null,"url":null,"abstract":"This paper aims to apply habit-based research to the domain of information security. It proposes a new training paradigm in which a user “automatically” does the right thing without being an expert in the area of information security. The authors used a multiphased approach in which a new security training program was created and assessed for three groups: administrators (mostly managers), medical professionals (included physicians, physician assistants etc.) and staff (appointment coordinators, billing specialists etc.). The authors were able to find strong correlations between habit creation and security threats such as phishing, unauthorized cloud computing use, and password sharing. The authors were also able to ascertain that traditional security training and awareness programs need to move away from the “one-size” fits all technique to custom models that need to look at employee groups. This study supports the idea of training programs that are focused on changing habits, which is an area that has not yet been extensively researched in this context.","PeriodicalId":264067,"journal":{"name":"International Journal of Systems and Software Security and Protection","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detecting and Rectifying the Non-Malicious Insider Threat in a Healthcare Setting\",\"authors\":\"Humayun Zafar\",\"doi\":\"10.4018/ijsssp.315766\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper aims to apply habit-based research to the domain of information security. It proposes a new training paradigm in which a user “automatically” does the right thing without being an expert in the area of information security. The authors used a multiphased approach in which a new security training program was created and assessed for three groups: administrators (mostly managers), medical professionals (included physicians, physician assistants etc.) and staff (appointment coordinators, billing specialists etc.). The authors were able to find strong correlations between habit creation and security threats such as phishing, unauthorized cloud computing use, and password sharing. The authors were also able to ascertain that traditional security training and awareness programs need to move away from the “one-size” fits all technique to custom models that need to look at employee groups. This study supports the idea of training programs that are focused on changing habits, which is an area that has not yet been extensively researched in this context.\",\"PeriodicalId\":264067,\"journal\":{\"name\":\"International Journal of Systems and Software Security and Protection\",\"volume\":\"33 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Systems and Software Security and Protection\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/ijsssp.315766\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Systems and Software Security and Protection","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijsssp.315766","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detecting and Rectifying the Non-Malicious Insider Threat in a Healthcare Setting
This paper aims to apply habit-based research to the domain of information security. It proposes a new training paradigm in which a user “automatically” does the right thing without being an expert in the area of information security. The authors used a multiphased approach in which a new security training program was created and assessed for three groups: administrators (mostly managers), medical professionals (included physicians, physician assistants etc.) and staff (appointment coordinators, billing specialists etc.). The authors were able to find strong correlations between habit creation and security threats such as phishing, unauthorized cloud computing use, and password sharing. The authors were also able to ascertain that traditional security training and awareness programs need to move away from the “one-size” fits all technique to custom models that need to look at employee groups. This study supports the idea of training programs that are focused on changing habits, which is an area that has not yet been extensively researched in this context.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
