{"title":"从失权到授权:制定医疗保健网络安全自我评估计划","authors":"Wendy Burke , Andrew Stranieri , Taiwo Oseni","doi":"10.1016/j.cose.2024.104148","DOIUrl":null,"url":null,"abstract":"<div><div>Due to the valuable and sensitive nature of its data, the Australian healthcare sector is increasingly targeted by cyberattacks. Existing cybersecurity evaluation methods often lack the specificity required to address the unique vulnerabilities within this sector, especially in terms of engaging stakeholders and fostering a proactive security culture. These evaluations often overlook psychological empowerment, which enhances individuals’ confidence in managing cybersecurity.</div><div>This study aims to develop a tailored cybersecurity self-assessment index for the Australian healthcare system. It will focus on enhancing psychological empowerment alongside technical assessments to improve overall sector resilience against cyber threats.</div><div>Using a design science research approach, the index was developed using expert reviews, online surveys, and in-depth interviews with key stakeholders, including healthcare providers, consumers, and government entities. This iterative process involved identifying gaps in existing cybersecurity measures and designing an index to address technical and human factors.</div><div>The index’s evaluation through a pilot study revealed that it effectively raised awareness and empowered individuals within the healthcare sector to take ownership of cybersecurity practices. Participants reported increased confidence in managing cybersecurity risks and found the index’s actionable recommendations helpful in improving their security posture. However, challenges related to its applicability across diverse healthcare environments and regulatory constraints were identified.</div><div>The Australian Healthcare Cybersecurity Self-Assessment Index shows promise as a tool for strengthening cybersecurity in the healthcare sector by integrating psychological empowerment with technical assessments. Further research is needed to refine the tool, incorporate quantitative data, and explore its scalability across different healthcare settings and global applications.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104148"},"PeriodicalIF":4.8000,"publicationDate":"2024-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"From Dis-empowerment to empowerment: Crafting a healthcare cybersecurity self-assessment\",\"authors\":\"Wendy Burke , Andrew Stranieri , Taiwo Oseni\",\"doi\":\"10.1016/j.cose.2024.104148\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Due to the valuable and sensitive nature of its data, the Australian healthcare sector is increasingly targeted by cyberattacks. Existing cybersecurity evaluation methods often lack the specificity required to address the unique vulnerabilities within this sector, especially in terms of engaging stakeholders and fostering a proactive security culture. These evaluations often overlook psychological empowerment, which enhances individuals’ confidence in managing cybersecurity.</div><div>This study aims to develop a tailored cybersecurity self-assessment index for the Australian healthcare system. It will focus on enhancing psychological empowerment alongside technical assessments to improve overall sector resilience against cyber threats.</div><div>Using a design science research approach, the index was developed using expert reviews, online surveys, and in-depth interviews with key stakeholders, including healthcare providers, consumers, and government entities. This iterative process involved identifying gaps in existing cybersecurity measures and designing an index to address technical and human factors.</div><div>The index’s evaluation through a pilot study revealed that it effectively raised awareness and empowered individuals within the healthcare sector to take ownership of cybersecurity practices. Participants reported increased confidence in managing cybersecurity risks and found the index’s actionable recommendations helpful in improving their security posture. However, challenges related to its applicability across diverse healthcare environments and regulatory constraints were identified.</div><div>The Australian Healthcare Cybersecurity Self-Assessment Index shows promise as a tool for strengthening cybersecurity in the healthcare sector by integrating psychological empowerment with technical assessments. Further research is needed to refine the tool, incorporate quantitative data, and explore its scalability across different healthcare settings and global applications.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"148 \",\"pages\":\"Article 104148\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-10-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S016740482400453X\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016740482400453X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
From Dis-empowerment to empowerment: Crafting a healthcare cybersecurity self-assessment
Due to the valuable and sensitive nature of its data, the Australian healthcare sector is increasingly targeted by cyberattacks. Existing cybersecurity evaluation methods often lack the specificity required to address the unique vulnerabilities within this sector, especially in terms of engaging stakeholders and fostering a proactive security culture. These evaluations often overlook psychological empowerment, which enhances individuals’ confidence in managing cybersecurity.
This study aims to develop a tailored cybersecurity self-assessment index for the Australian healthcare system. It will focus on enhancing psychological empowerment alongside technical assessments to improve overall sector resilience against cyber threats.
Using a design science research approach, the index was developed using expert reviews, online surveys, and in-depth interviews with key stakeholders, including healthcare providers, consumers, and government entities. This iterative process involved identifying gaps in existing cybersecurity measures and designing an index to address technical and human factors.
The index’s evaluation through a pilot study revealed that it effectively raised awareness and empowered individuals within the healthcare sector to take ownership of cybersecurity practices. Participants reported increased confidence in managing cybersecurity risks and found the index’s actionable recommendations helpful in improving their security posture. However, challenges related to its applicability across diverse healthcare environments and regulatory constraints were identified.
The Australian Healthcare Cybersecurity Self-Assessment Index shows promise as a tool for strengthening cybersecurity in the healthcare sector by integrating psychological empowerment with technical assessments. Further research is needed to refine the tool, incorporate quantitative data, and explore its scalability across different healthcare settings and global applications.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.