Elevating Information Security Practices within Sudanese Healthcare Establishments' Staff
Main Article Content
Abstract
In today’s digital era healthcare establishments find information technologies invaluable in daily tasks.
The paper strongly based upon a research that is currently being conducted by the author and according to the results from the research survey only 20% of healthcare establishments in Sudan has security initiatives for their employees and make use of electronic security systems or even physical instruments to protect their assets and patients’ information, whilst on the contrary, 80% have no security measures or any security policies. This is due to there is a lack of academic and professional literature about information security management and information security culture. Moreover, as grew to the best knowledge of the author and extracted from the results, healthcare community thought their role is to heal patients and they do not have any responsibility to protect patients’ information, whereas they deem such role belong to the computer department, even if, these security breaches computer related (e.g. viruses), or socially motivated (e.g. theft of equipment).
Therefore, the overall aim of this paper is to identify factors that assist the implementation of information security culture and practices within healthcare establishments, and assist when conducting awareness programmers, so it discusses the need to promote information security issues within contemporary Sudanese healthcare establishments and the consequent need for appropriate training and awareness schemes.
In addition, the paper highlights sequence basic elements that healthcare establishments should consider when construct a training and awareness program.
Downloads
Article Details
COPYRIGHT
Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
- The journal allows the author(s) to retain publishing rights without restrictions.
- The journal allows the author(s) to hold the copyright without restrictions.
References
Viiveke Fak, Amund Hunstad, and E. Graham Dougall (Ed), “Teaching security basics: The importance of when and howâ€, IFIP/Sec '93 Proceedings of the IFIP TC11, Ninth International Conference on Information Security: Computer Security, North-Holland Publishing Co., 1993.
Audit Commission for Local Authorities and the National Health Service in England and Wales (Author), “Opportunity Makes a Thief: An Analysis of Computer Abuseâ€, HMSO Publications Centre, 13 October 1994.
Steven Furnell, Peter Sanders and Matthew Warren, "Baseline Security Guidelines for Health Care Management†in Data Security in Health Care-Volume 1 Management Guidelines, The SEISMED Consortium (Ed), Technology and Informatics 31, IOS Press, 1996.
Steven Furnell, Peter Sanders and Matthew Warren, "Baseline Security Guidelines for Health Care Information Technology and Security Personnel†in Data Security in Health Care-Volume 2 Technical Guidelines, The SEISMED Consortium (Ed), Technology and Informatics 32, IOS Press, 1996.