Assessment of Information Security Culture in Public Hospitals in Southern Nations Nationalities and Peoples Region: The Case of Hawassa Referral Hospital
No Thumbnail Available
Date
2010-06-01
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Background: - Traditionally, most of the researchers and experts in the field of information security believed a technological solution to address majority of information security issues. However, contemporary studies have shown that non-technical solutions including the human behavior and processes are as important as technical solutions in safeguarding organization information assets.
Objective: - To assess the information security culture of Hawassa Referral Hospital in order to improve the existing information security culture of the hospital.
Methods: - A cross-sectional survey was conducted in Hawassa Referral Hospital from March-April 2010. A total of 314 study subjects were participated for questionnaire and in-depth interview. The data was collected by using a non-structured pre-tested questionnaire, in-depth interview and document analysis. The quantitative data was analyzed by using SPSS version 15.0 and the qualitative data was analyzed manually.
Results: - It was found that, 66.9% of the study participants have no knowledge about information security. About 63% of the respondents reported that management does not assist to the implementation and incorporation of information security in the hospital.
The result of the study also showed the absence of well written and documented information security policy in the hospital.
Conclusion and recommendations: - The study showed that majority of the respondents in the hospital has no knowledge about information security. The study also revealed that there is a lack of commitment from top management for the incorporation and implementation of information security in the hospital. Hence, it is recommended that there is a need to provide extra-education and training on information security issues