Search results

Recently, interest and necessity for cloud-based hospital information systems (HISs) have emerged as an appropriate alternative for revitalizing medical information exchange between hospitals, analyzing “big data” medical information and developing the use of new medical technologies. The purpose of this paper is to investigate factors that affect the switching of information systems in existing on-premise environments into cloud-based HISs.

A research model was developed using the push–pull–mooring model based on migration theory. The research model was analyzed using confirmatory factor analysis and path analysis using partial least squares structural equation modeling.

The results of this study showed that low compatibility, perceived value, low cost and inertia influenced the intention to switch to cloud-based HISs; low flexibility and low compatibility influenced dissatisfaction; and low cost, ease of maintenance and ease of managing indicators influenced perceived value.

This study is expected to be used as the basis for developing a research model in subsequent studies to analyze the transition to new innovative technologies. Also, in practice, it is expected to contribute to the activation of cloud computing environments in hospitals.

In organizations today, protecting information and computer assets from attacks or disaster has become one of the top managerial issues. The purpose of this paper is to propose and empirically test a comprehensive model of computer security behaviors of individuals in the workplace.

The model was developed based on the reference disciplines of the theory of reasoned action, moral obligation, protection motivation theory (PMT), and organizational context factors. The measurements for the variables in the model, including computer security behavioral intention were adapted from prior studies, and their reliability and validity were verified by a confirmatory factor analysis. The model was empirically analyzed by structural equation modeling with respect to data from 162 employees in a number of organizations in Korea.

The results indicate that moral obligation and organizational norms along with attitude toward computer security behavior have significant impacts on employees’ behavioral intentions of computer security. In addition, perceived threat severity, response efficacy, and self-efficacy, which are drawn from the PMT, have significant impacts on employee attitude, whereas security policy has significant impacts on the organizational norms.

The paper provides a useful model for analyzing employees’ computer security behaviors in the workplace. Also, the paper reveals that moral obligation as well as attitude toward computer security behavior was a significant predictor of an individual employee's intention to practice computer security behavior.

The purpose of this research is to explain the influence of information security monitoring and other social learning factors on employees’ security assurance behaviour. Security assurance behaviour represents employees’ intentional and effortful actions aimed towards protecting information systems. The behaviour is highly desired as it tackles the human factor within the information security framework. The authors posited that security assurance behaviour is a learned behaviour that can be enhanced by the implementation of information security monitoring.

Theoretical framework underlying this study with six constructs, namely, subjective norm, outcome expectation, information security monitoring, information security policy, self-efficacy and perceived inconvenience, were identified as significant in determining employees’ security assurance behaviour (SAB). The influence of these constructs on SAB could be explained by social cognitive theory and is empirically supported by past studies. An online questionnaire survey as the main research instrument is adopted to elicit information on the six constructs tested in this study. Opinion from industry and academic expert panels on the relevance and face validity of the questionnaire were obtained prior to the survey administration.

Findings from this research indicate that organisations will benefit from information security monitoring by encouraging security behaviours that extend beyond the security policy. This study also demonstrates that employees tend to abandon security behaviour when the behaviour is perceived as inconvenient. Hence, organisations must find ways to reduce the perceived inconvenience using various security automation methods and specialised security training. Reducing perceived inconvenience is a challenge to information security practitioners.

There are some limitations in the existing work that could be addressed in future studies. One of them is the possible social desirability bias due to the self-reported measure adopted in the study. Even though the authors have made every effort possible to collect representative responses via anonymous survey, it is still possible that the respondents may not reveal true behaviour as good conduct is generally desired. This may lead to a bias towards favourable behaviour.

In general, the present research provides a number of significant insights and valuable information related to security assurance behaviour among employees. The major findings could assist security experts and organisations to develop better strategies and policies for information security protection. Findings of this research also indicate that organisations will benefit from information security monitoring by encouraging security behaviours that extend beyond the security policy.

In this research, the social cognitive learning theory is used to explain the influence of information security monitoring and other social learning factors on employees’ security assurance behaviour; the finding implies that monitoring emphases expected behaviours and helps to reinforce organisational norms. Monitoring may also accelerate learning when employees become strongly mindful of their behaviours. Hence, it is important for organisations to communicate the monitoring practices implemented, even more imperative whenever security monitoring employed is unobtrusive in nature. Nonetheless, care must be taken in this communication to avoid resentment and mistrust among employees.

This study is significant in a number of ways. First, this study highlights significant antecedents of security assurance behaviour, which helps organisations to assess their current practices, which may nurture or suppress information security. Second, using users’ perspective, this study provides recommendations pertaining to monitoring as a form of information security measure. Third, this study provides theoretical contribution to the existing information security literature via the application of the social cognitive learning theory.