The role of optimism bias in susceptibility to phishing attacks in a financial services organisation
- Authors: Owen, Morné
- Date: 2023-03-31
- Subjects: Mixed methods research , Phishing , Optimism bias , Information security , Information storage and retrieval systems Financial services industry , Risk perception
- Language: English
- Type: Academic theses , Doctoral theses , text
- Identifier: http://hdl.handle.net/10962/419257 , vital:71629 , DOI 10.21504/10962/419257
- Description: Researchers looking for ways to change the insecure behaviour that results in successful phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this study is to understand the role of optimism bias (OB – defined as a cognitive bias), which characterises overly optimistic or unrealistic individuals, in order to ensure secure behaviour. Research is considered that has focused on issues such as personality traits, trust, attitude and information security awareness training (ISAT). We used a mixed methods design to investigate OB behaviour, building on a recontextualised version of the theory of planned behaviour to evaluate the influence that OB has on phishing susceptibility. To model the data, an analysis was performed on 226 survey responses (systematic random sampling method) from the employees of a financial services organisation using partial least squares (PLS) path modelling. To evaluate OB behaviour, we conducted an experiment consisting of three ISAT sessions and three simulated phishing attacks. After each phishing experiment, we conducted interviews to gain a better understanding of why people succumbed to the attacks. It was subsequently found that overly optimistic individuals are inclined to behave insecurely, while factors such as attitude and trust significantly influence the intention to behave securely. Our contribution to practice is to enhance the effectiveness of ISAT by identifying and addressing the OB weakness to deliver a more successful training outcome. Our contribution to theory enriches the Information Systems literature by evaluating the effect of a cognitive bias on phishing susceptibility and, through research, offering a contextual explanation of the resultant behaviour. , Thesis (PhD) -- Faculty of Commerce, Information Systems, 2023 , Navorsers op soek na ‘n antwoord om onveilige gedrag te verander wat lei na uitvissing het verskeie moontlike redes oorweeg vir sulke gedrag. Daarom is die doel van hierdie verhandeling om die rol van optimistiese vooroordeel (OB - gedefinieer as 'n kognitiewe vooroordeel) te verstaan, wat te optimistiese of onrealistiese individue kenmerk om veilige gedrag te verseker. Navorsing was oorweeg wat gefokus het op kwessies soos persoonlikheidseienskappe, vertroue, gesindheid en inligtingsekuriteitsbewustheidsopleiding (ISAT). Die navorser het gemengde metodes gebruik om OB-gedrag te ondersoek. Daar was voortgebou op 'n gerekontekstualiseerde weergawe van die theory of planned behaviour om die invloed wat OB op uitvissing-vatbaarheid het, te evalueer. Om die data te modelleer, is 'n analise gedoen waar 226 opname antwoorde verkry is van 'n finansiële dienste organisasie en is partial least squares (PLS) path modelling gebruik. Om OB-gedrag te evalueer, het ons 'n eksperiment uitgevoer wat bestaan uit drie ISAT-sessies en drie gesimuleerde uitvissing-aanvalle. Na elke uitvissing-eksperiment het ons onderhoude gevoer om 'n beter begrip te kry waarom mense aan die aanvalle geswig het. Te optimistiese individue is geneig om onveilig op te tree, terwyl faktore soos gesindheid en vertroue die voorneme om veilig op te tree, aansienlik beïnvloed het. Die studie se bydrae tot die praktyk is om die doeltreffendheid van ISAT te verbeter deur die OBswakheid te identifiseer en aan te spreek om 'n meer suksesvolle opleidingsuitkoms te lewer. Verder verryk die studie die Inligtingstelsels-literatuur deur die effek van 'n kognitiewe vooroordeel op uitvissing-vatbaarheid te evalueer en deur navorsing bied dit 'n kontekstuele verduideliking van die gevolglike gedrag.
- Full Text:
The role of optimism bias in susceptibility to phishing attacks in a financial services organisation
- Authors: Owen, Morné
- Date: 2023-03-31
- Subjects: Mixed methods research , Phishing , Optimism bias , Information security , Information storage and retrieval systems Financial services industry , Risk perception
- Language: English
- Type: Academic theses , Doctoral theses , text
- Identifier: http://hdl.handle.net/10962/419257 , vital:71629 , DOI 10.21504/10962/419257
- Description: Researchers looking for ways to change the insecure behaviour that results in successful phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this study is to understand the role of optimism bias (OB – defined as a cognitive bias), which characterises overly optimistic or unrealistic individuals, in order to ensure secure behaviour. Research is considered that has focused on issues such as personality traits, trust, attitude and information security awareness training (ISAT). We used a mixed methods design to investigate OB behaviour, building on a recontextualised version of the theory of planned behaviour to evaluate the influence that OB has on phishing susceptibility. To model the data, an analysis was performed on 226 survey responses (systematic random sampling method) from the employees of a financial services organisation using partial least squares (PLS) path modelling. To evaluate OB behaviour, we conducted an experiment consisting of three ISAT sessions and three simulated phishing attacks. After each phishing experiment, we conducted interviews to gain a better understanding of why people succumbed to the attacks. It was subsequently found that overly optimistic individuals are inclined to behave insecurely, while factors such as attitude and trust significantly influence the intention to behave securely. Our contribution to practice is to enhance the effectiveness of ISAT by identifying and addressing the OB weakness to deliver a more successful training outcome. Our contribution to theory enriches the Information Systems literature by evaluating the effect of a cognitive bias on phishing susceptibility and, through research, offering a contextual explanation of the resultant behaviour. , Thesis (PhD) -- Faculty of Commerce, Information Systems, 2023 , Navorsers op soek na ‘n antwoord om onveilige gedrag te verander wat lei na uitvissing het verskeie moontlike redes oorweeg vir sulke gedrag. Daarom is die doel van hierdie verhandeling om die rol van optimistiese vooroordeel (OB - gedefinieer as 'n kognitiewe vooroordeel) te verstaan, wat te optimistiese of onrealistiese individue kenmerk om veilige gedrag te verseker. Navorsing was oorweeg wat gefokus het op kwessies soos persoonlikheidseienskappe, vertroue, gesindheid en inligtingsekuriteitsbewustheidsopleiding (ISAT). Die navorser het gemengde metodes gebruik om OB-gedrag te ondersoek. Daar was voortgebou op 'n gerekontekstualiseerde weergawe van die theory of planned behaviour om die invloed wat OB op uitvissing-vatbaarheid het, te evalueer. Om die data te modelleer, is 'n analise gedoen waar 226 opname antwoorde verkry is van 'n finansiële dienste organisasie en is partial least squares (PLS) path modelling gebruik. Om OB-gedrag te evalueer, het ons 'n eksperiment uitgevoer wat bestaan uit drie ISAT-sessies en drie gesimuleerde uitvissing-aanvalle. Na elke uitvissing-eksperiment het ons onderhoude gevoer om 'n beter begrip te kry waarom mense aan die aanvalle geswig het. Te optimistiese individue is geneig om onveilig op te tree, terwyl faktore soos gesindheid en vertroue die voorneme om veilig op te tree, aansienlik beïnvloed het. Die studie se bydrae tot die praktyk is om die doeltreffendheid van ISAT te verbeter deur die OBswakheid te identifiseer en aan te spreek om 'n meer suksesvolle opleidingsuitkoms te lewer. Verder verryk die studie die Inligtingstelsels-literatuur deur die effek van 'n kognitiewe vooroordeel op uitvissing-vatbaarheid te evalueer en deur navorsing bied dit 'n kontekstuele verduideliking van die gevolglike gedrag.
- Full Text:
A personality-based behavioural model: Susceptibility to phishing on social networking sites
- Authors: Frauenstein, Edwin Donald
- Date: 2021-10-29
- Subjects: Phishing , Social networks , Personality , Self-presentation in mass media , Internet fraud , Internet users Habits and behavior , Big Five model , Human information processing , Heuristic-Systematic Model (HSM)
- Language: English
- Type: Doctoral theses , text
- Identifier: http://hdl.handle.net/10962/190306 , vital:44982 , 10.21504/10962/190306
- Description: The worldwide popularity of social networking sites (SNSs) and the technical features they offer users have created many opportunities for malicious individuals to exploit the behavioral tendencies of their users via social engineering tactics. The self-representation and social interactions on SNSs encourage users to reveal their personalities in a way which characterises their behaviour. Frequent engagement on SNSs may also reinforce the performance of certain activities, such as sharing and clicking on links, at a “habitual” level on these sites. Subsequently, this may also influence users to overlook phishing posts and messages on SNSs and thus not apply sufficient cognitive effort in their decision-making. As users do not expect phishing threats on these sites, they may become accustomed to behaving in this manner which may consequently put them at risk of such attacks. Using an online survey, primary data was collected from 215 final-year undergraduate students. Employing structural equation modelling techniques, the associations between the Big Five personality traits, habits and information processing were examined with the aim to identify users susceptible to phishing on SNSs. Moreover, other behavioural factors such as social norms, computer self-efficacy and perceived risk were examined in terms of their influence on phishing susceptibility. The results of the analysis revealed the following key findings: 1) users with the personality traits of extraversion, agreeableness and neuroticism are more likely to perform habitual behaviour, while conscientious users are least likely; 2) users who perform certain behaviours out of habit are directly susceptible to phishing attacks; 3) users who behave out of habit are likely to apply a heuristic mode of processing and are therefore more susceptible to phishing attacks on SNSs than those who apply systematic processing; 4) users with higher computer self-efficacy are less susceptible to phishing; and 5) users who are influenced by social norms are at greater risk of phishing. This study makes a contribution to scholarship and to practice, as it is the first empirical study to investigate, in one comprehensive model, the relationship between personality traits, habit and their effect on information processing which may influence susceptibility to phishing on SNSs. The findings of this study may assist organisations in the customisation of an individual anti-phishing training programme to target specific dispositional factors in vulnerable users. By using a similar instrument to the one used in this study, pre-assessments could determine and classify certain risk profiles that make users vulnerable to phishing attacks. , Thesis (PhD) -- Faculty of Commerce, Information Systems, 2021
- Full Text:
- Authors: Frauenstein, Edwin Donald
- Date: 2021-10-29
- Subjects: Phishing , Social networks , Personality , Self-presentation in mass media , Internet fraud , Internet users Habits and behavior , Big Five model , Human information processing , Heuristic-Systematic Model (HSM)
- Language: English
- Type: Doctoral theses , text
- Identifier: http://hdl.handle.net/10962/190306 , vital:44982 , 10.21504/10962/190306
- Description: The worldwide popularity of social networking sites (SNSs) and the technical features they offer users have created many opportunities for malicious individuals to exploit the behavioral tendencies of their users via social engineering tactics. The self-representation and social interactions on SNSs encourage users to reveal their personalities in a way which characterises their behaviour. Frequent engagement on SNSs may also reinforce the performance of certain activities, such as sharing and clicking on links, at a “habitual” level on these sites. Subsequently, this may also influence users to overlook phishing posts and messages on SNSs and thus not apply sufficient cognitive effort in their decision-making. As users do not expect phishing threats on these sites, they may become accustomed to behaving in this manner which may consequently put them at risk of such attacks. Using an online survey, primary data was collected from 215 final-year undergraduate students. Employing structural equation modelling techniques, the associations between the Big Five personality traits, habits and information processing were examined with the aim to identify users susceptible to phishing on SNSs. Moreover, other behavioural factors such as social norms, computer self-efficacy and perceived risk were examined in terms of their influence on phishing susceptibility. The results of the analysis revealed the following key findings: 1) users with the personality traits of extraversion, agreeableness and neuroticism are more likely to perform habitual behaviour, while conscientious users are least likely; 2) users who perform certain behaviours out of habit are directly susceptible to phishing attacks; 3) users who behave out of habit are likely to apply a heuristic mode of processing and are therefore more susceptible to phishing attacks on SNSs than those who apply systematic processing; 4) users with higher computer self-efficacy are less susceptible to phishing; and 5) users who are influenced by social norms are at greater risk of phishing. This study makes a contribution to scholarship and to practice, as it is the first empirical study to investigate, in one comprehensive model, the relationship between personality traits, habit and their effect on information processing which may influence susceptibility to phishing on SNSs. The findings of this study may assist organisations in the customisation of an individual anti-phishing training programme to target specific dispositional factors in vulnerable users. By using a similar instrument to the one used in this study, pre-assessments could determine and classify certain risk profiles that make users vulnerable to phishing attacks. , Thesis (PhD) -- Faculty of Commerce, Information Systems, 2021
- Full Text:
An online information security Aaareness model: the disclosure of personal data
- Authors: Parker, Heather Joubert
- Date: 2021
- Subjects: Social media -- Psychological aspects , Social media -- Psychological aspects -- South Africa , Human behavior , Disclosure of information -- Psychological aspects -- Case studies , Personal information management -- Psychological aspects -- Case studies , Data protection -- Psychologial aspects -- Case studies
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/172329 , vital:42189
- Description: Social media has revolutionized the way people send and receive information by creating a new level of interconnected communication. However, the use of the Internet and social media brings about various ways in which a user’s personal data can be put at risk. This study aims to investigate what drives the disclosure of personal information online and whether an increase in awareness of the value of personal information motivates users to safeguard their information. Fourteen university students participated in a mixed-methods experiment, where they completed a questionnaire before and after being shown the data stored about them by online platforms to determine if changes occur in their intention to disclose. Following completing the initial questionnaire, the participant viewed the personal data stored about them by Facebook, Google, and Instagram. Other online tools such as Social Profile Checker, Facebook View As, and HaveIBeenPawned were used to see the information publicly available about each participant. Together these findings were discussed in a semi-structured interview to determine the influence of attitudes, subjective norms, and awareness on the cost-benefit analysis users conduct when disclosing information online. Overall, the findings indicate that users are able to disregard their concerns due to a resigned and apathetic attitude towards privacy. Furthermore, subjective norms enhanced by FOMO further allow users to overlook potential risks to their information in order to avoid social isolation and sanction. Alternatively, an increased awareness of the personal value of information and having experienced a previous privacy violation encourage the protection of information and limited disclosure. Thus, this study provides insight into privacy and information disclosure on social media in South Africa. It reveals more insight into the cost-benefit analysis users conduct by combining the Theory of Planned Behaviour with the Privacy Calculus Model, as well as the antecedent factors of Trust in the Social Media Provider, FOMO, and Personal Valuation of Information.
- Full Text:
- Authors: Parker, Heather Joubert
- Date: 2021
- Subjects: Social media -- Psychological aspects , Social media -- Psychological aspects -- South Africa , Human behavior , Disclosure of information -- Psychological aspects -- Case studies , Personal information management -- Psychological aspects -- Case studies , Data protection -- Psychologial aspects -- Case studies
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/172329 , vital:42189
- Description: Social media has revolutionized the way people send and receive information by creating a new level of interconnected communication. However, the use of the Internet and social media brings about various ways in which a user’s personal data can be put at risk. This study aims to investigate what drives the disclosure of personal information online and whether an increase in awareness of the value of personal information motivates users to safeguard their information. Fourteen university students participated in a mixed-methods experiment, where they completed a questionnaire before and after being shown the data stored about them by online platforms to determine if changes occur in their intention to disclose. Following completing the initial questionnaire, the participant viewed the personal data stored about them by Facebook, Google, and Instagram. Other online tools such as Social Profile Checker, Facebook View As, and HaveIBeenPawned were used to see the information publicly available about each participant. Together these findings were discussed in a semi-structured interview to determine the influence of attitudes, subjective norms, and awareness on the cost-benefit analysis users conduct when disclosing information online. Overall, the findings indicate that users are able to disregard their concerns due to a resigned and apathetic attitude towards privacy. Furthermore, subjective norms enhanced by FOMO further allow users to overlook potential risks to their information in order to avoid social isolation and sanction. Alternatively, an increased awareness of the personal value of information and having experienced a previous privacy violation encourage the protection of information and limited disclosure. Thus, this study provides insight into privacy and information disclosure on social media in South Africa. It reveals more insight into the cost-benefit analysis users conduct by combining the Theory of Planned Behaviour with the Privacy Calculus Model, as well as the antecedent factors of Trust in the Social Media Provider, FOMO, and Personal Valuation of Information.
- Full Text:
A personality-based surveillance model for Facebook apps
- Authors: Van der Schyff, Karl Izak
- Date: 2020
- Subjects: Facebook (Electronic resource) , Electronic surveillance -- Psychological aspects , Online social networks -- Psychological aspects , Social media -- Psychological aspects , Personality
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/145534 , vital:38447
- Description: The surveillance of data through the use of Facebook Apps is an ongoing and persistent problem that impacts millions of users. Nonetheless, limited research has been conducted investigating to what extent a Facebook user’s personality influences their awareness of such surveillance practices. Thus, to understand this situation better, the current study inductively developed four propositions from secondary data sources as part of a detailed content analysis. Spanning three search and analysis phases the content analysis led to the development of the research model. Guided by the propositions and research questions, a questionnaire was developed based on the relevant constructs prescribed by the Theory of Planned Behaviour. This questionnaire was used, and a total of 651 responses were collected from Facebook users over the age of 18 years old and residing in the United States of America. Primary data took place at both a univariate and multivariate level with a specific focus on the development of a structural model. Interpretation of the structural model revealed that out of all the Big Five personality traits, Conscientiousness exhibited the strongest relationship with information security awareness followed by Openness to Experience and Neuroticism, respectively. The results further indicated that the model constructs based on attitude, social norms and awareness significantly influenced the intended use of Facebook Apps. The study also contributes by indicating which personality traits are most vulnerable to Facebook App surveillance. For example, it was found that individuals high in Conscientiousness are the least vulnerable with individuals high in Extraversion being the most vulnerable. Since the results indicate that not all the personality traits are significantly related to the model constructs, additional factors may contribute to App surveillance in this context. Concerning this, factors such as user apathy, information privacy, privacy concerns, control and Facebook dependency are discussed as a means to argue why this might be the case.
- Full Text:
- Authors: Van der Schyff, Karl Izak
- Date: 2020
- Subjects: Facebook (Electronic resource) , Electronic surveillance -- Psychological aspects , Online social networks -- Psychological aspects , Social media -- Psychological aspects , Personality
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/145534 , vital:38447
- Description: The surveillance of data through the use of Facebook Apps is an ongoing and persistent problem that impacts millions of users. Nonetheless, limited research has been conducted investigating to what extent a Facebook user’s personality influences their awareness of such surveillance practices. Thus, to understand this situation better, the current study inductively developed four propositions from secondary data sources as part of a detailed content analysis. Spanning three search and analysis phases the content analysis led to the development of the research model. Guided by the propositions and research questions, a questionnaire was developed based on the relevant constructs prescribed by the Theory of Planned Behaviour. This questionnaire was used, and a total of 651 responses were collected from Facebook users over the age of 18 years old and residing in the United States of America. Primary data took place at both a univariate and multivariate level with a specific focus on the development of a structural model. Interpretation of the structural model revealed that out of all the Big Five personality traits, Conscientiousness exhibited the strongest relationship with information security awareness followed by Openness to Experience and Neuroticism, respectively. The results further indicated that the model constructs based on attitude, social norms and awareness significantly influenced the intended use of Facebook Apps. The study also contributes by indicating which personality traits are most vulnerable to Facebook App surveillance. For example, it was found that individuals high in Conscientiousness are the least vulnerable with individuals high in Extraversion being the most vulnerable. Since the results indicate that not all the personality traits are significantly related to the model constructs, additional factors may contribute to App surveillance in this context. Concerning this, factors such as user apathy, information privacy, privacy concerns, control and Facebook dependency are discussed as a means to argue why this might be the case.
- Full Text:
Passphrase and keystroke dynamics authentication: security and usability
- Authors: Bhana, Bhaveer
- Date: 2020
- Subjects: Computer security -- Management , Computers -- Access control -- Codewords , Computers -- Access control -- Keystroke timing authentication , Entropy (Information theory)
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/146663 , vital:38546
- Description: It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation.
- Full Text:
- Authors: Bhana, Bhaveer
- Date: 2020
- Subjects: Computer security -- Management , Computers -- Access control -- Codewords , Computers -- Access control -- Keystroke timing authentication , Entropy (Information theory)
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/146663 , vital:38546
- Description: It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation.
- Full Text:
An access control model for a South African National Electronic Health Record System
- Authors: Tsegaye, Tamir Asrat
- Date: 2019
- Subjects: Medical records -- Data processing , Medical records -- Data processing -- Safety measures , Medical records -- Data processing -- South Africa , Medical records -- Data processing -- Access control , Medical informatics , Medical records -- Management -- South Africa , Health services administration -- South Africa
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/97046 , vital:31390
- Description: Countries such as South Africa have attempted to leverage eHealth by digitising patients’ medical records with the ultimate goal of improving the delivery of healthcare. This involves the use of the Electronic Health Record (EHR) which is a longitudinal electronic record of a patient’s information. The EHR is comprised of all of the encounters that have been made at different health facilities. In the national context, the EHR is also known as a national EHR which enables the sharing of patient information between points of care. Despite this, the realisation of a national EHR system puts patients' EHRs at risk. This is because patients’ information, which was once only available at local health facilities in the form of paper-based records, can be accessed anywhere within the country as a national EHR. This results in security and privacy issues since patients’ EHRs are shared with an increasing number of parties who are geographically distributed. This study proposes an access control model that will address the security and privacy issues by providing the right level of secure access to authorised clinicians. The proposed model is based on a combination of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The study found that RBAC is the most common access control model that is used within the healthcare domain where users’ job functions are based on roles. While RBAC is not able to handle dynamic events such as emergencies, the proposed model’s use of ABAC addresses this limitation. The development of the proposed model followed the design science research paradigm and was informed by the results of the content analysis plus an expert review. The content analysis sample was retrieved by conducting a systematic literature review and the analysis of this sample resulted in 6743 tags. The proposed model was evaluated using an evaluation framework via an expert review.
- Full Text:
- Authors: Tsegaye, Tamir Asrat
- Date: 2019
- Subjects: Medical records -- Data processing , Medical records -- Data processing -- Safety measures , Medical records -- Data processing -- South Africa , Medical records -- Data processing -- Access control , Medical informatics , Medical records -- Management -- South Africa , Health services administration -- South Africa
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/97046 , vital:31390
- Description: Countries such as South Africa have attempted to leverage eHealth by digitising patients’ medical records with the ultimate goal of improving the delivery of healthcare. This involves the use of the Electronic Health Record (EHR) which is a longitudinal electronic record of a patient’s information. The EHR is comprised of all of the encounters that have been made at different health facilities. In the national context, the EHR is also known as a national EHR which enables the sharing of patient information between points of care. Despite this, the realisation of a national EHR system puts patients' EHRs at risk. This is because patients’ information, which was once only available at local health facilities in the form of paper-based records, can be accessed anywhere within the country as a national EHR. This results in security and privacy issues since patients’ EHRs are shared with an increasing number of parties who are geographically distributed. This study proposes an access control model that will address the security and privacy issues by providing the right level of secure access to authorised clinicians. The proposed model is based on a combination of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The study found that RBAC is the most common access control model that is used within the healthcare domain where users’ job functions are based on roles. While RBAC is not able to handle dynamic events such as emergencies, the proposed model’s use of ABAC addresses this limitation. The development of the proposed model followed the design science research paradigm and was informed by the results of the content analysis plus an expert review. The content analysis sample was retrieved by conducting a systematic literature review and the analysis of this sample resulted in 6743 tags. The proposed model was evaluated using an evaluation framework via an expert review.
- Full Text:
- «
- ‹
- 1
- ›
- »