“I do it because they do it”: social-neutralisation in information security practices of Saudi medical interns

Saad Altamimi; Karen Renaud; Timothy Storer

doi:10.1007/978-3-030-41568-6_15

“I do it because they do it”: social-neutralisation in information security practices of Saudi medical interns

Saad Altamimi, Karen Renaud, Timothy Storer

SDI - Cyber Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

77 Downloads (Pure)

Abstract

Successful implementation of information security policies (ISP) and IT controls play an important role in safeguarding patient privacy in healthcare organizations. Our study investigates the factors that lead to healthcare practitioners' neutralisation of ISPs, leading to non-compliance. The study adopted a qualitative approach and conducted a series of semi-structured interviews with medical interns and hospital IT department managers and staff in an academic hospital in Saudi Arabia. The study's findings revealed that the MIs imitate their peers' actions and employ similar justifications when violating ISP dictates. Moreover, MI team superiors' (seniors) ISP non-compliance influence MIs tendency to invoke neutralisation techniques. We found that the trust between the medical team members is an essential social facilitator that motivates MIs to invoke neutralisation techniques to justify violating ISP policies and controls. These findings add new insights that help us to understand the relationship between the social context and neutralisation theory in triggering ISP non-compliance.

Original language	English
Title of host publication	Risks and security of internet and systems
Subtitle of host publication	14th International Conference, CRiSIS 2019, Hammamet, Tunisia, October 29–31, 2019, proceedings
Editors	Slim Kallel, Frédéric Cuppens, Nora Cuppens-Boulahia, Ahmed Hadj Kacem
Place of Publication	Cham
Publisher	Springer
Pages	227-243
Number of pages	17
ISBN (Electronic)	9783030415686
ISBN (Print)	9783030415679
DOIs	https://doi.org/10.1007/978-3-030-41568-6_15
Publication status	Published - 16 Feb 2020
Event	CRiSIS 2019: 14th International conference on risks and security of internet and systems - Hammamet, Tunisia Duration: 29 Oct 2019 → 31 Oct 2019 http://crisis2019.redcad.org/

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	12026
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	CRiSIS 2019
Country	Tunisia
City	Hammamet
Period	29/10/19 → 31/10/19
Internet address	http://crisis2019.redcad.org/

Access to Document

10.1007/978-3-030-41568-6_15

Renaud_IDoItBecauseTheyDoIt_Accepted_2019Accepted author manuscript, 375 KB

Correction

Fingerprint Dive into the research topics of '“<i>I do it because they do it</i>”: social-neutralisation in information security practices of Saudi medical interns'. Together they form a unique fingerprint.

Cite this

Altamimi, S., Renaud, K., & Storer, T. (2020). “I do it because they do it”: social-neutralisation in information security practices of Saudi medical interns. In S. Kallel, F. Cuppens, N. Cuppens-Boulahia, & A. Hadj Kacem (Eds.), Risks and security of internet and systems: 14th International Conference, CRiSIS 2019, Hammamet, Tunisia, October 29–31, 2019, proceedings (pp. 227-243). (Lecture Notes in Computer Science; Vol. 12026). Springer. https://doi.org/10.1007/978-3-030-41568-6_15

Altamimi, Saad ; Renaud, Karen ; Storer, Timothy. / “I do it because they do it” : social-neutralisation in information security practices of Saudi medical interns. Risks and security of internet and systems: 14th International Conference, CRiSIS 2019, Hammamet, Tunisia, October 29–31, 2019, proceedings. editor / Slim Kallel ; Frédéric Cuppens ; Nora Cuppens-Boulahia ; Ahmed Hadj Kacem. Cham : Springer, 2020. pp. 227-243 (Lecture Notes in Computer Science).

@inproceedings{04be650666a84f659f6a560f9c542151,

title = "“I do it because they do it”: social-neutralisation in information security practices of Saudi medical interns",

abstract = "Successful implementation of information security policies (ISP) and IT controls play an important role in safeguarding patient privacy in healthcare organizations. Our study investigates the factors that lead to healthcare practitioners' neutralisation of ISPs, leading to non-compliance. The study adopted a qualitative approach and conducted a series of semi-structured interviews with medical interns and hospital IT department managers and staff in an academic hospital in Saudi Arabia. The study's findings revealed that the MIs imitate their peers' actions and employ similar justifications when violating ISP dictates. Moreover, MI team superiors' (seniors) ISP non-compliance influence MIs tendency to invoke neutralisation techniques. We found that the trust between the medical team members is an essential social facilitator that motivates MIs to invoke neutralisation techniques to justify violating ISP policies and controls. These findings add new insights that help us to understand the relationship between the social context and neutralisation theory in triggering ISP non-compliance.",

author = "Saad Altamimi and Karen Renaud and Timothy Storer",

year = "2020",

month = feb,

day = "16",

doi = "10.1007/978-3-030-41568-6_15",

language = "English",

isbn = "9783030415679",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "227--243",

editor = "Slim Kallel and Fr{\'e}d{\'e}ric Cuppens and Nora Cuppens-Boulahia and {Hadj Kacem}, Ahmed",

booktitle = "Risks and security of internet and systems",

note = "CRiSIS 2019 : 14th International conference on risks and security of internet and systems ; Conference date: 29-10-2019 Through 31-10-2019",

url = "http://crisis2019.redcad.org/",

}

Altamimi, S, Renaud, K & Storer, T 2020, “I do it because they do it”: social-neutralisation in information security practices of Saudi medical interns. in S Kallel, F Cuppens, N Cuppens-Boulahia & A Hadj Kacem (eds), Risks and security of internet and systems: 14th International Conference, CRiSIS 2019, Hammamet, Tunisia, October 29–31, 2019, proceedings. Lecture Notes in Computer Science, vol. 12026, Springer, Cham, pp. 227-243, CRiSIS 2019, Hammamet, Tunisia, 29/10/19. https://doi.org/10.1007/978-3-030-41568-6_15

“I do it because they do it” : social-neutralisation in information security practices of Saudi medical interns. / Altamimi, Saad; Renaud, Karen; Storer, Timothy.

Risks and security of internet and systems: 14th International Conference, CRiSIS 2019, Hammamet, Tunisia, October 29–31, 2019, proceedings. ed. / Slim Kallel; Frédéric Cuppens; Nora Cuppens-Boulahia; Ahmed Hadj Kacem. Cham : Springer, 2020. p. 227-243 (Lecture Notes in Computer Science; Vol. 12026).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - “I do it because they do it”

T2 - CRiSIS 2019

AU - Altamimi, Saad

AU - Renaud, Karen

AU - Storer, Timothy

PY - 2020/2/16

Y1 - 2020/2/16

N2 - Successful implementation of information security policies (ISP) and IT controls play an important role in safeguarding patient privacy in healthcare organizations. Our study investigates the factors that lead to healthcare practitioners' neutralisation of ISPs, leading to non-compliance. The study adopted a qualitative approach and conducted a series of semi-structured interviews with medical interns and hospital IT department managers and staff in an academic hospital in Saudi Arabia. The study's findings revealed that the MIs imitate their peers' actions and employ similar justifications when violating ISP dictates. Moreover, MI team superiors' (seniors) ISP non-compliance influence MIs tendency to invoke neutralisation techniques. We found that the trust between the medical team members is an essential social facilitator that motivates MIs to invoke neutralisation techniques to justify violating ISP policies and controls. These findings add new insights that help us to understand the relationship between the social context and neutralisation theory in triggering ISP non-compliance.

AB - Successful implementation of information security policies (ISP) and IT controls play an important role in safeguarding patient privacy in healthcare organizations. Our study investigates the factors that lead to healthcare practitioners' neutralisation of ISPs, leading to non-compliance. The study adopted a qualitative approach and conducted a series of semi-structured interviews with medical interns and hospital IT department managers and staff in an academic hospital in Saudi Arabia. The study's findings revealed that the MIs imitate their peers' actions and employ similar justifications when violating ISP dictates. Moreover, MI team superiors' (seniors) ISP non-compliance influence MIs tendency to invoke neutralisation techniques. We found that the trust between the medical team members is an essential social facilitator that motivates MIs to invoke neutralisation techniques to justify violating ISP policies and controls. These findings add new insights that help us to understand the relationship between the social context and neutralisation theory in triggering ISP non-compliance.

UR - http://10.1007/978-3-030-41568-6_25

U2 - 10.1007/978-3-030-41568-6_15

DO - 10.1007/978-3-030-41568-6_15

M3 - Conference contribution

SN - 9783030415679

T3 - Lecture Notes in Computer Science

SP - 227

EP - 243

BT - Risks and security of internet and systems

A2 - Kallel, Slim

A2 - Cuppens, Frédéric

A2 - Cuppens-Boulahia, Nora

A2 - Hadj Kacem, Ahmed

PB - Springer

CY - Cham

Y2 - 29 October 2019 through 31 October 2019

ER -

Altamimi S, Renaud K, Storer T. “I do it because they do it”: social-neutralisation in information security practices of Saudi medical interns. In Kallel S, Cuppens F, Cuppens-Boulahia N, Hadj Kacem A, editors, Risks and security of internet and systems: 14th International Conference, CRiSIS 2019, Hammamet, Tunisia, October 29–31, 2019, proceedings. Cham: Springer. 2020. p. 227-243. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-030-41568-6_15