I do it because they do it”: social-neutralisation in information security practices of Saudi medical interns

Saad Altamimi, Karen Renaud, Timothy Storer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

37 Downloads (Pure)

Abstract

Successful implementation of information security policies (ISP) and IT controls play an important role in safeguarding patient privacy in healthcare organizations. Our study investigates the factors that lead to healthcare practitioners' neutralisation of ISPs, leading to non-compliance. The study adopted a qualitative approach and conducted a series of semi-structured interviews with medical interns and hospital IT department managers and staff in an academic hospital in Saudi Arabia. The study's findings revealed that the MIs imitate their peers' actions and employ similar justifications when violating ISP dictates. Moreover, MI team superiors' (seniors) ISP non-compliance influence MIs tendency to invoke neutralisation techniques. We found that the trust between the medical team members is an essential social facilitator that motivates MIs to invoke neutralisation techniques to justify violating ISP policies and controls. These findings add new insights that help us to understand the relationship between the social context and neutralisation theory in triggering ISP non-compliance.
Original languageEnglish
Title of host publicationRisks and security of internet and systems
Subtitle of host publication14th International Conference, CRiSIS 2019, Hammamet, Tunisia, October 29–31, 2019, proceedings
EditorsSlim Kallel, Frédéric Cuppens, Nora Cuppens-Boulahia, Ahmed Hadj Kacem
Place of PublicationCham
PublisherSpringer
Pages227-243
Number of pages17
ISBN (Electronic)9783030415686
ISBN (Print)9783030415679
DOIs
Publication statusPublished - 16 Feb 2020
EventCRiSIS 2019: 14th International conference on risks and security of internet and systems - Hammamet, Tunisia
Duration: 29 Oct 201931 Oct 2019
http://crisis2019.redcad.org/

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume12026

Conference

ConferenceCRiSIS 2019
CountryTunisia
CityHammamet
Period29/10/1931/10/19
Internet address

Fingerprint Dive into the research topics of '“<i>I do it because they do it</i>”: social-neutralisation in information security practices of Saudi medical interns'. Together they form a unique fingerprint.

  • Cite this

    Altamimi, S., Renaud, K., & Storer, T. (2020). I do it because they do it”: social-neutralisation in information security practices of Saudi medical interns. In S. Kallel, F. Cuppens, N. Cuppens-Boulahia, & A. Hadj Kacem (Eds.), Risks and security of internet and systems: 14th International Conference, CRiSIS 2019, Hammamet, Tunisia, October 29–31, 2019, proceedings (pp. 227-243). (Lecture Notes in Computer Science; Vol. 12026). Springer. https://doi.org/10.1007/978-3-030-41568-6_15