Information Security : The Landscape of Management In Electronic Record


Security threat
Security control
Information Security Management
Electronic Health Record (EHR)

How to Cite

Shamim, M. . (2022). Information Security : The Landscape of Management In Electronic Record. Proceedings of the International Seminar on Business, Education and Science, 1(1), 336–348.


Protecting information based on physical boundaries and firewall technologies are outdated and inadequate in this area. Today the more efforts to establish a successful information security practice by developing rules regulating and making the users understand how to follow the prescribed information security rules and policies also is not likely to be successful. Thus, a better understanding on holistic process of information security protection in healthcare industry is very important to manage information security management. Nowadays, the increasing role of information technology platform in organizing health information has led to the need of review on the confidentiality, privacy, and security of electronic information. The widespread use of electronic health records (EHRs) in healthcare industry is prevailing. Once information is electronically stored and shared, it opens the door for hackers and other malicious attackers to access the records.. Therefore, this paper is to scrutinize the landscape of security management elements that contribute on successful of implementing security management in healthcare industry. This paper also includes overview on identifying the simple process of security management that will helps any organization in healthcare industry to formulate, implement and manage any medical or hospital information system.


Acharya, D. (2010). Security in Pervasive Health Care Networks: Current R & D and Future Challenges. In Eleventh international Conference on Mobile Data Management Security (pp. 305-306), doi:10.1109/MDM.2010.38

Ahmad, A., Hadgkis, J., & Ruighaver, a. B. (2012). Incident response teams – Challenges in supporting the organizational security function. Computers & Security, 31(5), 643-652, doi:10.1016/j.cose 2012 04,001

Appari, A., & Johnson, M. E. (2010). Information security and privacy in healthcare; current state of research International Journal of Internet and Enterprise Management, 6(4), 279 doi:10.1504/JJIEM.2010.035624

Asri, M., Stambul, M., & Razali, R, (2011). An Assessment Model of Information Security Implementation Levels. In International Conference on Electrical Engineering and informatics.Bandung, Indonesia; IEEE

Atay, S., & Masera, M, (2011). Challenges the security analysis of Next Generation Networks. Information Security Technical Report, 16(1), 3-11. doi:10.1016/j.istr.2010.10.010

Boehmer, W. (2008). Appraisal of the Effectiveness and Efficiency of an Information Security Management System Based on ISO 27001. 2008 Second International Conference on Emerging Security Information, System and Technologies, 224-231. doi:10.1109/SECURWARE.2008.7

Cheng, L., Li, Y., Li,W., Holm, E., & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers & Security,39, 447-459. doi:10.1016/j.cose.2013.09.009

Cox, J. (2012) Information system user security: A structured model of the knowing-doing gap. Computers in Human Behavior, 28(5), 1849-1858. doi:10.1016/j.chb.2012.05.003

Cresswell, K., & Seikh, A. (2013). Organizational issues in the implementation and adoption of health information technology innovations: an interpretative review. International Journal of Medical Informatics, 82(5), e73-86 doi:10.1016/j.ijmedinf.210210.007

Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future direction for behavioral information security research. Computers & Security, 32, 90-101. doi: 10:1016/j.jbi.2010.05.003 Cushman, R., Froomkin, a M., Cava, A., Abril, P., & Goodman, K. W. (2010). Ethical, legal and social issuesfor personal health records and aplications Journal of Biomedical Informatics, 43(5 Suppl), S51-5 doi:10.1016/j.jbi.2010.05.003

Da Veiga, a., & Eloff, J.H.P (2010). A framework and assessment instrument for information security culture. Computers & Security, 20(2), 165-172. Doi: 10.1016/S0167-4048(01)00209-7

Dhillon, G.(2001). Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns. Computers & Security, 20(2), 165-172. doi: 10.1016/S0167-4048(01)00209-7

Existing, W., & From, C.(2012). Assesment Of Cobit Maturity Level With Exiting Conditions From Auditor,10(6), 41-50.

Fernandez-Aleman, J. L., Sensor, I.C., Lozoya, P.A.O., & Toval, A.(2013). Security and privacy in electronic helath record; a systematic literature review. Journal of Biomedical Informatics, 46(3), 541=62.doi:1016/j.jbi.2012.12.003

Fernando, J.I., & Dawson, I. I (2009). The health information system security threat lifestyle an informatics theory. International Journal of Medical informatics, 78(12). S 15-26.doi:10.1016/j.ijmedinf.2009,08.006

Ferralolo,D. F., Sandhu, R., Gavrilla, S., Kuhn. D.R., & Chandramouli, R R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on information and System Security, 4(3) 324-374. doi: 10.1145/501978.501980

Fielden, K (2010). Information Security Framework. IEEE SECURITY & PRIVACY, 25-30

Fuchs, L.Pernul. G., & Sandhu, R.(2011). Roles in Information security – A survey and classification of the research area. Computers & security, 30(8), 748-769. doi:10.1016/j.cose. 2011.08.002.

Fuchsberger, A. (2005). Intrusion Detection System and Intrusion Prevention Systems. Information Security Technical Report, 10(03), 134-139. doi:10.1016/j.istr.2005.08.001

Furnell,S., & Rajandran, A . (2012). Understanding the influences on information security behavior. Computer Fraud & Security, 2012(3), 12-15,doi: 10.1016/SI361-372(12)70053-2

Ghazvini, A., & Shukur, Z., (2013). Security Challenges and Success Factors of Electronic Healthcare System Procedia Technology, 11(Iceei), 212-219.doi:10.1016/j.protcy.2013.12.183

Guo,K.H.(2012). Security-Related Behavior in Using Information System in the Workplace: A Review and Synthesis. Computers & Security, (1), 1-10. doi:10.1016/j.cose.2012.10.003

Guo,K.H.(2012). Security-Related Behavior in Using Information System in the Workplace: A Review and Synthesis. Computers & Security, 32 (1), 242-251.doi:10.1016/j.cose.2012.10/003

Has, S., Wohlgemuth, S., Echizen, I., Sonehara, N., & Muller, G. (2011). Aspects of privacy for electronic health records, International Journal of Medical Informatics, 80(2), e26-31 doi:10.1016/j.ijmedinf.2010.10.001

Hayrinen, K., Saranto, K., & Nykanen, P,(2008). Definition, structure, content, use and impacts of electronic health records: a review of the research literature. International Journal of Medical Informatics, 77(5), 291-304, doi:10.1016/j.ijmedinf.2007.09.001

Huang, L.-C., Chu, H.-C., Lien, C.-Y., Hsiao, C.-H., & Kao,T. (2009). Privacy preservation and information security protection for patients’ portable electronic health records Computer in Biology and Medicine, 39(9), 743-50, doi:10.1016/j.compbiomed.2009.06.004

Humaidi, N. (2013). Exploratory Factor Analysis of User’s Compliance Behavior towards Health Information System’s Security. Journal of Health & Medical Informatics, 04(02), 2-9 doi:10.4172/2157-7420.1000123

Ifineedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialization, influence, and cognition. Information and Management, 51(1), 69-79 doi:10.1016/

Ismail, A., Jamil, A, T., Rahman, A. F. A., Madihah,J., Bakar, A., & Saad, N. M. (2010). Original Article The Implementation of Hospital Information System (His) in Tertiary Hospitals In Malaysia: A Qualitative Study, Malaysian Journal of Public Health Medicine, 10(2), 16-24

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright (c) 2022 Mohd Shamim


Download data is not yet available.