An information privacy model for primary health care facilities
- Authors: Boucher, Duane Eric
- Date: 2013
- Subjects: Data protection , Privacy, Right of , Medical records -- Access control , Primary health care , Medical care , Caregivers , Community health nursing , Confidential communications , Information technology -- Management
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11139 , http://hdl.handle.net/10353/d1007181 , Data protection , Privacy, Right of , Medical records -- Access control , Primary health care , Medical care , Caregivers , Community health nursing , Confidential communications , Information technology -- Management
- Description: The revolutionary migration within the health care sector towards the digitisation of medical records for convenience or compliance touches on many concerns with respect to ensuring the security of patient personally identifiable information (PII). Foremost of these is that a patient’s right to privacy is not violated. To this end, it is necessary that health care practitioners have a clear understanding of the various constructs of privacy in order to ensure privacy compliance is maintained. This research project focuses on an investigation of privacy from a multidisciplinary philosophical perspective to highlight the constructs of information privacy. These constructs together with a discussion focused on the confidentiality and accessibility of medical records results in the development of an artefact represented in the format of a model. The formulation of the model is accomplished by making use of the Design Science research guidelines for artefact development. Part of the process required that the artefact be refined through the use of an Expert Review Process. This involved an iterative (three phase) process which required (seven) experts from the fields of privacy, information security, and health care to respond to semi-structured questions administered with an interview guide. The data analysis process utilised the ISO/IEC 29100:2011(E) standard on privacy as a means to assign thematic codes to the responses, which were then analysed. The proposed information privacy model was discussed in relation to the compliance requirements of the South African Protection of Personal Information (PoPI) Bill of 2009 and their application in a primary health care facility. The proposed information privacy model provides a holistic view of privacy management that can residually be used to increase awareness associated with the compliance requirements of using patient PII.
- Full Text:
- Date Issued: 2013
- Authors: Boucher, Duane Eric
- Date: 2013
- Subjects: Data protection , Privacy, Right of , Medical records -- Access control , Primary health care , Medical care , Caregivers , Community health nursing , Confidential communications , Information technology -- Management
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11139 , http://hdl.handle.net/10353/d1007181 , Data protection , Privacy, Right of , Medical records -- Access control , Primary health care , Medical care , Caregivers , Community health nursing , Confidential communications , Information technology -- Management
- Description: The revolutionary migration within the health care sector towards the digitisation of medical records for convenience or compliance touches on many concerns with respect to ensuring the security of patient personally identifiable information (PII). Foremost of these is that a patient’s right to privacy is not violated. To this end, it is necessary that health care practitioners have a clear understanding of the various constructs of privacy in order to ensure privacy compliance is maintained. This research project focuses on an investigation of privacy from a multidisciplinary philosophical perspective to highlight the constructs of information privacy. These constructs together with a discussion focused on the confidentiality and accessibility of medical records results in the development of an artefact represented in the format of a model. The formulation of the model is accomplished by making use of the Design Science research guidelines for artefact development. Part of the process required that the artefact be refined through the use of an Expert Review Process. This involved an iterative (three phase) process which required (seven) experts from the fields of privacy, information security, and health care to respond to semi-structured questions administered with an interview guide. The data analysis process utilised the ISO/IEC 29100:2011(E) standard on privacy as a means to assign thematic codes to the responses, which were then analysed. The proposed information privacy model was discussed in relation to the compliance requirements of the South African Protection of Personal Information (PoPI) Bill of 2009 and their application in a primary health care facility. The proposed information privacy model provides a holistic view of privacy management that can residually be used to increase awareness associated with the compliance requirements of using patient PII.
- Full Text:
- Date Issued: 2013
Managing Information Confidentiality Using the Chinese Wall Model to Reduce Fraud in Government Tenders
- Authors: Rama, Sobhana
- Date: 2013
- Subjects: Chinese walls (Communication barriers) -- South Africa , Business logistics -- South Africa , Confidential communications -- South Africa , Conflict of interests -- South Africa , Fraud -- South Africa , Information services -- Government policy -- South Africa , Communication policy -- South Africa , Communication planning -- South Africa , Chinese Wall Model , Information confidentiality , Conflict of Interest , Government tender fraud
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11136 , http://hdl.handle.net/10353/d1006956 , Chinese walls (Communication barriers) -- South Africa , Business logistics -- South Africa , Confidential communications -- South Africa , Conflict of interests -- South Africa , Fraud -- South Africa , Information services -- Government policy -- South Africa , Communication policy -- South Africa , Communication planning -- South Africa , Chinese Wall Model , Information confidentiality , Conflict of Interest , Government tender fraud
- Description: Instances of fraudulent acts are often headline news in the popular press in South Africa. Increasingly, these press reports point to the government tender process as being the main enabler used by the perpetrators committing the fraud. The cause of the tender fraud problem is confidentiality breach of information. This is accomplished, in part, by compromising the tender information contained in the government information system. This results in the biased award of a tender. Typically, the information in the tender process should be used to make decisions about a tender’s specifications, solicitation, evaluation and adjudication. The sharing of said information to unauthorised persons can be used to manipulate and corrupt the process. This in turn corrupts the tender process by awarding a tender to an unworthy recipient. This research studies the generic steps in the tender process to understand how information is used to corrupt the tender process. It proposes that conflict of interest, together with a lack of information confidentiality in the information system, paves the way for possible tender fraud. Thereafter, a system of internal controls is examined within the South African government as well as in foreign countries to investigate measures taken to reduce the breach of confidential information in the tender process. By referring to the Common Criteria Security Model, various critical security areas within the tender process are identified. This measure is assisted with the ISO/IEC 27002 (2005) standard which has guiding principles for the management of confidential information. Thereafter, an information security policy,the Chinese Wall Model will be discussed as a means of reducing instances where conflict of interest may occur. Finally, an adapted Chinese Wall Model, which includes elements of the tender process, is presented as a way of reducing fraud in the government tender process. Finally, the research objective of this study is presented in the form of Critical Success Factors that aid in reducing the breach of confidential information in the tender process. As a consequence, tender fraud is reduced. These success factors have a direct and serious impact on the effectiveness of the Chinese Wall Model to secure the confidentiality of tender information. The proposed Critical Success Factors include: the Sanitisation Policy Document, an Electronic Document Management System, the Tender Evaluation Ethics Document, the Audit Trail Log and the Chinese Wall Model Prosecution Register.
- Full Text:
- Date Issued: 2013
- Authors: Rama, Sobhana
- Date: 2013
- Subjects: Chinese walls (Communication barriers) -- South Africa , Business logistics -- South Africa , Confidential communications -- South Africa , Conflict of interests -- South Africa , Fraud -- South Africa , Information services -- Government policy -- South Africa , Communication policy -- South Africa , Communication planning -- South Africa , Chinese Wall Model , Information confidentiality , Conflict of Interest , Government tender fraud
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11136 , http://hdl.handle.net/10353/d1006956 , Chinese walls (Communication barriers) -- South Africa , Business logistics -- South Africa , Confidential communications -- South Africa , Conflict of interests -- South Africa , Fraud -- South Africa , Information services -- Government policy -- South Africa , Communication policy -- South Africa , Communication planning -- South Africa , Chinese Wall Model , Information confidentiality , Conflict of Interest , Government tender fraud
- Description: Instances of fraudulent acts are often headline news in the popular press in South Africa. Increasingly, these press reports point to the government tender process as being the main enabler used by the perpetrators committing the fraud. The cause of the tender fraud problem is confidentiality breach of information. This is accomplished, in part, by compromising the tender information contained in the government information system. This results in the biased award of a tender. Typically, the information in the tender process should be used to make decisions about a tender’s specifications, solicitation, evaluation and adjudication. The sharing of said information to unauthorised persons can be used to manipulate and corrupt the process. This in turn corrupts the tender process by awarding a tender to an unworthy recipient. This research studies the generic steps in the tender process to understand how information is used to corrupt the tender process. It proposes that conflict of interest, together with a lack of information confidentiality in the information system, paves the way for possible tender fraud. Thereafter, a system of internal controls is examined within the South African government as well as in foreign countries to investigate measures taken to reduce the breach of confidential information in the tender process. By referring to the Common Criteria Security Model, various critical security areas within the tender process are identified. This measure is assisted with the ISO/IEC 27002 (2005) standard which has guiding principles for the management of confidential information. Thereafter, an information security policy,the Chinese Wall Model will be discussed as a means of reducing instances where conflict of interest may occur. Finally, an adapted Chinese Wall Model, which includes elements of the tender process, is presented as a way of reducing fraud in the government tender process. Finally, the research objective of this study is presented in the form of Critical Success Factors that aid in reducing the breach of confidential information in the tender process. As a consequence, tender fraud is reduced. These success factors have a direct and serious impact on the effectiveness of the Chinese Wall Model to secure the confidentiality of tender information. The proposed Critical Success Factors include: the Sanitisation Policy Document, an Electronic Document Management System, the Tender Evaluation Ethics Document, the Audit Trail Log and the Chinese Wall Model Prosecution Register.
- Full Text:
- Date Issued: 2013
Towards an information security awareness process for engineering SMEs in emerging economies
- Authors: Gundu, Tapiwa
- Date: 2013
- Subjects: Computer security -- South Africa , Information technology -- South Africa , Computer networks -- Security measures -- South Africa , Information resources management -- South Africa , Small business -- South Africa , Engineering firms -- South Africa , Confidential communications -- South Africa , Information Security Awareness , Information Security Behaviour , Information Security Training
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11138 , http://hdl.handle.net/10353/d1007179 , Computer security -- South Africa , Information technology -- South Africa , Computer networks -- Security measures -- South Africa , Information resources management -- South Africa , Small business -- South Africa , Engineering firms -- South Africa , Confidential communications -- South Africa , Information Security Awareness , Information Security Behaviour , Information Security Training
- Description: With most employees in Engineering Small and Medium Enterprises (SME) now having access to their own personal workstations, the need for information security management to safeguard against loss/alteration or theft of the firms’ important information has increased. These Engineering SMEs tend to be more concerned with vulnerabilities from external threats, although industry research suggests that a substantial proportion of security incidents originate from insiders within the firm. Hence, technical preventative measures such as antivirus software and firewalls are proving to solve only part of the problem as the employees controlling them lack adequate information security knowledge. This tends to expose a firm to risk and costly mistakes made by naïve/uninformed employees. This dissertation presents an information security awareness process that seeks to cultivate positive security behaviours using a behavioural intention model based on the Theory of Reasoned Action, Protection Motivation Theory and the Behaviourism Theory. The process and model have been refined and verified using expert review and tested through action research at an Engineering SME in South Africa. The main finding was information security levels of employees within the firm were low, but the proposed information security awareness process increased their knowledge thereby positively altering their behaviour.
- Full Text:
- Date Issued: 2013
- Authors: Gundu, Tapiwa
- Date: 2013
- Subjects: Computer security -- South Africa , Information technology -- South Africa , Computer networks -- Security measures -- South Africa , Information resources management -- South Africa , Small business -- South Africa , Engineering firms -- South Africa , Confidential communications -- South Africa , Information Security Awareness , Information Security Behaviour , Information Security Training
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11138 , http://hdl.handle.net/10353/d1007179 , Computer security -- South Africa , Information technology -- South Africa , Computer networks -- Security measures -- South Africa , Information resources management -- South Africa , Small business -- South Africa , Engineering firms -- South Africa , Confidential communications -- South Africa , Information Security Awareness , Information Security Behaviour , Information Security Training
- Description: With most employees in Engineering Small and Medium Enterprises (SME) now having access to their own personal workstations, the need for information security management to safeguard against loss/alteration or theft of the firms’ important information has increased. These Engineering SMEs tend to be more concerned with vulnerabilities from external threats, although industry research suggests that a substantial proportion of security incidents originate from insiders within the firm. Hence, technical preventative measures such as antivirus software and firewalls are proving to solve only part of the problem as the employees controlling them lack adequate information security knowledge. This tends to expose a firm to risk and costly mistakes made by naïve/uninformed employees. This dissertation presents an information security awareness process that seeks to cultivate positive security behaviours using a behavioural intention model based on the Theory of Reasoned Action, Protection Motivation Theory and the Behaviourism Theory. The process and model have been refined and verified using expert review and tested through action research at an Engineering SME in South Africa. The main finding was information security levels of employees within the firm were low, but the proposed information security awareness process increased their knowledge thereby positively altering their behaviour.
- Full Text:
- Date Issued: 2013
- «
- ‹
- 1
- ›
- »