Dr. Mnazir

Dr. Mohammed H. Shaban (Shaban)

Abstract: As data represent a key asset for today’s organizations, the issue of its protection from theft and misuse is a priority. Despite the availability of many data security methods, organizations are still incapable of protecting data from insider’s attacks. The insider, through the violation of the organization’s security policy, represents one of the top threats to the information system of organizations in managing data security, particularly in the context of the information system of medical organizations. The maintenance and enhancement of the information system security of any organization is therefore crucial in order to counteract many existing Malicious Human Factors (MHF). The aim of this research primarily analyses and examines the internal organizational MHF that could lead to a breach of information system security, and proposes and evaluates a research model that predicts an individual’s intention to breach the information system security in the context of Iraq hospitals. In this study, a mixed-method approach design was employed in the form of a case study coupled with a survey method. In the qualitative approach a preliminary investigation using face-to-face interview was conducted in five public hospitals in Iraq to provide a contextual clarification of MHF and to identify the importance of MHF in influencing the Iraq hospitals’ information system security. The interview data analysis was primarily carried out via data coding using NVivo 2.0 software. The research model was developed based on review of literatures and qualitative findings from the preliminary investigation. Seven hypotheses for the quantitative approach were developed to examine the research model. A total of 400 questionnaires were distributed to five public hospitals in Iraq and 301 were used for analysis. For the purpose of quantitative data analysis, Partial Least Squares of Structural Equation Modeling (PLS-SEM) analysis was employed using SmartPLS 2.0 software. The research model was explained based on the Theory of Planned Behaviour (TPB) as it has been successful in explaining human behaviour. The results showed that desire for revenge, personal and social frustration, computer dependency, and ethical flexibility were found to be most influential on MHF acts that threatened information system security. Findings indicate a considerable explanatory strength in explaining insider’s threats. This study is among the few that have tested empirically the implementation framework in the Iraq hospitals, as such, it contributes significantly to theoretical, methodological and practical aspects of research. This provides a clear indication of what MHF are in Iraq hospitals, and identifies how the MHF are interrelated. Theoretically, this study empirically explains the TPB model in the context of information system (IS) security threats in Iraq hospitals.

"Those who cannot remember the past are condemned to repeat it."
-- George Santayana