The Role of Heuristics and Biases in Linux Server Administrators’ Information Security Policy Compliance at Healthcare Organizations

John McConnell; Yair Levy; Marti Snyder; Ling Wang

doi:10.5220/0012297000003648

The Role of Heuristics and Biases in Linux Server Administrators’ Information Security Policy Compliance at Healthcare Organizations

John McConnell, Yair Levy, Marti Snyder, Ling Wang

2024

Abstract

Information Security Policy (ISP) compliance is crucial to healthcare organizations due to the potential for data breaches. The healthcare industry relies heavily on Linux servers to house electronically Protected Health Information (ePHI) due to their inherited lower volume of known vulnerabilities. However, Linux Server Administrators appear to be more relaxed than other server administrators when it comes to ISP compliance. Prior research suggests that the use of cognitive heuristics and biases may negatively influence threat appraisal and coping appraisal, while ultimately impacting ISP compliance. Thus, the goal of our study was to empirically assess the effect of cognitive heuristics, biases, and knowledge-sharing level on actual ISP compliance measured based on actual security setting adjustments. Aside from the novel measure of actual ISP compliance, we developed a survey instrument based on prior validated instruments to measure cognitive heuristics and biases. A group of 42 Linux Server Administrators who oversee the servers at a major healthcare organization participated in our study. Additionally, an intervention in the form of hands-on cybersecurity training, periodic security update emails, and Linux-focused tabletop exercises was introduced. Our results indicated that information security knowledge-sharing significantly influenced both cognitive heuristics and biases. Conclusions and discussions are provided.

Download

Paper Citation

in Harvard Style

McConnell J., Levy Y., Snyder M. and Wang L. (2024). The Role of Heuristics and Biases in Linux Server Administrators’ Information Security Policy Compliance at Healthcare Organizations. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 30-41. DOI: 10.5220/0012297000003648

in Bibtex Style

@conference{icissp24,
author={John McConnell and Yair Levy and Marti Snyder and Ling Wang},
title={The Role of Heuristics and Biases in Linux Server Administrators’ Information Security Policy Compliance at Healthcare Organizations},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={30-41},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012297000003648},
isbn={978-989-758-683-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - The Role of Heuristics and Biases in Linux Server Administrators’ Information Security Policy Compliance at Healthcare Organizations
SN - 978-989-758-683-5
AU - McConnell J.
AU - Levy Y.
AU - Snyder M.
AU - Wang L.
PY - 2024
SP - 30
EP - 41
DO - 10.5220/0012297000003648
PB - SciTePress