Research Methodology Assignment 2

Name: Mohammed Abdullah Bahadi

Abstract: The research reviewed the connections between adaptability, observed User-friendliness, perceived usability and the
aim to adopt information security risk assessment methods (ISRAM) and information security risk assessment tools (ISRAT) in
the Saudi healthcare division. ISRAM and ISRAT are applied to coincide with organizations’ information safety demands by
intensifying the confidentiality, uprightness, and availability of healthcare information. Prior investigation efforts have centered
on the technological advancement of the existing systems and devices without acknowledging the significance of human behavior
in electing appropriate ISRAM and ISRAT. The analysis used the technology acceptance model (TAM) as the theoretical
foundation for the investigation. For this study, the TAM was increased by joining adaptability as an external variable since the
search has indicated that adaptability can prophesy behavioral purposes. An online questionnaire was conveyed to review the
possible associations between the predictor variables of compatibility, perceived ease of use, and perceived usefulness, and the
outcome variable of behavioral purpose to choose ISRAM and ISRAT. The majority of participants with a minimum of five years
of experience administering information risk assessments in the healthcare division were inspected. It was settled that in
healthcare organizations, the possibility of ISRAM or ISRAT being affiliated or approved for selection and deployment is
subordinate to risk professionals’ observations of both utility and user-friendliness. Specialists can employ analysis outcomes as
an example of both the adoption and deployment of ISRAM and ISRAT. Moreover, the outcomes may also support entrepreneurs
vending ISRAM and ISRAT in improving their contributions.

Introduction: Information security risk assessment performs a required field in Saudi private and public health
organizations. Executive administration and IT expert department must investigate their assets in detail to execute a
good tact and programs to shield their assets from internal warnings. Every division owns its assets, and therefore,
the Selection of the systems needs to be recognized precisely to be cooperative and perform particular organizational
requirements. The research reviewed circumstances impacting the selection of information security risk assessment
methods (ISRAM) and information security risk assessment tools (ISRAT) by risk management information
technology (IT) specialists in Saudi healthcare systems. Information security (IS) risk assessment includes
recognizing and assessing both the reasonableness and the potential consequence of recognized uncertainties. Risk
assessment methods are recognized by devices that support divisions of possible prospects to be analyzed in detail.
Cooperative ISRAM and ISRAT that equal a healthcare organization's requirements are crucial to diminishing the
potential for information breaches, hijacking threats to internal IT foundation and data, and the chance of having
secrecy ransomware extended onto an organization's private networks. Risk Assessment associates appraising and
managing both reasonableness and the dormant consequence of determining risks [1-2]. Risk Assessment methods
have enduringly been supported by devices that grant sections of potential opportunities to be tested in detail.
Information security risk assessment methods (ISRAM) and tools (ISRAT) are particular methodology and tools to
analyze Information Security (IS) and risk management in diverse enterprises. ISRAM depicts the methodological
methods for organizational data protection chances interpretation [3-4]. The initial advanced ISRAM in [3] was
based on structured as-is analysis to assess the dangers from defects in safety policies. ISRMA enables and risks
management experts to prophesy perils and disadvantages that could create.
On the other hand, ISRAT is described as a mechanism to conduct risk estimations and achieve various proper risk
reduction processes [5]. The center united risk skeleton displayed in [4] is an instance of ISRAT that relates diverse
hazard moderation systems to receive the most appropriate way based on the requirements. Operating with ISRAM
and ISRAT permits and prospect administration specialists distinguishing if risk handle action is valid or not. Hence,
it is required to employ ISRAT and ISRAM in the healthcare industry because IS and risk assessment can vary
beyond industries [5]. A comprehensive uncertainty appraisal of warnings and vulnerabilities to this information
technology infrastructures and IS of healthcare divisions promotes and helps both the information safety decision-
making method controlling resource allocation to pick acts prepared to relieve identified prospects [6]. The
Selection of relevant risk and tools force be challenging, especially when striving to maintain a demanding data
protection purpose of a healthcare system [7-10]. This advanced analysis will assess factors impacting the selection
and approval of ISRAM and ISRAT by risk specialists in information technology management in Saudi healthcare
divisions.

Related Work: The segment distinguishes points within the body of scholarly research on technology adoption
and selection and deployment of ISRAM and ISRAT. An individual decision was that following its conception, the
TAM has consistently been a universal theoretical framework for scholars studying technology adoption. The TAM
continues to be widely applied, and many types of research on an extensive range of topics have generated outcomes
that support the associations between the constructs of perceived user-friendliness, perceived convenience, and
attitude toward use. There have also been numerous studies supporting the connection between agreement and
perceived usefulness. These findings encouraged the use of the TAM as a logical structure in the prompt study.
The complexity of ISRAM can be recognized by examining the development of scholarly study on the topic.
ISRAM was initially intended as a paper-based survey that allowed IT administrators and team to perform risk
assessments more efficiently. Nevertheless, ISRAM required to be a continuing process that also addressed the
values of safety standards. Therefore, ISRAM displayed a requirement for maintaining IS systems and proposed a
hybrid, neural network-based methodology that utilized quantitative and qualitative approaches in a particular
pattern. The development of ISRAM in scholarly research exhibits that the connection between IS and risk
management is and has been the topic of significant attention among scholars and practitioners. However, despite
this attention, there has been a lack of user’s attention to perceive ISRAM and ISRAT and how those perceptions
affect technology adoption. Therefore, the present research was regarded with the specific viewpoints of ease of use,
usefulness, and compatibility that may contribute to the selection or non-adoption of ISRAM and ISRAT. To speak
the meaning of ISRAM adoption in actual usage, created an all-inclusive approach to comparing diverse alternatives
of ISRAM and ISRAT. Some experts recommended the core joined risk framework (CURF) to support an
associated and fact-based approach to ISRAM and ISRAT adoption. The CURF does not replace the need for the
present study’s findings, but it highlights it is essential to adopt the best fitting ISRAM for any given deployment
and (b) the need to move to a more fact-based process to support its ISRAM adoption. Hence, the CURF indicates
the need to explain better how human circumstances such as compatibility, perceived ease of use and perceived
usefulness contribute to the adoption process. The scholarly paper was less concentrated on ISRAT, and
explorations of the extant literature exhibited no inquiries on particular tools. However, Google searches provided a
wealth of data from references in the professional literature and testimony of various commercially possible
offerings of such tools supporting ISRAM. The findings from the professional literature and the paucity of findings
in the scholarly literature strongly suggest that ISRAT is an area that needs additional study. Several tools that aid IS
specialists in implementing risk assessments must be classified and estimated to understand tool effectiveness and
help companies maintain up-to-date security customs. Both the scholarly and professional research highlighted
numerous drifts in the healthcare division, driving the requirement for more complicated and extensive ISRAM and
ISRAT shortly. Most of these trends shape communication-related safety issues as the universal Internet use via
quick, and other related devices pose data protection risks. In addition, trends such as cloud computing, administered
healthcare, and BYOD policies complicate healthcare organizations and address the risks posed by IS, and risk
management professionals rely on these emerging trends on the structure provided by ISRAM and ISRAT.

Procedure: A variety of deliberate procedures was used to ensure that the research was administered ethically
and scholarly. The following subsections describe those procedures and implement an explanation for the actions
taken by the researcher. The first subsection speaks about the procedures adopted to select associates. Next, the
procedures that were used to guard associates during the study. Then the subsection contains information on the
procedures used to collect data. The fourth and final section includes information on the data analysis procedures
used by the researcher when testing the study’s hypotheses.

Participant Selection: The participants for the review were chosen utilizing a non-probability arbitrary
sampling procedure. Participants were randomly selected from a participant equipment supported by research panel
recruiting vendor and demanded to perform the survey on an online review hosting policy. Applying this dual stage
method was an improvement during participant preference, as it guaranteed the secrecy of the associates. No maiden
service provider hosted both the participants’ personal data and their review acknowledgements in the corresponding
database. This method also secured that participation was completely freely as once associates were communicated
by the review panel electing vendor, they had to create a purposive choice to receive the survey on the study hosting
program website. The research panel supplying vendor was able to present a sample frame of participants that
equaled the study’s composition criteria. The inclusion criteria specified that participants had to be a) a minimum of
18 years old, (b) had to have had a minimum of five years of experience conducting IS risk assessments in the
healthcare industry, and (c) had to be willing to cooperate intentionally. Participant selection did not specifically
discriminate between IS and IT professionals as long as they had a minimum of five years of experience handling
risk assessments. Sampling lasted until the minimum demanded example was achieved.

Protection of Participants: The participants were linked to the achievement of this Survey. The researcher
exerted the certainty of the privacy and safety of the participants’ data sincerely and contemplated the protection of
participants’ information a measure of the study’s success. The survey was designed to assemble blind data by
eliminating a request for personal information that could have been used to identify the participants. This included
information on the members’ names, gender, addresses, and phone numbers. After the survey, the participants’
responses were downloaded and stored on an encrypted device. Only the aggregate effects of the review were
convenient for review, and thus, no single participants could be recognized by the results they rendered.
Data Collection: A study instrument was applied to accumulate the data that was examined to test the study’s
predictions. The instrument had a total of 16 questions. Randomly picked associates from the research panel
selecting vendor database were communicated through email and requested to participate in the study. Participants
about the purpose of the study and requested them to visit the survey hosting company website to record their
responses to the survey if they were interested in participating in the research. At the commencement of the survey,
participants were presented with an informed consent document and asked to indicate their understanding and
signify that their participation was deliberate. The participants were then asked to answer two selecting topics that
allowed the researcher to guarantee that all the associates met the study’s additional criteria. Data collection stayed
for three days until enough members had formed the survey to meet the minimum representation element.

Data Analysis: Once the data selection was consummate, the data were downloaded from the survey managing
company’s website to the researcher’s workstation. The data was then examined using SPSS. Before starting the
data analysis, the data were examined for outliers and blowing data. The behavior of outliers was prepared using the
boxplot method. Surveys with missing data were eliminated from the individual.
After the data were analyzed for missing values, assumptions related to the data outline manner were tested. SPSS
was used to determine the Pearson correlation to test for multicollinearity. Several data experts recommended that
data be tested for multicollinearity to bypass malformation, especially as regression allows for examining multiple
independent variables at the same time. But some argued that while multiple regression analysis is the most essential
and most broadly used analytical tool, it is also popularly exploited due to breaches of the method’s assumptions.
Following the examination of assumptions, multiple linear regressions were conducted to test the study’s hypotheses
and determine how well each independent variable. Multiple linear regression study suits research and analysis in
social sciences. A stepwise regression approach was used to know the best sequence of independent variables and
the strength of each contributing variable to the regression model. Few experts revealed that a stepwise process is
used for screening variables and should only be employed when there is a need to separate the independent variables
that are significant in predicting the dependent variable from those that are not.

Result and Discussion: This non-experimental, correlational study investigated factors influencing the
adoption of information security risk assessment methods (ISRAM) and information security risk assessment tools
(ISRAT) within Saudi healthcare organizations. Because the existing study was centered on information security
(IS) risk processes in healthcare environments, the target population was limited to IS experts working in the
healthcare industry. Earlier, many specialists have concentrated on physicians’ selection of or resistance to IT, and
researchers who studied ISRAM-related topics centered on the essence of the techniques. The strong credit in
ISRAM and ISRAT has led to the evolution of several new risk assessment techniques and devices; but this has
generated another challenge for risk management practitioners in healthcare. Healthcare organizations must
precisely pick risk assessment instruments and techniques appropriate for those tools and methods to be effective.
The present research was initiated to review the relationship between adaptability, observed ease of use, and
perceived usefulness and IS and risk management professionals’ behavioral aims to utilize ISRAM and ISRAT. A
survey tool was applied to cover the variables of compatibility, perceived ease of use, perceived usefulness, and
behavioral intention. A total of 91 participants completed the survey and met all the criteria for participation in the
study. In addition, the participants who worked in healthcare clearinghouses had a percentage of 10 years of
practice, and the participants who operated for health insurance businesses had a tally of six years of work
experience. This study reviewed whether compatibility observed ease of use and perceived usefulness together
committed to the variance in behavioral intentions to choose ISRAM and ISRAT in healthcare settings. If all three
variables had been shown to impact behavioral aims, there would have been a need to redraw the proposed model
for this study and create a direct link between behavioral intention and adaptability. The Pearson correlation
coefficients for compatibility and behavioral intention had a range of .424 to .565 at p < .001. The range indicated a
weak positive correlation between adaptability and behavioral intention to adopt ISRAM and ISRAT in healthcare.
Similarly, compatibility had the lowest relationship with behavioral intention. 

Conclusion: A better understanding of how IS professionals' attention in the healthcare industry changed
behavioral purposes to adopt ISRAM and ISRAT. Perceived ease of use and perceived usefulness were found to
positively correlate with the behavioral intention to adopt ISRAM and ISRAT in healthcare settings. These
conclusions were following initial analysis that determined that compatibility and behavioral aim were mediated by
perceived ease of use and perceived usefulness. ISRAM and ISRAT directly influence the degree of IT security
policies in healthcare organizations and additional perspectives. As such, organizations' failures to obtain and daily
use ISRAM and ISRAT impair their capacity to secure the confidentiality, integrity, and availability of data. The
present study's key conclusion was that IS professionals' decisions to adopt specific ISRAM and ISRAT packages
are essentially based on how beneficial and easy to use these methods and tools are perceived to be. Thus, the
present study showed that human circumstances such as opinion play a significant role in the decision-making
method when electing and implementing IS measures. This decision is crucial because identifying perceived ease of
use and perceived usefulness as influences in the decision-making process, senior IS, and IT administrators can
make IS processes less personal and more efficient by focusing on performance standards instead of attention.

References:
[1] Bolle, S. R., Hasvold, P., & Henriksen, E. (2011). Video calls from lay bystanders to dispatch centers – Risk
assessment of information security. BMC Health Services Research, 11(1), Article 244. doi:10.1186/1472-6963-11-
244.

[2] Karabacak, B., & Sogukpinar, I. (2005). ISRAM: Information security risk analysis method.
Computers & Security, 24, 147-159. doi:10.1016/j.cose.2004.07.004
[3] Alloush, O. A. A., & Mahendrawathi, E. R. (2020). ERP Systems in Higher Education: A Systematic
Literature Review. SISFO VOL 9 NO 2, 9.

[4] Figueira, P. T., Bravo, C. L., & López, J. L. R. (2020). Improving information security risk analysis
by including threat-occurrence predictive models. Computers & Security, 88, 101609.

[5] Wangen, G., Hallstensen, C., & Snekkenes, E. (2017). A framework for estimating information
security risk assessment method completeness. International Journal of Information Security. Advance
online publication. doi:10.1007/s10207-017-0382-0.

[6] Card, A. J., Ward, J. R., & Clarkson, P. J. (2014). Trust-level risk evaluation and risk control guidance
in the NHS East of England. Risk Analysis, 34, 1469-1481. doi:10.1111/risa.12159.

[7] Shameli-Sendi, A., Aghababaei-Barzegar, R., & Cheriet, M. (2016). Taxonomy of information
security risk assessment (ISRA). Computers & Security, 57, 14-30. doi:10.1016/j.cose.2015.11.001

8] Rezvani, A., Khosravi, P., & Dong, L. (2017). Motivating users toward continued usage of information
systems: Self-determination theory perspective. Computers in Human Behavior, 76, 263-275.

[9] Castro Benavides, L. M., Tamayo Arias, J. A., Arango Serna, M. D., Branch Bedoya, J. W., &
Burgos, D. (2020). Digital transformation in higher education institutions: A systematic literature review.
Sensors, 20(11), 3291.

[10] Mahar, F., Ali, S. I., Jumani, A. K., & Khan, M. O. (2020). ERP system implementation: planning,
management, and administrative issues. Indian J. Sci. Technol, 13(01), 1-22.

[11] Adenuga, A. A. (2018). Investigating Adoption of Information Security Risk Assessment Methods
and Tools in Healthcare Settings (Doctoral dissertation, Capella University).

[12] Awatan Newspaper, Hacker penetrates the website of the maternity hospital in AlAhsa,2014,
https://www.alwatan.com.sa/article/218977. [2nd May 2021].

[13] Coronado, A. J., & Wong, T. L. (2014). Healthcare cybersecurity risk management: Keys to an
effective plan. Biomedical Instrumentation & Technology, 48(s1), 26-30. doi:10.2345/0899-8205-
48.s1.26.

[14] Richardson, R., & North, M. (2017). Ransomware: Evolution, mitigation and prevention.
International Management Review, 13(1), 10-21,101. Retrieved from http://www.imrjournal.org/

[15] health information systems: A systematic review. Technology and Health Care, 24(1), 1-9.
doi:10.3233/thc-151102.

[16] Bamufleh, D., Hussain, R., Sheikh, E., & Khodary, K. (2020). Students’ Acceptance of Simulation
Games in Management Courses: Evidence from Saudi Arabia. Journal of Education and Learning, 9(4),
55.

[17] Al-Adwan, S. I. (2020). Investigating the Adoption of ERP Systems: A Perspective from Case Study
in Jordan. Journal of Information Technology Research (JITR), 13(1), 96- 117.

[18] Batada, I. A. R., Duang-Ek-Anong, S., & Achwarin, N. A. (2020). Development of Extended
Enterprise Resource Planning Module for Higher Education of Pakistan: A Case Study of Higher
Education. International Journal of Simulation--Systems, Science & Technology, 21(1).

[19] Widjaja, H. A. E., Fernando, E., Grady, D., Liejaya, B., & Siwi, M. P. (2019, October). Development
and Validation of Instruments for Evaluation Enterprise Resource Planning on Human Resource
Management in Higher Education Sector. In 2019 3rd International Conference on Informatics and
Computational Sciences (ICICoS) (pp. 1-6). IEEE.
[20]Bolle, S. R., Hasvold, P., & Henriksen, E. (2011). Video calls from lay bystanders to
dispatch centers – Risk assessment of information security. BMC Health Services Research,
11(1), Article 244. doi:10.1186/1472-6963-11-244

[21]Bonett, D. G., & Wright, T. A. (2015). Cronbach’s alpha reliability: Interval estimation,
hypothesis testing, and sample size planning. Journal of Organizational Behavior, 36(1), 3-
15. doi:10.1002/job.1960

[22]Bradley, J., Loucks, J., Macaulay, J., Medcalf, R., & Buckalew, L. (2012). BYOD: A
global perspective: Harnessing employee-led innovation. Retrieved from
https://www.cisco.com/c/dam/en_us/about/ac79/docs/re/BYOD_Horizons-Global.pdf

[23]Brand, J. C., Kruger-Van Renen, W., & Rudman, R. (2015). Proposed practices to
mitigate significant mobility security risks. International Business & Economics Research
Journal, 14, 199-207. doi:10.19030/iber.v14i1.9072

[24]Breeding, M. (2016). Issues and technologies related to privacy and security. Library
Technology Reports, 52(4), 5-12. Retrieved from https://journals.ala.org/ltr

[25]Burson, S. (2010). Outsourcing information security. Retrieved from

http://www.techworld.com.au/article/333064/outsourcinginformation-security/