SECURITY IN ACCESSING ENTERPRISE INFORMATION RESOURCES: A RESEARCH ON PASSWORD MANAGEMENT OF PHYSICIANS

In the instutitions, managers are in charge of the creation and implementation of information security policies but employees have also important responsibilities. Studies reveal that most of the information security threats in organizations come from employees. The purpose of this study is to examine the password management habits of physicians using Hospital Information Systems (HIMS) in accessing institutional information resources in healthcare institutions where information security and human factor are of great importance in ensuring information security. The sample of the research is composed of physicians who are working in public or private hospitals and who actively use HIMS but do not have mandatory password management policy in their institutions. The questionnaire forms were sent via e-mail to 420 randomly selected physicians and analysis were implemented over 203 (%49) returned questionnaire forms. Password meter software developed by TüB？TAK B？LGEM was used to measure the HIMS password security levels of physicians. Password security levels were evaluated totally in 14 steps and over 100 full points and included in one of five groups between "very weak" - "very strong". According to the results of the research; 35% of the physicians’ HIMS passwords are in the "very weak" security category, while 56% of the passwords are in the "weak" security category and only 9% of the passwords are in the "good / medium" security category. According to the results; none of the physicians participating in the study use a password at the "strong" or "very strong" level. It is noteworthy that all of the physicians whose password security levels are in the "good / medium" category and whose passwords are relatively stronger than others are over 35 years of age