Since 18 of December 2019 uses Nucleus credentials. Visit our help pages for information on how to Register and Sign-in using Nucleus.
10-14 February 2020
Europe/Vienna timezone

Evaluation of Computer Security Culture for Nuclear Security in Malaysia’s Medical Institution

Not scheduled
Paper CC: Information and computer security considerations for nuclear security




It is important to have a robust computer security culture in order to enhance the efficiency of security plan since computer security culture is one of essential part of overall security culture. With a constant innovation on information technologies (IT), IT advancement can be utilized to develop a more composed security management through building, maintaining and even promoting awareness on computer and information security. This indirectly will strengthen the existing nuclear security in every medical institution available. The study is aimed to identify the effectiveness of computer security culture in organization’s culture and improvement that can be made. Several medical institutions has been chosen as a location for the research which is Universiti Kebangsaan Malaysia Medical Centre, Ampang Hospital, Universiti Sains Malaysia Hospital, Advanced Medical & Dental Institute and Gleneagles Intan Medical Centre. The research was then assessed through questionnaires, interviews, observations and document review. From the results, even though majority of the staff are aware of computer security culture, they still didn’t embraced the computer security culture due to lack of security awareness and risk perception to the potential threat. There are various improvement initiatives can be done to provide more guidance to medical staff on managing sensitive and personal security information such as conducting an extensive training programme, initiating a bilateral exchange forum and coordinate a comprehensive seminar session. Besides that, a specific program called insider threats program can also be introduced to manage classified information and has ability to conduct thorough verification for all licensees that in charge on sensitive nuclear information categories under non-classified. In conclusion, computer security requirements are clearly documented and are in place but the security culture is not practiced by all staffs and are not well understood by staffs.

Gender Male
State Malaysia

Primary author


Presentation Materials