When trust defies common security sense

Document Type

Journal Article




Computing, Health and Science


Computing, Health and Science Faculty Office, Centre of Security Research




This article was originally published as: Williams, P. (2008). When trust defi es common security sense. Health Informatics Journal. Vol 14(3): 211–221. Original article available here


Primary care medical practices fail to recognize the seriousness of security threats to their patient and practice information. This can be attributed to a lack of understanding of security concepts, underestimation of potential threats and the diffi culty in confi guration of security technology countermeasures. To appreciate the factors contributing to such problems, research into general practitioner security practice and perceptions of security was undertaken. The investigation focused on demographics, actual practice, issues and barriers, and practitioner perception. Poor implementation, lack of relevant knowledge and inconsistencies between principles and practice were identifi ed as key themes. Also the results revealed an overwhelming reliance on trust in staff and in computer information systems. This clearly identifi ed that both cultural and technical attributes contribute to the deficiencies in information security practice. The aim of this research is to understand user needs and problems when dealing with information security practice.