scholarly journals Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization

2017 ◽  
Vol 42 (4) ◽  
pp. 393-408 ◽  
Author(s):  
Ying He ◽  
Chris Johnson
Keyword(s):  
Information Security ◽  
Healthcare Organization ◽  
Industrial Case Study ◽  
Security Incident ◽  
Incident Learning

scholarly journals Security Assurance Modelling of Security Incident in Healthcare using the Generic Security Template (GST)

2020 ◽  
Author(s):  
Ying He ◽  
Cunjin Luo
Keyword(s):  
Healthcare Services ◽  
Healthcare Organization ◽  
Lessons Learned ◽  
Security Requirements ◽  
Healthcare Sector ◽  
Healthcare Organizations ◽  
Security Incident ◽  
Security Assurance ◽  
Security Incidents

Abstract Background: The recent industry reports show that the number of security incidents in healthcare sector is still increasing, especially the high severity incident, such as data leakage incident and ransomware, which can lead to significant impact on healthcare services. It is imperative for the organizations to learn lessons from those incidents. Traditional ways to disseminate lessons learned are based on text approach, the linear format of which can obscure relationships among concepts and discourage readers from integrating information across ideas. Graphical diagrams can serve this purpose, as it can communicate both individual elements of information and relationships between them. Methods: The Generic Security Template (GST) has been proposed to support the exchange of lessons learned from security incidents. It utilises graphical notations to communicate both individual elements of information and relationships between them. This paper conducts a case study by adopting the GST to capture and structure the incident information of a data leakage incident in a UK healthcare organization in order to facilitate incident exchange. Results: The results show that, the GST was able to visualise and depict the key elements, including lessons learned, the associated security requirements and organizational contextual information identified from the selected data leakage incident case study from NHS. GST provides a unified way to communicate incident information. Conclusions: This research has significance for the healthcare organizations to improve their incident learning practices. It fosters an environment where different stakeholders can speak the same language while exchanging the lessons learned from the security incidents. Future work will consider apply the GST to analyse other complex security incidents such as the advanced persistent threats (APTs) in healthcare organizations and extend the use of the GST in other industries. Keywords: Security Assurance Modelling, Generic Security Template (GST), Security Incident, Healthcare Organization.

scholarly journals Real-Time Information Security Incident Management: A Case Study Using the IS-CHEC Technique

IEEE Access ◽  
2019 ◽  
Vol 7 ◽  
pp. 142147-142175
Author(s):  
Mark Evans ◽  
Ying He ◽  
Cunjin Luo ◽  
Iryna Yevseyeva ◽  
Helge Janicke ◽  
...  
Keyword(s):  
Information Security ◽  
Real Time ◽  
Incident Management ◽  
Security Incident ◽  
Real Time Information ◽  
Time Information
Sign in / Sign up

Export Citation Format

Share Document