Information Disclosure and the Diffusion of Information Security Attacks

The ability of the healthcare industry to keep abreast with the evolving trends in endpoint information security depends on combinations of measures. In the current literature, some of these measures include the development of analytics capable of spotting intruders on time, embracing quick reactions to potential or detected intrusions, and the decision to employ robust system defenses. In this paper, the main aim was to review the current literature regarding the subject of endpoint information security, with critical insights gained from the case of the healthcare industry. Findings suggest that the healthcare industry forms one of the most attractive arenas for security attackers. Some of the healthcare organizations that have been victims of recent security attacks include the Californian Hollywood Presbyterian Medical Center that experienced a data breach in February 2016 and MedStar Health Inc. (in the same month). In the following month, San Diego’s Alvaro Hospital Medical Center was also targeted for cyber attack. Hence, some algorithms have been proposed to counter these attacks; including the use of SOA-based EHRs, the implementation of the RBAC model, the use of k-anonymity, k-unlinkability, and the SQL searching mechanisms that target the patients’ encrypted data. Also, some strategies have been proposed as best practices in endpoint information security. These strategies include the management of identity lifecycles, the establishment of risk-aware cultures, the management of third-party security compliance, and securing healthcare firms’ devices in terms of design. Overall, it is evident that the complexity of endpoint information security in the healthcare industry (due to the evolution of applications such as virtualization and cloud computing) implies that the ability to survive from future security attacks will depend on the firms’ ability to keep abreast with industry demands.

Download Full-text

The Adoption of Information Security Management Standards

Cyber Security and Global Information Assurance ◽

10.4018/978-1-60566-326-5.ch006 ◽

2009 ◽

pp. 119-140 ◽

Cited By ~ 1

Author(s):

Yves Barlette ◽

Vladislav V. Fomin

Keyword(s):

Information Security ◽

Literature Review ◽

Success Factors ◽

Security Management ◽

Information Security Management ◽

Diffusion Of Information ◽

Management Standards ◽

Business Market ◽

Security Standards ◽

Iec 27001

This chapter introduces major information security management methods and standards, and particularly ISO/IEC 27001 and 27002 standards. A literature review was conducted in order to understand the reasons for the low level of adoption of information security standards by companies, and to identify the drivers and the success factors in implementation of these standards. Based on the findings of the literature review, we provide recommendations on how to successfully implement and stimulate diffusion of information security standards in the dynamic business market environment, where companies vary in their size and organizational culture. The chapter concludes with an identification of future trends and areas for further research.

Download Full-text

Information Security attacks and vulnerabilities

Information Security Best Practices ◽

10.1016/b978-187870796-3/50001-7 ◽

2002 ◽

pp. 1-5

Author(s):

George L Stefanek

Keyword(s):

Information Security ◽

Security Attacks

Download Full-text

An Efficient and Secure Certificateless Aggregate Signature From Bilinear Maps

Research Anthology on Blockchain Technology in Business, Healthcare, Education, and Government ◽

10.4018/978-1-7998-5351-0.ch053 ◽

2021 ◽

pp. 927-946

Author(s):

Pankaj Kumar ◽

Vishnu Sharma ◽

Gaurav Sharma ◽

Tarunpreet Bhatia

Keyword(s):

Information Security ◽

Mathematical Proof ◽

Performance Comparison ◽

Signature Scheme ◽

Bilinear Maps ◽

Security Attacks ◽

Signature Schemes ◽

Key Escrow ◽

Aggregate Signature ◽

Certificateless Signature

Certificateless signature schemes are a very intriguing aspect in information security because of its capability of removing the well-known key escrow problem predominately in ID-based cryptography. He et al. proposed an efficient certificateless aggregate signature scheme and proved that their scheme is secure against all possible types of security attacks. However, the authors still managed to find loopholes in the form of insecurities against ‘honest but curious' and ‘malicious but passive' attacks during cryptanalysis of He et al.'s scheme. The authors propose an efficient certificateless aggregate signature scheme which fills the security gaps in He et al.'s scheme and demonstrate the security in their scheme via a mathematical proof, and reinforce the fact that their scheme is much more efficient in a thorough performance comparison of their scheme against the previous schemes.

Download Full-text

The Adoption of Information Security Management Standards

Information Resources Management ◽

10.4018/978-1-61520-965-1.ch104 ◽

2010 ◽

pp. 69-90 ◽

Cited By ~ 7

Author(s):

Yves Barlette ◽

Vladislav V. Fomin

Keyword(s):

Information Security ◽

Literature Review ◽

Success Factors ◽

Security Management ◽

Information Security Management ◽

Diffusion Of Information ◽

Management Standards ◽

Business Market ◽

Security Standards ◽

Iec 27001

This chapter introduces major information security management methods and standards, and particularly ISO/IEC 27001 and 27002 standards. A literature review was conducted in order to understand the reasons for the low level of adoption of information security standards by companies, and to identify the drivers and the success factors in implementation of these standards. Based on the findings of the literature review, we provide recommendations on how to successfully implement and stimulate diffusion of information security standards in the dynamic business market environment, where companies vary in their size and organizational culture. The chapter concludes with an identification of future trends and areas for further research.

Download Full-text

The attribution problem with information security attacks

Network Security ◽

10.1016/s1353-4858(17)30051-x ◽

2017 ◽

Vol 2017 (5) ◽

pp. 17-19

Author(s):

Travis Farral

Keyword(s):

Information Security ◽

Security Attacks ◽

Attribution Problem

Download Full-text

A Secure Fair Exchange for SMS-Based Mobile Payment Protocols Based on Symmetric Encryption Algorithms with Formal Verification

Wireless Communications and Mobile Computing ◽

10.1155/2018/6953160 ◽

2018 ◽

Vol 2018 ◽

pp. 1-21 ◽

Cited By ~ 6

Author(s):

Chalee Thammarat ◽

Werasak Kurutach

Keyword(s):

Information Security ◽

Information Disclosure ◽

Security Protocol ◽

Third Party ◽

Mobile Payment ◽

Short Message ◽

Fair Exchange ◽

Session Key ◽

Message Service ◽

Crucial Part

Information security and fair exchange are essential to creating trust among all the parties participating in any sale transaction. However, implementing them in any mobile commerce is challenging due to the limitation of resources on mobile devices. Numerous m-commerce protocols that have been proposed so far still lack those two important aspects. In this paper, we propose mobile payment (m-payment) protocols, a crucial part of m-commerce, that incorporate both information security and fair exchange while retaining their own lightweight property. To allow convenience of use, the proposed protocols can be implemented on the existing Short Message Service (SMS) infrastructure. Our approach is based on the secure session key generation technique to enhance information security under lightweight conditions and involves a trusted third party to guarantee fair exchange without information disclosure. We have formally proven that our protocols are more effective and efficient than others in terms of fairness, security, and lightweight properties. In addition, the soundness and completeness of the protocols have been analyzed and proven using BAN logic and an automated security protocol proof tool named Scyther.

Download Full-text

An Efficient and Secure Certificateless Aggregate Signature From Bilinear Maps

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2019100106 ◽

2019 ◽

Vol 13 (4) ◽

pp. 89-108

Author(s):

Pankaj Kumar ◽

Vishnu Sharma ◽

Gaurav Sharma ◽

Tarunpreet Bhatia

Keyword(s):

Information Security ◽

Mathematical Proof ◽

Performance Comparison ◽

Signature Scheme ◽

Bilinear Maps ◽

Security Attacks ◽

Signature Schemes ◽

Key Escrow ◽

Aggregate Signature ◽

Certificateless Signature

Certificateless signature schemes are a very intriguing aspect in information security because of its capability of removing the well-known key escrow problem predominately in ID-based cryptography. He et al. proposed an efficient certificateless aggregate signature scheme and proved that their scheme is secure against all possible types of security attacks. However, the authors still managed to find loopholes in the form of insecurities against ‘honest but curious' and ‘malicious but passive' attacks during cryptanalysis of He et al.'s scheme. The authors propose an efficient certificateless aggregate signature scheme which fills the security gaps in He et al.'s scheme and demonstrate the security in their scheme via a mathematical proof, and reinforce the fact that their scheme is much more efficient in a thorough performance comparison of their scheme against the previous schemes.

Download Full-text