scholarly journals Information security in healthcare supply chains: an analysis of critical information protection practices

2020 ◽  
Vol 27 (4) ◽  
Author(s):  
Tiago Murer Furlanetto ◽  
Edimara Mezzomo Luciano ◽  
Odirlei Antonio Magnagnagno ◽  
Rafael Mendes Lübeck
Keyword(s):  
Information Security ◽  
Supply Chains ◽  
Patient Information ◽  
Vital Role ◽  
Information Protection ◽  
Security Measures ◽  
Structured Interviews ◽  
Four Dimensions ◽  
Critical Information ◽  
Security Practices

Abstract: Because of their vital role and the need to protect the patient information, interest in information security in Healthcare Supply Chains (HSCs) is growing. This study analyzes how decisions related to information security practices in HSCs contribute to protecting patient information. Eleven semi-structured interviews were performed. The interviewees were managers from Brazilian HSC organizations. Four dimensions and 14 variables identified in a literature review were used to perform categorical content analysis. The findings suggest organizations, while aware of their critical information and internal processes, lack the necessary metrics to measure the impacts of possible failures. It seems organizations tend to invest in standard security measures, while apparently ignoring the specificity and complexity of information in HSCs.

scholarly journals CONFORMITY ASSESSMENT OF INFORMATION PROTECTION TOOLS IN CRITICAL INFORMATION INFRASTRUCTURES OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 6 (1) ◽  
pp. 203-208
Author(s):  
Julia Isaeva ◽  
Valentin Selifanov
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Russian Federation ◽  
Conformity Assessment ◽  
Information Protection ◽  
Critical Information ◽  
Information Infrastructures ◽  
The Russian Federation

The need for conformity assessment of information security tools at significant objects of critical information infrastructures is demonstrated. In the absence of necessary criteria description for information systems, a possibility of threats implementation appears, which will lead to disruption of functioning of significant objects.

Practical Action and Mindfulness in Health Information Security

2011 ◽  
pp. 1454-1471
Author(s):  
Jeff Collmann ◽  
Ted Cooper
Keyword(s):  
Information Security ◽  
Health Information ◽  
Case Studies ◽  
Security Measures ◽  
Good Information ◽  
Practical Action ◽  
Organizational Conditions ◽  
Security Practices ◽  
Information Security Practices ◽  
Healthcare Leaders

Although it is sometimes tempting to treat information security as a domain of its own, this approach will inevitably yield failures of information security and failures for the organization. This occurs because serious breaches may originate from organizational conditions not obviously related to information security policies, procedures or practices and because information security practices operate in, and are affected by the context of their parent organization. For these reasons, healthcare leaders must comply with but look beyond good industry practices alone while planning, implementing, and evaluating information security programs. In this chapter, we demonstrate that a consensus exists on key good information security measures that all healthcare leaders should, and often do use in designing their information security programs. We follow this analysis with two case studies that demonstrate the limitations of focusing only on good information security practices. These case studies help explain the mutual interaction between health information security programs and their wider organizational context by introducing key concepts about organizational performance, including “practical action,” “practical resistance,” “sponsored social movement,” and “mindfulness” and examining them at the individual, group, organizational, and cross domain levels of organizational life.

scholarly journals Legal Regime of Information Owned by the National Bank of Ukraine

2019 ◽  
pp. 66-70
Author(s):  
K.V. Hlyantseva
Keyword(s):  
Information Security ◽  
Product Information ◽  
Open Data ◽  
Banking System ◽  
Public Information ◽  
Technical Information ◽  
Information Protection ◽  
Security Measures ◽  
Legal Regime ◽  
National Bank

The article is devoted to the legal regime of information owned by the National Bank of Ukraine. The content of the concept of information is disclosed and its types are defined. The legal basis for disclosure of information owned by the National Bank of Ukraine is investigated and the aspects of protection are analyzed. Information is any information and/or data that may be stored on a physical medium or displayed electronically. The legislation defines the following types: information about an individual; information of reference and encyclopedic nature; environmental information; product information (job, service); scientific and technical information; tax information; legal information; statistical information; sociological information; other types of information. Information owned by the NBU includes information about an individual, namely information or a set of information about an individual that is identified or can be specifically identified; information about the debtor of the bank (and/or related persons); on credit operations of banks and on the status of the fulfillment of obligations under such operations, analysis and classification of loans; information on monetary and banking statistics; information on the ownership structure of banks and the composition of banking groups, bank executives. The legal bases for disclosure of this information are defined in the Laws of Ukraine “On the National Bank of Ukraine”, “On Banks and Banking”, “On Access to Public Information”, Regulations on the Credit Registry of the National Bank of Ukraine, etc. The regulation on the organization of information security measures in the banking system of Ukraine defines the following principles of information protection: the approach to information security should be systematic (comprehensive); the process of improvement and development of information security must be continuous and carried out by substantiation and implementation of rational means, methods, measures using the best international experience; safeguards against real and potential threats to the information security of the bank should be timely and adequate; ensuring the proper level of information security of the bank is impossible without the support and control of the bank’s executives; sustainable development of information security systems is only possible if resources, including financial resources, are sufficient. The features of information protection in banking systems are set by the National Bank. Keywords: the legal regime of information, information, open data, information with restricted access, information security, National Bank of Ukraine, credit register.

scholarly journals VisTAS: blockchain-based visible and trusted remote authentication system

2021 ◽  
Vol 7 ◽  
pp. e516
Author(s):  
Ahmad Ali ◽  
Mansoor Ahmed ◽  
Abid Khan ◽  
Adeel Anjum ◽  
Muhammad Ilyas ◽  
...  
Keyword(s):  
Information Security ◽  
Data Storage ◽  
Identity Management ◽  
Processing System ◽  
Vital Role ◽  
Security Measures ◽  
Insider Threats ◽  
Security Breaches ◽  
Accountability Measures ◽  
Remote Authentication

The information security domain focuses on security needs at all levels in a computing environment in either the Internet of Things, Cloud Computing, Cloud of Things, or any other implementation. Data, devices, services, or applications and communication are required to be protected and provided by information security shields at all levels and in all working states. Remote authentication is required to perform different administrative operations in an information system, and Administrators have full access to the system and may pose insider threats. Superusers and administrators are the most trusted persons in an organisation. “Trust but verify” is an approach to have an eye on the superusers and administrators. Distributed ledger technology (Blockchain-based data storage) is an immutable data storage scheme and provides a built-in facility to share statistics among peers. Distributed ledgers are proposed to provide visible security and non-repudiation, which securely records administrators’ authentications requests. The presence of security, privacy, and accountability measures establish trust among its stakeholders. Securing information in an electronic data processing system is challenging, i.e., providing services and access control for the resources to only legitimate users. Authentication plays a vital role in systems’ security; therefore, authentication and identity management are the key subjects to provide information security services. The leading cause of information security breaches is the failure of identity management/authentication systems and insider threats. In this regard, visible security measures have more deterrence than other schemes. In this paper, an authentication scheme, “VisTAS,” has been introduced, which provides visible security and trusted authentication services to the tenants and keeps the records in the blockchain.

Practical Action and Mindfulness in Health Information Security

2011 ◽  
pp. 350-367
Author(s):  
Jeff Collmann ◽  
Ted Cooper
Keyword(s):  
Information Security ◽  
Health Information ◽  
Case Studies ◽  
Security Measures ◽  
Good Information ◽  
Practical Action ◽  
Organizational Conditions ◽  
Security Practices ◽  
Information Security Practices ◽  
Healthcare Leaders

Although it is sometimes tempting to treat information security as a domain of its own, this approach will inevitably yield failures of information security and failures for the organization. This occurs because serious breaches may originate from organizational conditions not obviously related to information security policies, procedures or practices and because information security practices operate in, and are affected by the context of their parent organization. For these reasons, healthcare leaders must comply with but look beyond good industry practices alone while planning, implementing, and evaluating information security programs. In this chapter, we demonstrate that a consensus exists on key good information security measures that all healthcare leaders should, and often do use in designing their information security programs. We follow this analysis with two case studies that demonstrate the limitations of focusing only on good information security practices. These case studies help explain the mutual interaction between health information security programs and their wider organizational context by introducing key concepts about organizational performance, including “practical action,” “practical resistance,” “sponsored social movement,” and “mindfulness” and examining them at the individual, group, organizational, and cross domain levels of organizational life.

Tertiary English-majored Students’ Perceptions toward the Role of Pronunciation in English Language Learning and their Practicing Strategies

2020 ◽  
Vol 6 (2) ◽  
pp. 264-279
Keyword(s):  
Language Learning ◽  
English Language ◽  
Vital Role ◽  
English Language Learning ◽  
Structured Interviews ◽  
Efl Learners ◽  
The University

Accurate pronunciation has a vital role in English language learning as it can help learners to avoid misunderstanding in communication. However, EFL learners in many contexts, especially at the University of Phan Thiet, still encounter many difficulties in pronouncing English correctly. Therefore, this study endeavors to explore English-majored students’ perceptions towards the role of pronunciation in English language learning and examine their pronunciation practicing strategies (PPS). It involved 155 English-majored students at the University of Phan Thiet who answered closed-ended questionnaires and 18 English-majored students who participated in semi-structured interviews. The findings revealed that students strongly believed in the important role of pronunciation in English language learning; however, they sometimes employed PPS for their pronunciation improvement. Furthermore, the results showed that participants tended to use naturalistic practicing strategies and formal practicing strategies with sounds, but they overlooked strategies such as asking for help and cooperating with peers. Such findings could contribute further to the understanding of how students perceive the role of pronunciation and their PPS use in the research’s context and other similar ones. Received 10th June 2019; Revised 12th March 2020; Accepted 12th April 2020

Knowledge creation in small building and construction firms

2013 ◽  
Vol 1 (1) ◽  
pp. 125-142 ◽  
Author(s):  
Susanne Durst ◽  
Ingi Runar Edvardsson ◽  
Guido Bruns
Keyword(s):  
Construction Industry ◽  
Knowledge Creation ◽  
Vital Role ◽  
Knowledge Sources ◽  
Structured Interviews ◽  
Construction Firms ◽  
External Knowledge ◽  
Body Of Knowledge ◽  
Small Building

Studies on knowledge creation are limited in general, and there is a particular shortage of research on the topic in small and medium-sized enterprises (SMEs). Given the importance of SMEs for the economy and the vital role of knowledge creation in innovation, this situation is unsatisfactory. Accordingly, the purpose of our study is to increase our understanding of how SMEs create new knowledge. Data are obtained through semi-structured interviews with ten managing directors of German SMEs operating in the building and construction industry. The findings demonstrate the influence of external knowledge sources on knowledge creation activities. Even though the managing directors take advantage of different external knowledge sources, they seem to put an emphasis on informed knowledge sources. The study´s findings advance the limited body of knowledge regarding knowledge creation in SMEs.

Ensuring the security of critical information infrastructure: the powers of the federal government bodies of the Russian Federation

2019 ◽  
Author(s):  
Ilia Pavlovich Mikhnev ◽  
Svetlana Vladimirovna Mikhneva
Keyword(s):  
Information Security ◽  
Federal Government ◽  
Russian Federation ◽  
Legal Status ◽  
Information Infrastructure ◽  
Critical Information ◽  
Security Service ◽  
Presidential Decree ◽  
Computer Attacks ◽  
The Russian Federation

The article discusses the competences and powers of the state authorities of the Russian Federation within their legal status in the field of ensuring the security of critical information infrastructure. Some functions and authorities in the field of information security have changed in a number of federal executive bodies. In particular, the Federal Security Service, on the basis of a presidential decree, is authorized to create a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation. However, not all rights and obligations are enshrined; a number of powers cause the duality of the legal status of certain federal bodies of state power. The clarity and unambiguity of securing the rights and obligations of state bodies authorized in the field of information security are guarantees for effectively ensuring the security of important information infrastructure facilities.

The model of an intelligent information security control system for supply chains based on the spatial concepts of the actor-network theory

2020 ◽  
Vol 5 ◽  
pp. 94-106
Author(s):  
Y.M. Iskanderov ◽  
◽  
M.D. Pautov
Keyword(s):  
Control System ◽  
Information Security ◽  
Supply Chains ◽  
Network Theory ◽  
Actor Network Theory ◽  
Spatial Concepts ◽  
Actor Network ◽  
Information Security Management System ◽  
Security Control ◽  
Intelligent Information

Aim. The use of modern information technologies makes it possible to achieve a qualitatively new level of control in supply chains. In these conditions, ensuring information security is the most important task. The article shows the possibilities of applying the spatial concepts of the actor-network theory in the interests of forming a relevant intelligent information security management system for supply chains. Materials and methods. The article discusses a new approach based on the provisions of the actor-network theory, which makes it possible to form the structure of an intelligent information security control system for supply chains, consisting of three main functional blocks: technical, psychological and administrative. The incoming information security threats and the relevant system responses generated through the interaction of the system blocks were considered as enacting the three Law’s spaces: the space of regions, the space of networks and the space of fl uids. Results. It is shown that the stability of this system in the space of networks is a necessary condition for its successful functioning in the space of regions, and its resilience in the space of fl uids gained through the dynamic knowledge formation helps overcome the adverse effects of the fl uidity. The problems of the intentional / unintentional nature of information security threats, as well as the reactivity / proactivity of the corresponding responses of the intelligent information security management system for supply chains are investigated. Conclusions. The proposed approach showed the possibility of using such an interdisciplinary tool in the fi eld of information security as the concepts of the actor-network theory. The intelligent information security control system built on its basis ensures that almost all the features of solving information security problems in supply chains are taken into account.

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

2019 ◽  
Author(s):  
Bogdan Korniyenko ◽  
Lilia Galata
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Analysis ◽  
Information Resources ◽  
Security System ◽  
Assessment System ◽  
Automated System ◽  
Information Risk ◽  
Critical Information

In this article, the research of information system protection by ana­ ly­ zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni­ ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter­ mi­ nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula­ tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili­ ty  — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul­ nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

Sign in / Sign up

Export Citation Format

Share Document