Security considerations for telemedicine systems

Mapping Intimacies ◽

10.21203/rs.2.24146/v1 ◽

2020 ◽

Author(s):

Dong-won Kim ◽

Jin-young Choi ◽

Keun-hee Han

Keyword(s):

Success Probability ◽

Security Requirements ◽

Security Threats ◽

Home Networks ◽

Security Measures ◽

Security Risks ◽

Telemedicine System ◽

Telemedicine Service ◽

Attack Trees ◽

Response Measures

Abstract Background: In this study, the effects of cybersecurity threats on telemedicine were investigated, and methods to evaluate security risks were considered. Many research institutes and investigation agencies have provided information about cybersecurity incidents in the medical field, between 2009 and 2019. Methods: The scenario information about cybersecurity threats was directly collected through a field survey. Potential threats that can occur in telemedicine services were accurately identified, and objective security requirements were derived by threat modeling using attack trees. The attack occurrence probability and attack success probability according to the importance of telemedicine service assets were included as variables. Results: The introduction of telemedicine guarantees accessibility to medical services for vulnerable areas. However, potential security threats and response measures in the telemedicine environment, which includes users and patients, remote medical devices, home networks, gateway devices, the Internet, and the telemedicine system, have not been considered thus far. Conclusion: This study contributes to the improvement of security by introducing methods to identify and evaluate security threats and preparing security measures for the telemedicine environment.

Download Full-text

Innovative Strategies for Secure Software Development

Software Design and Development ◽

10.4018/978-1-4666-4301-7.ch097 ◽

2014 ◽

pp. 2099-2119

Author(s):

Punam Bedi ◽

Vandana Gandotra ◽

Archana Singhal

Keyword(s):

Fuzzy Logic ◽

Security Requirements ◽

Software Systems ◽

Hybrid Technique ◽

Security Measures ◽

Failed State ◽

Innovative Strategies ◽

Secure Software ◽

Attack Trees ◽

Secure Software Development

This chapter discusses adoption of some proactive strategies in threat management for security of software systems. Security requirements play an important role for secure software systems which arise due to threats to the assets from malicious users. It is therefore imperative to develop realistic and meaningful security requirements. A hybrid technique has been presented in this chapter evolved by overlapping the strengths of misuse cases and attack trees for elicitation of flawless security requirements. This chapter also discusses an innovative technique using fuzzy logic as a proactive step to break the jinx of brittleness of present day security measures based on binary principle. In this mechanism, partially secure state evolved between safe state and failed state using fuzzy logic provides an alert signal to take appropriate additional preventive measures to save the system from entering into the failed state to the extent possible.

Download Full-text

Risk management-based security evaluation model for telemedicine systems

10.21203/rs.2.24146/v2 ◽

2020 ◽

Author(s):

Dong-won Kim ◽

Jin-young Choi ◽

Keun-hee Han

Keyword(s):

Risk Management ◽

Effective Means ◽

Success Probability ◽

Assessment Method ◽

Security Evaluation ◽

Security Threats ◽

Risk Modeling ◽

Medical Systems ◽

Telemedicine Service ◽

Attack Tree

Abstract Background: Infectious diseases that can cause epidemics, such as COVID-19, SARS-CoV, and MERS-CoV, constitute a major social issue, with healthcare providers fearing secondary, tertiary, and even quaternary infections. To alleviate this problem, telemedicine is increasingly being viewed as an effective means through which patients can be diagnosed and medications prescribed by doctors via untact (i.e., non-face-to-facemedical services. Thus, concomitant with developments in information and communication technology (ICT), medical institutions have actively analyzed and applied ICT to medical systems to provide optimal medical services. However, with the convergence of these diverse technologies, various risks and security threats have emerged. To protect patients and improve telemedicine quality for patient safety, it is necessary to analyze these risks and security threats comprehensively and institute appropriate countermeasures. Methods: The security threats likely to be encountered in each of seven telemedicine service areas were analyzed, and related data were collected directly through on-site surveys by a medical institution. Subsequently, an attack tree, the most popular reliability and risk modeling approach for systematically characterizing the potential risks of telemedicine systems, was examined and utilized with the attack occurrence probability and attack success probability as variables to provide a comprehensive risk assessment method. Results: In this study, the most popular modelling method, an attack tree, was applied to the telemedicine environment, and the security concerns for telemedicine systems were found to be very large. Risk management and evaluation methods suitable for the telemedicine environment were identified, and their benefits and potential limitations were assessed. Conclusion: This research should be beneficial to security experts who wish to investigate the impacts of cybersecurity threats on remote healthcare and researchers who wish to identify new modeling opportunities to apply security risk modeling techniques.

Download Full-text

Fire Safety and Security Threats Identification and Elimination

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.1001.306 ◽

2014 ◽

Vol 1001 ◽

pp. 306-311

Author(s):

Vladimír Mózer ◽

Tomas Loveček ◽

Andrej Vel'as ◽

Linda Makovická

Keyword(s):

Fire Safety ◽

Security Requirements ◽

Life Safety ◽

Security Threats ◽

Security Measures ◽

Security Systems ◽

Shopping Centre ◽

Conflicting Objectives ◽

Points Of View

This paper deals with the topic of fire safety and security measures and their mutual interaction. A designer or stakeholder may be confronted with conflicting objectives regarding life safety and object security. Often, escape routes pass via areas that are under non-emergency conditions subject to access control, accessible only to members of staff, contractors, etc. When fire alarm is activated, it is necessary to provide fast and unhindered evacuation from the premises, which may involve using restricted-access back-of-house areas. On a case study – section of a shopping centre – the concepts of both fire safety and security are presented. Firstly, the areas are analysed in terms of their importance from life safety and property security points of view and subsequently solutions are proposed to address any issues. In certain cases a balance between safety and security requirements must be found, i.e. it is not possible to fully satisfy both objectives at the same time, whereas in other fire safety and security systems have been found mutually complementary.

Download Full-text

Innovative Strategies for Secure Software Development

Designing, Engineering, and Analyzing Reliable and Efficient Software ◽

10.4018/978-1-4666-2958-5.ch013 ◽

2013 ◽

pp. 217-237

Author(s):

Punam Bedi ◽

Vandana Gandotra ◽

Archana Singhal

Keyword(s):

Fuzzy Logic ◽

Security Requirements ◽

Software Systems ◽

Hybrid Technique ◽

Security Measures ◽

Failed State ◽

Innovative Strategies ◽

Secure Software ◽

Attack Trees ◽

Secure Software Development

Download Full-text

Bringing Security to The Smallest Embedded Systems

10.34048/2017.1.f5 ◽

2017 ◽

Author(s):

JOSEPH YIU

Keyword(s):

Internet Of Things ◽

Embedded Systems ◽

Low Cost ◽

Security Requirements ◽

The Internet ◽

Security Measures ◽

Significant Challenge ◽

Iot Devices

The increasing need for security in microcontrollers Security has long been a significant challenge in microcontroller applications(MCUs). Traditionally, many microcontroller systems did not have strong security measures against remote attacks as most of them are not connected to the Internet, and many microcontrollers are deemed to be cheap and simple. With the growth of IoT (Internet of Things), security in low cost microcontrollers moved toward the spotlight and the security requirements of these IoT devices are now just as critical as high-end systems due to:

Download Full-text

‘Home, Sweet Home’: Managing Returning Foreign Terrorist Fighters in Germany, The United Kingdom and Australia

International Community Law Review ◽

10.1163/18719732-12341378 ◽

2018 ◽

Vol 20 (3-4) ◽

pp. 311-346 ◽

Cited By ~ 1

Author(s):

Kerstin Braun

Keyword(s):

United Kingdom ◽

Criminal Justice ◽

Holistic Approach ◽

Security Threats ◽

Security Risks ◽

Western Countries ◽

The United Kingdom

Abstract Since 2011, the conflict in Syria and Iraq has seen unprecedented numbers of Westerners travelling to the region to support jihadist terror organisations, so-called Foreign Terrorist Fighters (‘FTFs’). However, since 2015, with Islamic State’s financial and territorial losses, the numbers of Western FTFs are dwindling and many are returning to their countries of origin. As a consequence, numerous countries are grappling with how to best manage potential security threats arising from returning FTFs. This article critically analyses legal and criminal justice strategies to address this phenomenon implemented in three Western countries from which a significant number of FTFs originate: Germany, the United Kingdom and Australia. It focuses on prosecution, prevention of re-entry and rehabilitation of returning FTFs. It suggests that a holistic approach focusing on punitive but also on de-radicalising and reintegrating measures is best suited to address the security risks FTFs pose long term.

Download Full-text

Improving the Security of Storage Systems

Cyber Law, Privacy, and Security ◽

10.4018/978-1-5225-8897-9.ch038 ◽

2019 ◽

pp. 796-829

Author(s):

Wasan Awad ◽

Hanin Mohammed Abdullah

Keyword(s):

Cyber Security ◽

Storage Systems ◽

Assessment Model ◽

Security Threats ◽

Risk Matrix ◽

Security Risks ◽

Security Systems ◽

Security Vulnerabilities ◽

File Storage ◽

Local Storage

Developing security systems to protect the storage systems are needed. The main objective of this paper is to study the security of file storage server of an organization. Different kinds of security threats and a number of security techniques used to protect information will be examined. Thus, in this paper, an assessment plan for evaluating cyber security of local storage systems in organizations is proposed. The assessment model is based on the idea of cyber security domains and risk matrix. The proposed assessment model has been implemented on two prestigious and important organizations in the Kingdom of Bahrain. Storage systems of the assessed organizations found to have cyber security risks of different scales. This conclusion gives certainty to the fact that organizations are not capable of following the cyber security evolution and secure their storage systems from cyber security vulnerabilities and breaches. Organizations with local storage systems can improve the cyber security of their storage systems by applying certain techniques.

Download Full-text

Security in Cloud of Things (CoT)

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Managing Big Data in Cloud Computing Environments ◽

10.4018/978-1-4666-9834-5.ch003 ◽

2016 ◽

pp. 46-70 ◽

Cited By ~ 4

Author(s):

Bashar Alohali

Keyword(s):

System Architecture ◽

Security Requirements ◽

Security Risks ◽

Iot Applications ◽

Research Challenges ◽

Significant Research ◽

Research Questions ◽

Virtual Domain ◽

System Architecture Design ◽

And Storage

With IoT era, development raises several significant research questions in terms of system architecture, design and improvement. For example; the requirement of virtual resource utilization and storage capacity necessitates making IoT applications smarter; therefore, integrate the IoT concept with cloud computing will play an important role. This is crucial because of very large amounts of data that IoT is expected to generate. The Cloud of Things (CoT) is used to connect heterogeneous physical things to the virtual domain of the cloud. Despite its numerous advantages, there are many research challenges with utilization of CoT that needs additional consideration. These include high complexity, efficiency, improving reliability, and security. This chapter introduces CoT, its features, the applications that use CoT. CoT, like all other networked functions, is vulnerable to security attacks. The security risks for CoT are listed and described. The security requirements for CoT are identified and solutions are proposed to address the various attacks on CoT and its components.

Download Full-text

The Role of AI-Based Integrated Physical Security Governance for Optimizing IoT Devices Connectivity in Smart Cities

AI-Based Services for Smart Cities and Urban Infrastructure - Advances in Computational Intelligence and Robotics ◽

10.4018/978-1-7998-5024-3.ch014 ◽

2021 ◽

pp. 289-309

Author(s):

Rajan R. ◽

Venkata Subramanian Dayanandan ◽

Shankar P. ◽

Ranganath Tngk

Keyword(s):

Smart City ◽

Smart Cities ◽

Security Threats ◽

Security Measures ◽

Physical Security ◽

Security Technology ◽

Security Controls ◽

World Class ◽

Iot Devices

A smart city aims at developing an ecosystem wherein the citizens will have instant access to amenities required for a healthy and safe living. Since the mission of smart city is to develop and integrate many facilities, it is envisaged that there is a need for making the information available instantly for right use of such infrastructure. So, there exists a need to design and implement a world-class physical security measures which acts as a bellwether to protect people life from physical security threats. It is a myth that if placing adequate number of cameras alone would enhance physical security controls in smart cities. There is a need for designing and building comprehensive physical security controls, based on the principles of “layered defense-in-depth,” which integrates all aspects of physical security controls. This chapter will review presence of existing physical security technology controls for smart cities in line with the known security threats and propose the need for an AI-enabled physical security premise.

Download Full-text

A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain

Standards and Standardization ◽

10.4018/978-1-4666-8111-8.ch041 ◽

2015 ◽

pp. 875-896

Author(s):

Kristian Beckers ◽

Isabelle Côté ◽

Ludger Goeke ◽

Selim Güler ◽

Maritta Heisel

Keyword(s):

Cloud Computing ◽

System Analysis ◽

Business Case ◽

Security Requirements ◽

Cloud System ◽

Security Requirement ◽

Security Measures ◽

Analysis Pattern ◽

It Resources ◽

Requirements Patterns

Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. Therefore, the authors propose a structured, pattern-based method supporting eliciting security requirements and selecting security measures. The method guides potential cloud customers to model the application of their business case in a cloud computing context using a pattern-based approach. Thus, a potential cloud customer can instantiate our so-called Cloud System Analysis Pattern. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns and individual defined security requirement patterns, as well. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transfers the information from the instance to the security requirements patterns. In addition, they have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. The authors illustrate their method using an online-banking system as running example.

Download Full-text