A scoping review of Legal Aspect of Information Security Requirement in healthcare: A Benchmark for Assessing the Security Practice in hospitals (Preprint)

2021 ◽  
Author(s):  
Prosper Yeng ◽  
Muhammad Ali Fauzi ◽  
Luyi Sun ◽  
Bian Yang
Keyword(s):  
Information Security ◽  
Scoping Review ◽  
Legal Aspect ◽  
Code Of Conduct ◽  
Cyber Attacks ◽  
Security Requirements ◽  
Security And Privacy ◽  
Healthcare Sector ◽  
Security Requirement ◽  
Security Practices

BACKGROUND The loss of human lives from cyber-attacks in healthcare is no longer a probabilistic quantification but a reality which has begun. Additionally, the threat scope has expanded to involve threat of National security among others, resulting in surging data breaches within the healthcare sector. For that matter, there have been provisions of various legislations, regulations, and information security governance tools such as policies, standards and directives towards enhancing healthcare information security conscious care behavior among users. But in a research scenario where these required security practices are needed to be compared with ongoing security practices in healthcare, where can the security requirements pertaining to healthcare be obtained in a comprehensive way? Which of the requirements need more concentration of management, end users or both? OBJECTIVE The objective of this paper is therefore to systematically identify, assess and analyze the state-of-the-art information security requirements in healthcare. These requirements were used to develop a framework to serve as a yardstick for measuring the security practice of healthcare staff. METHODS A scoping review was adopted to identify the information security requirement sources within healthcare in Norway, Indonesia, and Ghana. A literature search was conducted in Scopus, PubMed, Google scholar, IEEE Explore and other sources such as legal, regulations, directive, policy and code of conduct related databases of Norway/EU, Indonesia and Ghana. The identified sources were reported with a PRISMA diagram in terms of identification, screening eligibility and inclusion. RESULTS Out of a total of 180 security and privacy requirement sources which were initially identified, 122 of them were fully read by the authors. Subsequently, 74 of these requirement documents fully met the inclusion criteria which were access and analyzed. A total of 68 security and privacy requirements were identified in this work. The findings were then used to develop a framework to serve as a benchmark for modeling and analyzing healthcare security practice. CONCLUSIONS Legal requirements for analyzing healthcare security practice were comprehensively identified and analyzed. The finding was used to develop a framework of which the legal requirement serves as a benchmark for modeling and analyzing healthcare security practice.

A Mark-Up Language for the Specification of Information Security Governance Requirements

2013 ◽  
pp. 103-123
Author(s):  
Anirban Sengupta ◽  
Chandan Mazumdar
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Requirements ◽  
Security Requirement ◽  
Security Governance ◽  
Digital World ◽  
Information Security Governance ◽  
Version 2.0 ◽  
Enterprise Security ◽  
And Control

As enterprises become dependent on information systems, the need for effective Information Security Governance (ISG) assumes significance. ISG manages risks relating to the confidentiality, integrity and availability of information, and its supporting processes and systems, in an enterprise. Even a medium-sized enterprise contains a huge collection of information and other assets. Moreover, risks evolve rapidly in today’s connected digital world. Therefore, the proper implementation of ISG requires automation of the various monitoring, analysis, and control processes. This can be best achieved by representing information security requirements of an enterprise in a standard, structured format. This paper presents such a structured format in the form of Enterprise Security Requirement Markup Language (ESRML) Version 2.0. It is an XML-based language that considers the elements of ISO 27002 best practices.

scholarly journals IoT-based Application of Information Security Triad

2021 ◽  
Vol 15 (24) ◽  
pp. 61-76
Author(s):  
Mana Saleh Al Reshan
Keyword(s):  
Information Security ◽  
Smart Home ◽  
Cyber Attacks ◽  
Security And Privacy ◽  
Smart Devices ◽  
Exponential Increase ◽  
Operational Capabilities ◽  
Smart Tv ◽  
Iot Devices ◽  
Smart Home Appliances

Information Security is the foremost concern for IoT (Internet of things) devices and applications. Since the advent of IoT, its applications and devices have experienced an exponential increase in numerous applications which are utilized. Nowadays we people are becoming smart because we started using smart devices like a smartwatch, smart TV, smart home appliances. These devices are part of the IoT devices. The IoT device differs widely in capacity storage, size, computational power, and supply of energy. With the rapid increase of IoT devices in different IoT fields, information security, and privacy are not addressed well. Most IoT devices having constraints in computational and operational capabilities are a threat to security and privacy, also prone to cyber-attacks. This study presents a CIA triad-based information security implementation for the four-layer architecture of the IoT devices. An overview of layer-wise threats to the IoT devices and finally suggest CIA triad-based security techniques for securing the IoT devices.

scholarly journals An Anonymous Certificateless Signcryption Scheme for Secure and Efficient Deployment of Internet of Vehicles

2021 ◽  
Vol 13 (19) ◽  
pp. 10891
Author(s):  
Insaf Ullah ◽  
Muhammad Asghar Khan ◽  
Mohammed H. Alsharif ◽  
Rosdiadee Nordin
Keyword(s):  
Secure Communication ◽  
Vehicular Ad Hoc Networks ◽  
Research Work ◽  
Wireless Channel ◽  
Cyber Attacks ◽  
Security Requirements ◽  
Security And Privacy ◽  
Security Issue ◽  
Internet Of Vehicles ◽  
Signcryption Scheme

Internet of Vehicles (IoV) is a specialized breed of Vehicular Ad-hoc Networks (VANETs) in which each entity of the system can be connected to the internet. In the provision of potentially vital services, IoV transmits a large amount of confidential data through networks, posing various security and privacy concerns. Moreover, the possibility of cyber-attacks is comparatively higher when data transmission takes place more frequently through various nodes of IoV systems. It is a serious concern for vehicle users, which can sometimes lead to life-threatening situations. The primary security issue in the provision of secure communication services for vehicles is to ensure the credibility of the transmitted message on an open wireless channel. Then, receiver anonymity is another important issue, i.e., only the sender knows the identities of the receivers. To guarantee these security requirements, in this research work, we propose an anonymous certificateless signcryption scheme for IoV on the basis of the Hyperelliptic Curve (HEC). The proposed scheme guarantees formal security analysis under the Random Oracle Model (ROM) for confidentiality, unforgeability, and receiver anonymity. The findings show that the proposed scheme promises better security and reduces the costs of computation and communication.

scholarly journals Predicting Internet of Things (IOT) Security and Privacy Risks – A Proposal Model: توقع مخاطر أمن وخصوصية إنترنت الأشياء (IOT) – نموذج مقترح بحثي

2021 ◽  
Vol 5 (3) ◽  
pp. 133-112
Author(s):  
Awad Saad Al-Qahtani, Mohammad Ayoub Khan Awad Saad Al-Qahtani, Mohammad Ayoub Khan
Keyword(s):  
Internet Of Things ◽  
Security Management ◽  
Cyber Attacks ◽  
Security Requirements ◽  
Security And Privacy ◽  
The Internet ◽  
Security Risks ◽  
Iot Security ◽  
Iot Devices ◽  
The Internet Of Things

The Internet of things (IOT) users lack awareness of IOT security infrastructure to handle the risks including Threats, attack and penetration associated with its use. IOT devices are main targets for cyber-attacks due to variable personally identifiable information (PII) stored and transmit in the cyber centers. The security risks of the Internet of Things aimed to damage user's security and privacy. All information about users can be collected from their related objects which are stored in the system or transferred through mediums among diverse smart objects and may exposed to exposed dangerous of attacks and threats if it lack authentication so there are essential need to make IOT security requirements as important part of its efficient implementation. These requirements include; availability, accountability, authentication, authorization, privacy and confidentiality, Integrity and Non-repudiation. The study design is a survey research to investigate the visibility of the proposed model of security management for IOT uses, the security risks of IOT devices, and the changes IOT technology on the IT infrastructure of IOT users through answering of the research questionnaires. This work proposes a model of security management for IOT to predict IOT security and privacy threats, protect IOT users from any unforeseen dangers, and determine the right security mechanisms and protocols for IOT security layers, as well as give the most convenient security mechanisms. Moreover, for enhancing the performance of IOT networks by selecting suitable security mechanisms for IOT layers to increase IOT user's security satisfaction.

scholarly journals Future of healthcare vis-a-vis building trust in major stakeholders through Information Security Management

2013 ◽  
Vol 3 (2) ◽  
Author(s):  
Alpana Kakkar ◽  
Priyanka Tayal ◽  
Ritu Punhani
Keyword(s):  
Information Security ◽  
Medical Records ◽  
Correct Diagnosis ◽  
Security Management ◽  
Security And Privacy ◽  
Healthcare Sector ◽  
Management Systems ◽  
Healthcare Industry ◽  
Information Security Management ◽  
Digital World

The Healthcare sector is growing leaps and bound, so is its data and information. Security and privacy of this Information has become a crucial issue for this proliferating healthcare industry. In this fast moving global scenario, patients need not carry their medical records in a big bag on move, as in this digital world ,all that patients have to do is to get admitted in a hospital for the treatment , rest all is in hands of Information Assets Infrastructure of these mushrooming hospitals. But due to the increased use of patient’s information sharing among doctors, vis hospitals ;patients and their families raise an issue for security of their medical data and records. Hence improving the Information Security Management Systems (ISMS) has become the necessity to keep secure digital patient records for success of hospitals and their brands or at large name and fame of Healthcare Industry. Patients are required to share information with doctors for correct diagnosis and treatment. Security concerns arise, in transmitting and processing electronic medical records, personal healthcare records, patients’ billing records as well as public health alerts across many parties with varying security, privacy and trust levels. Not all hospitals adopt all the essential security measures. In the present paper, we are studying eight International Hospitals to review their Information Security Management Systems (ISMS) standards , concluding their stands on the basis of proposed five principles and also proposing the future scope of implementation of IS in the hospital. We contemplate an Information Security model based on the proposed five principles of Information Security.

scholarly journals Information System Security Practices and Implementation Issues and Challenges in Public Universities

2021 ◽  
Vol 1 (5) ◽  
pp. 11-15
Author(s):  
Patrick M. Njoroge ◽  
James O. Ogalo ◽  
Cyprian M. Ratemo
Keyword(s):  
Information Security ◽  
Best Practices ◽  
Public Universities ◽  
Cyber Attacks ◽  
Survey Method ◽  
University Management ◽  
Security Practices ◽  
Management Participation ◽  
Descriptive Survey ◽  
Information Security Practices

The use of information and communication technology has been providing the competitive edge for universities globally while Kenyan universities are not an exception. This has in turn made the universities targets of cyber-attacks and hence exposure to unprecedented security risks. The universities need to implement information security best practices and standards in their technological environments to remain secure and operational. The research sought to investigate the information security practices adopted in Kenyan public universities to protect themselves. Descriptive survey method was employed while the study was based on Operationally Critical Threats, Assets and Vulnerability Evaluation (OCTAVE) framework and other industry security best practices. The study targeted the 31 chartered public universities, which were clustered based on their year of establishment. Simple random and purposive sampling methods were utilized to select two target universities per cluster and determine respondents respectively. The study had a response rate of 61%. Analysis of data was done via descriptive statistics while presentation of results was done using tables and Likert scale. The study revealed that universities had implemented information security policies, with 47.6% of respondents somewhat agreeing to that. Funding for security was provided 57.6% somewhat agreeing, though the funding was deemed low by 51% of respondents. Training for security staff was deemed somewhat available (44%) thus below par, while involvement of university management on policies development was at 48% though university management participation in policies review was below average. 38% of respondents somewhat agreed that policies governing use of mobile devices existed. Frequency of user awareness and training was below the average, while 48% of respondents somewhat agreed that universities usually share their intelligence reports on threats and responses with other government agencies. 49% of respondents were somewhat in agreement universities had put in place incidence response plans. Application of updates and improvements was below average, though evaluation of effectiveness of controls was average. To remain protected universities management should cause a review of their employed information security practices and address identified gaps through instigation of essential remedial actions.

ANALYSIS AND ASSESSMENT OF METHODS AND MEANS OF DESTRUCTING INFORMATION FROM MAGNETIC MEDIA AS AN ELEMENT OF MODERN INFORMATION SECURITY

2019 ◽  
pp. 99-112 ◽  
Author(s):  
O. Semenenko ◽  
Y. Dobrovolsky ◽  
V. Koverga ◽  
O. Sechenev
Keyword(s):  
Information Security ◽  
Information Exchange ◽  
Integrated Approach ◽  
Operating Conditions ◽  
Security Requirements ◽  
Magnetic Media ◽  
Security Technologies ◽  
Analysis Of Means ◽  
Complex Development ◽  
Modern Information

Evolution of security technologies shows that only the concept of an integrated approach to information security can provide modern information security requirements. A comprehensive approach means the complex development of all the necessary methods and means of information protection. Today, the information exchange and information systems in the Ministry of Defense of Ukraine have certain means and approaches to the destruction of information, but each of them has different estimates of the effectiveness of their use, as well as different cost of their purchase and use. Therefore, the main purpose of the article is to carry out a comprehensive analysis of means of destroying confidential information of methods of its destruction in order to formulate practical recommendations for choosing the most effective and economically feasible for the Ministry of Defense of Ukraine. The perfection of methods and means of destroying information from magnetic media is an important element of modern information security. The results of the analysis carried out in the article are the disclosure of the main features of modern devices for the elimination of magnetic records, as well as the ability to formulate a list of basic requirements for modern devices for the destruction of information from magnetic media. Today, technical means of information security, in particular, the elimination of information on magnetic media, are constantly being improved, absorbing the latest advances in modern security technologies. Their model range, which takes into account the diversity of customer requirements, such as the type of energy supply, the level of mobility, reliability and operating conditions, expands. All this determines the relevance of research topics in this direction in the future.

Multi-Disciplinary Opinions Focused on Healthcare Sector for Global Pandemic: COVID-19 (Preprint)

2020 ◽  
Author(s):  
Vinod Kumar Verma
Keyword(s):  
Internet Of Things ◽  
Research Community ◽  
Security And Privacy ◽  
Healthcare Sector ◽  
The Internet ◽  
Thought Process ◽  
Related Information ◽  
Global Pandemic ◽  
The People ◽  
The Internet Of Things

BACKGROUND COVID- 19 pandemics has affected the life of every human being in this world dramatically. The daily routine of the human has been changed to an uncertain extent. Some of the people are affected by the COVID-19, and some of the people are in fear of this epidemic. This has completely changed the thorough process of the people, and now, they are looking for solutions of this pandemic at different levels of the human addressable areas. These areas include medicine, vaccination, precautions, psychology, technology-assisted solutions like information technology, etc. There is a need to think in the direction of technology compliant solutions in the era of COVID-19 pandemic. OBJECTIVE The objective of this paper is to discuss the existing views and focus on the recommendations for the enhancement in the current situation from COVID-19. METHODS Based on the literature, perceptions, challenges, and viewpoints, the following opinions are suggested to the research community for the prevention and elimination of global pandemic COVID-19. The research community irrespective of the discipline focus on the following: 1. The comprehensive thought process for the designing of the internet of things (IoT) based solutions for healthcare applications used in the prevention from COVID-19. 2. Strategies for restricting outbreak of COVID-19 with the emerging trends in Ehealthcare applications. Which should be the optimal strategy to deal with a global pandemic? 3. Explorations on the data analysis as derived from the advanced data mining and warehousing associated with IoT. Besides, cloud-based technologies can be incorporated for the global spread of healthcare-related information to serve the community of different countries in the world. 4. The most adaptable method and technology can be deployed for the development of innovative solutions for COVID-19 related people like smart, patient-centric healthcare information systems. 5. Implementation of smart solutions like wearable technology for mask and PPE along with their disposal can be considered to deal with a global epidemic like COVID-19. This will lead to the manufacturing and incorporation of wearable technologies in the healthcare sector by industries. 6. A Pervasive thought process can be standardized for dealing with global pandemic like COVID-19. In addition, research measures should be considered for the security and privacy challenges of IoT services carrying healthcare-related information. These areas and directions are diverse but, in parallel, the need for healthy bonding and correlation between the people like researchers and scientists irrespective of their discipline. The discipline may vary from medical, engineering, computing, finance, and management, etc. In addition, standard protocols and interoperability measures can be worked out for the exchange of information in the global pandemic situations. RESULTS Recommendations Discussed CONCLUSIONS In this paper, the opinions have been discussed in the multi-disciplinary areas of research like COVID-19 challenges, medicines and vaccines, precautionary measures, technology assistance, and the Internet of Things. These opinions and discussion serve as an integrated platform for researchers and scientists to think about future perspectives to deal with healthcare-related COVID-19 pandemic situation. This includes the original, significant, and visionary automation based ideas, innovations, scientific designs, and applications focusing on Inter-disciplinary technology compliant solutions like IoT, vaccinations, manufacturing, preventive measures, etc. for the improvement of efficiency and reliability of existing healthcare systems. For the future, there is dire need to strengthen the technology not only in the one area but also for the interdisciplinary areas to recover from the pandemic situation rapidly and serve the community.

scholarly journals COVID-19 and Beyond: Employee Perceptions of the Efficiency of Teleworking and Its Cybersecurity Implications

2021 ◽  
Vol 13 (12) ◽  
pp. 6750
Author(s):  
Andreja Mihailović ◽  
Julija Cerović Smolović ◽  
Ivan Radević ◽  
Neli Rašović ◽  
Nikola Martinović
Keyword(s):  
Information Security ◽  
Latent Variables ◽  
Structural Equation ◽  
Relevant Literature ◽  
Cyber Attacks ◽  
Employee Perceptions ◽  
Organizational Efficiency ◽  
Digital Information ◽  
Starting Point ◽  
The Impact

The main idea of this research is to examine how teleworking has affected employee perceptions of organizational efficiency and cybersecurity before and during the COVID-19 pandemic. The research is based on an analytical and empirical approach. The starting point of the research is a critical and comprehensive analysis of the relevant literature regarding the efficiency of organizations due to teleworking, digital information security, and cyber risk management. The quantitative approach is based on designing a structural equation model (SEM) on a sample of 1101 respondents from the category of employees in Montenegro. Within the model, we examine simultaneously the impact of their perceptions on the risks of teleworking, changes in cyber-attacks during teleworking, organizations’ capacity to respond to cyber-attacks, key challenges in achieving an adequate response to cyber-attacks, as well as perceptions of key challenges related to cybersecurity. The empirical aspects of our study involve constructing latent variables that correspond to different elements of employee perception; namely, their perception of organizational efficiency and the extent to which the digital information security of their organizations has been threatened during teleworking during the pandemic.

scholarly journals USE OF ONTOLOGIES IN MAPPING OF INFORMATION SECURITY REQUIREMENTS / ONTOLOGIJOS NAUDOJIMAS INFORMACIJOS SAUGUMO REIKALAVIMAMS SUSIET

2013 ◽  
Vol 5 (2) ◽  
pp. 88-91
Author(s):  
Simona Ramanauskaitė ◽  
Eglė Radvilė ◽  
Dmitrij Olifer
Keyword(s):  
Information Security ◽  
Best Practices ◽  
Security Requirements ◽  
Security Standards

A large amount of different security documents, standards, guidelines and best practices requires to ensure mapping between different security requirements. As the result of mapping, security requirements of different standards can coincide or require to be amended or harmonised. This is the reason why it is so difficult to map more than two different security documents. Ontologies can be used to solve this issue. The article offers a review of different security documents and ontology types as well as investigates possible use of ontologies for mapping of security standards. Article in Lithuanian Santrauka Esant daugybei informacijos saugą reglamentuojančių dokumentų, gairių ir standartų, aktualu tarpusavyje susieti juose apibrėžtus saugumo reikalavimus. Skirtinguose saugos dokumentuose aprašyti saugumo reikalavimai gali ne tik sutapti arba papildyti vienas kitą, bet ir prieštarauti vienas kitam. Tai labai apsunkina daugiau negu dviejų informacijos saugą reglamentuojančių dokumentų susiejimą. Vienas būdų susieti daugiau negu du saugą reglamentuojančius dokumentus galėtų būti ontologijos naudojimas. Straipsnyje apžvelgiami šiuo metu pagrindiniai saugą reglamentuojantys standartai, egzistuojančios saugumo ontologijos, išnagrinėta galimybė naudoti ontologiją saugą reglamentuojančių dokumentų reikalavimams susieti ir galimybę tokį susiejimą atvaizduoti grafais.

Sign in / Sign up

Export Citation Format

Share Document