ANALYSIS OF THE THREAT OF INFORMATION SECURITY DURING PROCESSING OF PERSONAL DATA IN MOBILE MEDICINE

2020 ◽  
pp. 129-138
Author(s):  
Владимир Павлович Гулов ◽  
Виктор Анатольевич Хвостов ◽  
Алексей Васильевич Скрыпников ◽  
Владимир Петрович Косолапов ◽  
Галина Владимировна Сыч
Keyword(s):  
Mobile Application ◽  
Medical Information ◽  
Personal Data ◽  
Mobile Systems ◽  
Mobile Technologies ◽  
Smart Devices ◽  
Mobile Medicine ◽  
Mobile Stations ◽  
Quality Of Medical Care ◽  
The Impact

Проведен анализ технологий мобильной медицины, используемых для повышения качества оказания медицинской помощи. На основе анализа уязвимостей мобильных станций (смартфонов, планшетов, смарт устройств, различных периферийных устройств смартфонов и т.п.), технологий предоставления доступа к интернет для мобильных систем (используемые в сетях сотовой связи, беспроводного доступа), а также мобильных сервисов медицинских информационных систем предложена классификация угроз мобильной медицины и проведен анализ возможностей по реализации этих угроз. Целью работы является разработка актуальной модели угроз безопасности мобильной медицины, проведение исследований по оценке полноты и непротиворечивости применяемых в настоящее время средств защиты мобильных систем, таких как менеджер мобильных устройств, менеджер мобильных приложений, магазин доверенных мобильных приложений, шлюз безопасности мобильных приложений и др. В статье рассматриваются источники угроз, уязвимости технологий мобильной медицины, каналы воздействия угроз, объекты воздействия и возникающие ущербы от реализации угроз, характерные для мобильных технологий и имеющие отличные от традиционных точки приложения реализаций угроз и векторы. Проведен анализ контекста применения мобильной медицины и влияния на процессы предоставления медицинских услуг The analysis of mobile medicine technologies used to improve the quality of medical care. Based on the analysis of vulnerabilities of mobile stations (Smartphone's, tablets, smart devices, various peripheral devices of Smartphone's, etc.), technologies for providing Internet access for mobile systems (used in cellular networks, wireless access), as well as mobile medical information services systems, the classification of threats to mobile medicine is proposed, and an analysis of the possibilities for implementing these threats is carried out. The aim of the work is to develop an up-to-date model of threats to the security of mobile medicine, to conduct studies to assess the completeness and consistency of currently used protection systems for mobile systems, such as a mobile device manager, mobile application manager, trusted mobile application store, mobile application security gateway, etc. The article discusses the sources of threats, vulnerabilities of technologies of mobile medicine, the channels of exposure to threats, the objects of exposure and the resulting damage from the implementation of threats that are characteristic of mobile technologies and have different applications of threat implementations and vectors. The analysis of the context of the use of mobile medicine and the impact on the processes of providing medical services is carried out

PERSONAL DATA PROTECTION FEATURES IN MOBILE MEDICINE

2020 ◽  
pp. 171-176
Author(s):  
Владимир Павлович Гулов ◽  
Виктор Анатольевич Хвостов ◽  
Владимир Петрович Косолапов ◽  
Галина Владимировна Сыч
Keyword(s):  
Mobile Communications ◽  
Medical Information ◽  
Personal Data ◽  
Mobile Systems ◽  
Mobile Technologies ◽  
Smart Devices ◽  
Security Architecture ◽  
Medical Organization ◽  
Personal Data Protection ◽  
Mobile Medicine

Проведен анализ особенностей применения медицинских технологий, использующих мобильные приложения для повышения эффективности оказания медицинских услуг пациентам (мобильная медицина). На основе анализа уязвимостей характерных для мобильных систем и уязвимости медицинских информационных систем с мобильным доступом пациентов и сотрудников медицинской организации, новых атак, направленных на уязвимости мобильных технологий и протоколов сотовой связи и беспроводного доступа скорректированы цели безопасности и контекст безопасности организации. Для решения задач безопасности, возникающих при использовании технологий мобильной медицины, предложены типовая архитектура безопасности, способы защиты информации и проведен анализ возможных технических средств защиты. Целью архитектуры безопасности мобильной медицины является обеспечение конфиденциальности, целостности и доступности информационных ресурсов медицинской организации при доступе к ней с мобильных станций (смартфонов, планшетов, смарт устройств и т.п.). Основой архитектуры безопасности мобильной медицины могут являться средства обеспечения безопасности, такие как виртуальные частные сети, системы обнаружения вторжений, системы слежения за действиями пользователя, а также такие средства защиты информации как менеджер мобильных устройств и менеджер мобильных приложений The analysis of the features of the application of medical technologies using mobile applications to improve the efficiency of the provision of medical services to patients (mobile medicine) is carried out. Based on the analysis of vulnerabilities characteristic of mobile systems and the vulnerability of medical information systems with mobile access for patients and employees of a medical organization, new attacks aimed at vulnerabilities of mobile technologies and protocols of mobile communications and wireless access, the security objectives and the security context of the organization are adjusted. To solve the security problems arising from the use of mobile medicine technologies, a typical security architecture, methods for protecting information, and an analysis of possible technical means of protection are proposed. The purpose of the security architecture of mobile medicine is to ensure the confidentiality, integrity and accessibility of information resources of a medical organization when accessing it from mobile stations (Smartphone's, tablets, smart devices, etc.). The basis of the mobile medicine security architecture can be security tools such as virtual private networks, intrusion detection systems, user activity tracking systems, and information security tools such as a mobile device manager and mobile application manager

METHODS OF ENSURING THE SECURITY OF PERSONAL DATA IN MEDICAL INFORMATION SYSTEMS USING MOBILE TECHNOLOGIES

2020 ◽  
pp. 132-140
Author(s):  
Владимир Павлович Гулов ◽  
Виктор Анатольевич Хвостов ◽  
Алексей Васильевич Скрыпников ◽  
Владимир Петрович Косолапов ◽  
Галина Владимировна Сыч
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Mobile Devices ◽  
Medical Information ◽  
Personal Data ◽  
Mobile Systems ◽  
Mobile Technologies ◽  
Smart Devices ◽  
Medical Information Systems ◽  
Mobile Access

Проведен анализ использования мобильных технологий при обработке персональных данных в медицинских информационных системах. Мобильные технологии как объект обеспечения информационной безопасности характеризуются рядом критических уязвимостей, связанных с недостатками реализации мобильных устройств (смартфонов, планшетов, смарт устройств, различных периферийных устройств смартфонов и т.п.), технологий предоставления доступа к интернету для мобильных систем (используемые в сетях сотовой связи, беспроводного доступа) и серверной части медицинских информационных систем. В связи с обработкой в медицинских информационных системах с мобильными устройствами персональных данных специальной категории защита от угроз безопасности информации требует особого внимания и определена на законодательном уровне. В руководящих документах регуляторов обработки персональных данных России вопросы защиты информации при использовании мобильных технологий не рассматриваются в связи с новизной проблемы. В этой связи проблема обеспечения безопасности персональных данных в медицинских информационных системах с применением мобильных технологий является актуальной. В статье рассматриваются принципы построения мобильных приложений, используемых для работы с медицинскими информационными системами, и их серверных частей. На основе анализа актуальной модели угроз безопасности информации мобильных технологий и средств защиты информации, применяемых при использовании мобильных систем, предлагается система защиты для медицинских информационных систем, использующих мобильный доступ The analysis of the use of mobile technologies in the processing of personal data (PD) in medical information systems (MIS). Mobile technologies as an object of information security are characterized by a number of critical vulnerabilities associated with the implementation flaws of mobile devices (smartphones, tablets, smart devices, various peripheral devices of smartphones, etc.), technologies for providing Internet access for mobile systems (used in cellular networks, wireless access) and the server part of the MIS. In connection with the processing of personal data of a special category in MIS with mobile devices, protection against BI threats requires special attention and is defined at the legislative level. In the guidance documents of the regulators of the processing of personal data in Russia, the issues of information protection when using mobile technologies are not considered due to the novelty of the problem. In this regard, the problem of ensuring the security of PD in MIS using mobile technologies is urgent. The article discusses the principles of building mobile applications used to work with MIS and their server parts. Based on the analysis of the current threat model of information security mobile technologies and information security tools used when using mobile systems, a protection system for MIS using mobile access is proposed

MODEL OF INDIVIDUALLY GROUP ASSIGNMENT OF ACCESS TO HIERARCHICALLY ORGANIZED OBJECTS OF CRITICAL INFORMATION SYSTEMS USING MOBILE TECHNOLOGIES

2021 ◽  
Vol 14 (1) ◽  
pp. 73-79
Author(s):  
E. Rogozin ◽  
Viktor Khvostov ◽  
Valeriy Suhanov ◽  
D. Korobkin ◽  
D. Mochalov
Keyword(s):  
Information Systems ◽  
Access Control ◽  
Role Models ◽  
Medical Information ◽  
Mobile Systems ◽  
Mobile Technologies ◽  
Security Systems ◽  
Advantages And Disadvantages ◽  
Group Assignment ◽  
Access Control Models

The analysis of access control models currently used in information security systems (SPI) is carried out. Based on the analysis of the advantages and disadvantages of discretionary, authoritative and role models in the implementation of access of mobile systems of subjects with different needs and roles to hierarchically organized information objects of medical information systems (MIS), it is proposed to use access control based on a thematic - hierarchical policy. The methods of forming thematic grids that provide security control of information flows are proposed. The article offers methods for setting the reachability matrix for reading, writing, and executing different access subjects to access objects with monorubricated and multi-rubricated hierarchical thematic classification.

MODEL OF INDIVIDUALLY GROUP ASSIGNMENT OF ACCESS TO HIERARCHICALLY ORGANIZED OBJECTS OF MEDICAL INFORMATION SYSTEMS USING MOBILE TECHNOLOGIES

2021 ◽  
pp. 135-146
Author(s):  
Владимир Павлович Гулов ◽  
Виктор Анатольевич Хвостов ◽  
Владимир Петрович Косолапов ◽  
Галина Владимировна Сыч
Keyword(s):  
Information Systems ◽  
Access Control ◽  
Role Models ◽  
Medical Information ◽  
Mobile Systems ◽  
Mobile Technologies ◽  
Medical Information Systems ◽  
Advantages And Disadvantages ◽  
The Subject ◽  
Access Rights

Проведен анализ моделей управления доступа используемых в настоящее время в системах защиты информации. На основе анализа достоинств и недостатков дискреционной, полномочной и ролевой моделей при осуществлении доступа мобильных систем субъектов с различными потребностями и ролями к иерархически организованным информационным объектам медицинских информационных систем предложено использовать управление доступом на основе тематическо - иерархической политики. На основе анализа организационной структуры медицинской организации и типовых модулей медицинских информационных систем, имеющих иерархическую структуру при которой тематика объекта доступа определяется тематическими узлами классификатора с автоматическим распространением на объекты классификации всех соответствующих подчиненных тематических узлов, субъектам доступа предоставляются права на доступ к объектам, тематика которых соответствует одному или нескольким узлам классификатора с автоматическим распространением прав работы на документы с тематикой соответствующих подчиненных узлов. Предложены методы формирования тематических решеток, обеспечивающие контроль безопасности информационных потоков. В статье предлагаются методы задания матрицы достижимости по чтению, записи и выполнению разных субъектов доступа к объектам доступа с монорубрицированной и мультирубрицированной иерархической тематической классификацией The analysis of access control models currently used in information security systems is carried out. Based on the analysis of the advantages and disadvantages of discretionary, authoritative and role models when accessing mobile systems of subjects with different needs and roles to information objects of medical information systems, it is proposed to use access control based on a thematic hierarchical policy. Based on the analysis of the organizational structure of a medical institution and typical MIS modules, having a hierarchical structure in which the subject of the access object is determined by the thematic nodes of the classifier with automatic distribution to the classification objects of all corresponding subordinate thematic nodes and access subjects are granted access rights to objects whose subject matter corresponds to one or several to the nodes of the classifier with automatic distribution of the rights to work on documents with the subject of the corresponding subordinate nodes, methods for the formation of thematic lattices are proposed to ensure the security control of information flows. The article discusses methods for setting the reach ability matrix for reading, writing and executing different subjects of access to access objects with monorubric and multi-categorized hierarchical thematic classification

AREAS OF MOBILE TECHNOLOGIES APPLICATION WHEN PREPARING THE POPULATION FOR ACTIONS DURING EMERGENCIES

2019 ◽  
Vol 7 ◽  
pp. 105-121
Author(s):  
V. Mykhailov ◽  
S. Pavlov ◽  
Yu. Kravchenko ◽  
D. Yadchenko
Keyword(s):  
Mobile Devices ◽  
Safety Culture ◽  
Emergency Preparedness ◽  
Mobile Application ◽  
Human Life ◽  
Mobile Technologies ◽  
Life Safety ◽  
Civil Protection ◽  
Culture Development ◽  
The Impact

In the circumstances when human life is intensively affected by many harmful environmental factors resulting from large-scale disasters of different origins and types, the issues of population training in emergency preparedness and response as well as public safety culture development in general are of great importance. According to the State Emergency Service of Ukraine, in 2018 168 people were killed and 839 were injured because of emergencies.  In comparison with the same last year period, there is a steady death toll increase despite the fact that the total number of emergencies in Ukraine has decreased in contrast to the previous period. In addition, rescuers have considered fire safety and hygiene violations along with low-level control over the epidemic prevention measures implementation as main causes of natural and man-made emergencies in the country during recent years. Such state of affairs may indicate that very often the loss of life during emergency results from the lack of knowledge and failure to comply with the recommendations on life safety, and that the existing system of civil protection training is not able to cover all segments of the population. In addition, the complex technogenic and environmental, and military and political situations significantly increases the risk of dangerous incidents occurrence with casualties. Thus, modernization of knowledge dissemination system on the civil protection and life safety issues among the population are of particular relevance. The problem of mobile technologies for educational purposes is analyzed by the Ukrainian and foreign researchers, namely: V. Bykov, A. Struk, S. Smerikov, D. Kigan, A. Andreeva, etc. At the same time, the analysis of scientific and methodological literature and online sources shows that the problem of the use of mobile training for raising public awareness on civil protection issues has not been considered as a separate research subject before. The purpose of the article is to determine the peculiarities of the mobile technologies used for population emergency preparedness, as well as to present the developed social mobile application “SES Alphabet” and the prospects of its usage for population training. Under the rapid civilizational development of humanity, there will always be the possibility of various natural and manmade threats, and a certain part of the population will suffer from dangerous factors of the external environment. Therefore, the issue of citizen’s safety competence development and the culture of society safety in general will always remain urgent. According to the Ukrainian Constitution, human life and health, its protection against the impact of harmful man-made, natural, environmental and social factors are the highest social values, for which a unified state system of civil protection was created. One of the system’s components is the preparing of the population to behave properly under the conditions of potential emergencies. Taking into account the fact that the main task of public policy in the civil protection field is emergency prevention, preparing people to act under special circumstances is an effective form of prophylaxis, first and foremost, of human casualties caused by disasters. The basics of human behavior in extreme situations are formed because of constant training, which provides an adequate level of preparedness in case of emergency. Therefore, the training of the population on civil protection issues should be standardized and widespread. There is a natural question about effective tools for such training. In our opinion, it is possible to solve this problem by developing a suitable mobile application. Using of mobile devices for outreach activities on civil protection issues with the civilians and promotion of a safety culture in society have wide prospects because it addresses the major problem of accessibility and rapid provision of the adapted, easy-to-read educational information material. Mobile learning offers great opportunities for self-education of the population because the application allows you to remotely study in the field of life safety regardless of place and time. The high concentration and multimedia of the training material make it possible to focus on the main points, while the user-friendly interface allows you to navigate the vast array of civil protection information material very quickly. Considering the opportunities and advantages, mobile education, in our opinion, in the long run can be the most effective outreach activity for the population on socially significant issues, in particular informing citizens about emergency response. The use of mobile devices will create the conditions for accessible, inclusive and continuous education of the population on civil protection issues. International experience in the mobile applications in civil protection systems used to inform the public about emergency demonstrates the effectiveness of the mobile technologies in achieving the key tasks in the field of civil protection, namely the protection of life and health of citizens. The mobile application will provide useful and easy-to-read information about emergency procedures, which will help to avoid loss of human lives among the affected population.

scholarly journals The impact of transparency on mobile privacy decision making

2019 ◽  
Vol 30 (3) ◽  
pp. 607-625 ◽  
Author(s):  
Jan Hendrik Betzing ◽  
Matthias Tietz ◽  
Jan vom Brocke ◽  
Jörg Becker
Keyword(s):  
Data Processing ◽  
Service Providers ◽  
Personal Information ◽  
Mobile Apps ◽  
Personal Data ◽  
Smart Devices ◽  
General Data Protection Regulation ◽  
Personalized Services ◽  
Acceptance Rates ◽  
The Impact

Abstract Smart devices provide unprecedented access to users’ personal information, on which businesses capitalize to offer personalized services. Although users must grant permission before their personal information is shared, they often do so without knowing the consequences of their decision. Based on the EU General Data Protection Regulation, which mandates service providers to comprehensively inform users about the purpose and terms of personal data processing, this article examines how increased transparency regarding personal data processing practices in mobile permission requests impact users in making informed decisions. We conducted an online experiment with 307 participants to test the effect of transparency on users’ decisions about and comprehension of the requested permission. The results indicate increased comprehension of data processing practices when privacy policies are transparently disclosed, whereas acceptance rates do not vary significantly. We condense our findings into principles that service providers can apply to design privacy-transparent mobile apps.

scholarly journals Analysis of the impact of development tools used on the performance of the mobile application

2018 ◽  
Vol 6 ◽  
pp. 68-72
Author(s):  
Paweł Kotarski ◽  
Kacper Śledź ◽  
Jakub Smołka
Keyword(s):  
Mobile Application ◽  
Source Code ◽  
Mobile Systems ◽  
Development Tools ◽  
The Impact

Solutions that allow developers to create application for different mobile systems in which they can share whole source code or large parts of it are becoming more popular. This article compares the performance of Android-based mobile application created with the default and multiplatform tools. Authors on selected examples examine performance in various aspects of the application.

scholarly journals Artificial Intelligence Applications and Impact on Consumers – With a View on Romanian Consumers’ Perceptions and Attitudes Related to AI

2021 ◽  
Vol 66 (2) ◽  
pp. 27-39
Author(s):  
Emanuel Sanda ◽  
Keyword(s):  
Artificial Intelligence ◽  
Personal Data ◽  
Critical Issue ◽  
Jel Classification ◽  
Machine Learning Algorithms ◽  
Smart Devices ◽  
Current Debate ◽  
Daily Lives ◽  
The Future ◽  
The Impact

Artificial Intelligence based technologies are becoming more and more pervasive in people’s lives. Whether it takes the form of machine learning algorithms, Internet of Things smart devices, virtual assistants, chatbots, robots, AR/VR experiences, consumers are faced directly or indirectly, conscientiously or unconscientiously, with a variety of incarnations of what is generically called AI. The current debate surrounding AI seems to focus on a few major aspects related to this next technological breakthrough. Right from the start, there is intense discussion even around the definition of AI: what is and what is not AI, how broad of a definition can be applied, and which of the many current and envisaged applications are actually ‘intelligent’. Then, there is the critical issue of the use of consumers’ personal data and underlying privacy issues, as AI seems to be built and thrive on being fed enormous amounts of data of various kinds. And lastly, there seems to be increasing concern regarding the potential for AI to evolve into AGI (Artificial General Intelligence – independent self-reliant robots) and the threats this poses to humanity. A subject of potentially equal importance could be AI applications and implementations are impacting individuals’ lives and the manner in which people relate to, perceive and assess AI and the underlying current technologies, both in terms of the impact in their daily lives, as well as in terms of expected prospects for the future. This paper looks at the progress made so far in addressing some of the above questions and, by analyzing data from EU’s 2017 Eurobarometer study, attempts to reveal how various Romanian consumer segments perceive and relate to AI and current technologies. It identifies potential emerging inequalities from access, acceptance and usage of these technologies at present and in the future. The paper also sets out future directions for further understanding of the intricate relationship between human consumers and emerging AI tech, both in terms of benefits as well as potential threats. Keywords: Artificial Intelligence, algorithms, consumer behavior, decision making JEL Classification: M30, M31, M39

scholarly journals Reengineering the user: privacy concerns about personal data on smartphones

2015 ◽  
Vol 23 (4) ◽  
pp. 394-405 ◽  
Author(s):  
Matina Tsavli ◽  
Pavlos S. Efraimidis ◽  
Vasilios Katos ◽  
Lilian Mitrou
Keyword(s):  
Operating Systems ◽  
User Study ◽  
Personal Data ◽  
Point Of View ◽  
Smart Devices ◽  
User Privacy ◽  
Privacy And Security ◽  
Content Type ◽  
Privacy Concerns ◽  
The Impact

Purpose – This paper aims to discuss the privacy and security concerns that have risen from the permissions model in the Android operating system, along with two shortcomings that have not been adequately addressed. Design/methodology/approach – The impact of the applications’ evolutionary increment of permission requests from both the user’s and the developer’s point of view is studied, and finally, a series of remedies against the erosion of users’ privacy is proposed. Findings – The results of this work indicate that, even though providing access to personal data of smartphone users is by definition neither problematic nor unlawful, today’s smartphone operating systems do not provide an adequate level of protection for the user’s personal data. However, there are several ideas that can significantly improve the situation and mitigate privacy concerns of users of smart devices. Research limitations/implications – The proposed approach was evaluated through an examination of the Android’s permission model, although issues arise in other operating systems. The authors’ future intention is to conduct a user study to measure the user’s awareness and concepts surrounding privacy concerns to empirically investigate the above-mentioned suggestions. Practical implications – The proposed suggestions in this paper, if adopted in practice, could significantly improve the situation and mitigate privacy concerns of users of smart devices. Social implications – The recommendations proposed in this paper would strongly enhance the control of users over their personal data and improve their ability to distinguish legitimate apps from malware or grayware. Originality/value – This paper emphasises two shortcomings of the permissions models of mobile operating systems which, in authors’ view, have not been adequately addressed to date and propose an inherent way for apps and other entities of the mobile computing ecosystem to commit to responsible and transparent practices on mobile users’ privacy.

scholarly journals The Impact of Application of Android Mobile Application-Based Online Credit as an Effort to Accelerate Credit Disbursement

Academia Open ◽  
2021 ◽  
Vol 4 ◽  
Author(s):  
Mifta Salwa ◽  
Fityan Izzah Noor Abidin
Keyword(s):  
Mobile Application ◽  
Negative Impact ◽  
Positive Impact ◽  
Personal Data ◽  
Secondary Data ◽  
Primary Data ◽  
Related Data ◽  
Negative Impacts ◽  
Time And Energy ◽  
The Impact

This study aims to determine the positive and negative impacts of the application of online credit distribution based on the android mobile application as an effort to accelerate credit disbursement in the Tunaiku application. To obtain the data needed in the study, the researcher tries to obtain related data such as primary data, which is sure that the data obtained by a researcher is directly from the object. In this study, the primary data source came from the results of interviews with the Tunaiku application and the second party who was the debtor of the Tunaiku application. And secondary data, namely data obtained by a researcher indirectly from the object. In this study, the secondary data sources came from literature studies conducted by researchers. And the type of research used in this research is descriptive research with a qualitative approach. And the results of this study are the researchers found a positive impact arising from the application of online credit provision based on the Android mobile application as an effort to accelerate credit disbursement on the Tunaiku application, namely: saving time and energy, not requiring collateral for goods or other valuable documents, can be a solution for debtors who need instant funds and fast disbursement of funds, loan funds can be used for various needs, flexible ceiling amounts and tenors. And the negative impact of the application of online credit application based on the android mobile application as an effort to accelerate credit disbursement on the Tunaiku application, namely: creating a culture of debt, high interest on debt, fishing for the system to dig holes and cover holes, misuse of personal data, family or closest relatives will be disturbed.

Sign in / Sign up

Export Citation Format

Share Document