QUANTITATIVE ASSESSMENT OF OPERATING CHARACTERISTICS OF PERSONAL DATA PROTECTION SYSTEMS IN MEDICAL INFORMATION SYSTEMS

2021 ◽  
pp. 92-102
Author(s):  
Владимир Павлович Гулов ◽  
Виктор Анатольевич Хвостов ◽  
Айжана Михайловна Каднова ◽  
Галина Владимировна Сыч
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Data Protection ◽  
Medical Information ◽  
Personal Data ◽  
Security System ◽  
Medical Information Systems ◽  
Personal Data Protection ◽  
Operational Characteristics ◽  
Protection Systems

На основе анализа практических аспектов защиты персональных данных при автоматизированной обработке в организациях здравоохранения определен круг проблем, касающихся потребительского качества систем защиты информации. Одной из главных проблем защиты персональных данных в медицинских информационных системах является обеспечение своевременной настройки систем защиты информации администратором в соответствии с установленной политикой в организации. При этом ключевой проблемой является формирование условий работы администратора обеспечивающих стопроцентную гарантию реакции администратора на поступление заявок по настройке систем защиты информации, управлению пользователями, правами доступа, парированию угроз различной природы. В условиях отсутствия в настоящее время методических подходов к оценке временных (вероятностных) параметров деятельности администратора безопасности медицинских информационных систем, известных как операционные характеристики систем защиты информации, обеспечить стопроцентное соответствие настроек систем защиты информации текущей политике проблематично. В статье предложен вероятностный показатель для оценки операционных характеристик систем защиты информации. Разработана методика его оценки на основе эксперимента по фиксации движения курсора мыши при выполнении основных действий администратором и распределения его внимания (тепловой карты) по элементам интерфейса системы защиты информации. Представлены результаты оценок операционных характеристик системы защиты информации «Страж NT 3.0», выполненные с использованием предложенной экспериментальной методики Based on the analysis of the practical aspects of personal data protection (PD) during automated processing in healthcare organizations, a range of problems related to the consumer quality of information protection systems (ISS) has been identified. One of the main problems of PD protection in medical information systems (MIS) is to ensure the timely configuration of the information security system by the administrator in accordance with the established policy in the organization. At the same time, the key problem is the formation of the administrator's working conditions that provide one hundred percent guarantee of the administrator's reaction to the receipt of requests for setting up the information security system, managing users, access rights, and countering threats of various nature. In the absence of methodological approaches to assessing the temporal (probabilistic) parameters of the MIS security administrator's activities, known as the operational characteristics of the ISS, it is problematic to ensure that the ISS settings are 100% consistent with the current policy. The article proposes a probabilistic indicator for assessing the operational characteristics of the information security system. A methodology for its assessment was developed on the basis of an experiment on fixing the movement of the mouse cursor when performing basic actions by the administrator and distributing his attention (heat map) among the elements of the information security interface. The results of evaluations of the operational characteristics of the SZI "Ctrazh NT 3.0" carried out using the proposed experimental method are presented

PROTECTION OF BIOMETRIC PERSONAL DATA IN MEDICAL INFORMATION SYSTEMS

2020 ◽  
Author(s):  
A Lozhkova
Keyword(s):  
Information Systems ◽  
Data Protection ◽  
Software Package ◽  
Medical Information ◽  
Personal Data ◽  
Legal Framework ◽  
Comprehensive Approach ◽  
Medical Information Systems ◽  
Personal Data Protection

The article discusses the development of personal data protection. Changes in the legal framework for the protection of personal data in healthcare institutions are analyzed. The necessity of applying a comprehensive approach to the issue of personal data protection is identified and justified, and a software package is proposed that will prevent the leakage of personal data.

scholarly journals Development of a Method for Conducting an Audit of the Information Security System

2021 ◽  
pp. 18-27
Author(s):  
Pavel Zaporotskov ◽  
Keyword(s):  
Information Security ◽  
Data Protection ◽  
Personal Data ◽  
Information Resources ◽  
Security System ◽  
Security Audit ◽  
Personal Data Protection ◽  
State Security ◽  
Information Processes ◽  
Innovative Model

Information processes, as well as information resources, manage information of varying degrees of importance for the enterprise. In this regard, the protection of such information is one of the most important procedures in the field of state security, the importance of which is growing every year. The problem of information security – the reliable provision of its safety and the established status of use – is one of the most important problems of our time. The paper considers the existing standards in the field of information security audit. The author has developed an innovative model of audit of the information security system based on the comparison of demand measures of order no. 21 of the FSTEC of Russia and ways of implementation in the subsystem of the information system of personal data protection, the recommendations for inspections of specific measures of protection and used technology audit technical means. The developed method is tested on the example of conducting an audit in “Lama” LLC company. The choice was made to establish the compliance of the organization’s personal data protection system with the requirements of order no. 21 of the FSTEC of Russia. Recommendations have been developed to eliminate the existing shortcomings and inconsistencies by re-equipping the anti-virus protection subsystem and the subsystem of inter-network shielding and protection of communication channels.

METHODS OF ENSURING THE SECURITY OF PERSONAL DATA IN MEDICAL INFORMATION SYSTEMS USING MOBILE TECHNOLOGIES

2020 ◽  
pp. 132-140
Author(s):  
Владимир Павлович Гулов ◽  
Виктор Анатольевич Хвостов ◽  
Алексей Васильевич Скрыпников ◽  
Владимир Петрович Косолапов ◽  
Галина Владимировна Сыч
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Mobile Devices ◽  
Medical Information ◽  
Personal Data ◽  
Mobile Systems ◽  
Mobile Technologies ◽  
Smart Devices ◽  
Medical Information Systems ◽  
Mobile Access

Проведен анализ использования мобильных технологий при обработке персональных данных в медицинских информационных системах. Мобильные технологии как объект обеспечения информационной безопасности характеризуются рядом критических уязвимостей, связанных с недостатками реализации мобильных устройств (смартфонов, планшетов, смарт устройств, различных периферийных устройств смартфонов и т.п.), технологий предоставления доступа к интернету для мобильных систем (используемые в сетях сотовой связи, беспроводного доступа) и серверной части медицинских информационных систем. В связи с обработкой в медицинских информационных системах с мобильными устройствами персональных данных специальной категории защита от угроз безопасности информации требует особого внимания и определена на законодательном уровне. В руководящих документах регуляторов обработки персональных данных России вопросы защиты информации при использовании мобильных технологий не рассматриваются в связи с новизной проблемы. В этой связи проблема обеспечения безопасности персональных данных в медицинских информационных системах с применением мобильных технологий является актуальной. В статье рассматриваются принципы построения мобильных приложений, используемых для работы с медицинскими информационными системами, и их серверных частей. На основе анализа актуальной модели угроз безопасности информации мобильных технологий и средств защиты информации, применяемых при использовании мобильных систем, предлагается система защиты для медицинских информационных систем, использующих мобильный доступ The analysis of the use of mobile technologies in the processing of personal data (PD) in medical information systems (MIS). Mobile technologies as an object of information security are characterized by a number of critical vulnerabilities associated with the implementation flaws of mobile devices (smartphones, tablets, smart devices, various peripheral devices of smartphones, etc.), technologies for providing Internet access for mobile systems (used in cellular networks, wireless access) and the server part of the MIS. In connection with the processing of personal data of a special category in MIS with mobile devices, protection against BI threats requires special attention and is defined at the legislative level. In the guidance documents of the regulators of the processing of personal data in Russia, the issues of information protection when using mobile technologies are not considered due to the novelty of the problem. In this regard, the problem of ensuring the security of PD in MIS using mobile technologies is urgent. The article discusses the principles of building mobile applications used to work with MIS and their server parts. Based on the analysis of the current threat model of information security mobile technologies and information security tools used when using mobile systems, a protection system for MIS using mobile access is proposed

scholarly journals Personal data protection as an element of management security of information

2019 ◽  
Vol 2 (1) ◽  
pp. 515-522
Author(s):  
Justyna Żywiołek
Keyword(s):  
Information Security ◽  
Data Protection ◽  
Security Management ◽  
Personal Data ◽  
Systemic Approach ◽  
Information Security Management ◽  
Personal Data Protection ◽  
Standards Of Conduct

Abstract The article highlights the importance of information and the need to manage its security. The importance of information requires a systemic approach, which is why the standards of conduct for managing information security have been approximated. The results of research on information security management in the field of personal data protection have been presented. The research was carried out on a sample of 110 enterprises. The survey was extended to include an analysis of one of the companies subject to the survey. In the following, the case study regarding the production enterprise was also presented.

A Scheme for Usage Integrity

1987 ◽  
Vol 26 (02) ◽  
pp. 69-72
Author(s):  
D. Fenna
Keyword(s):  
Information Systems ◽  
Data Protection ◽  
Medical Information ◽  
Medical Information Systems ◽  
University Of Alberta ◽  
Program Integrity ◽  
The Subject ◽  
Data Program ◽  
The University

SummaryThe need for assured integrity and confidentiality in medical information systems has long been recognized and has been the subject of major international working conferences [4, 5]. Beyond the purely physical, the field of data protection is commonly recognized as being divided into data/program integrity and usage integrity. This paper addresses the latter, describing a sophisticated scheme developed at the University of Alberta and progressively implemented at several associated hospitals. The IFIP-IMIA WG4 conference of 1982 reported in its conclusions “a need for well defined and accurately described cases that can be used as a reference”; this paper offers one such case.

Sign in / Sign up

Export Citation Format

Share Document