The Design Blueprint for a Large-Scale Telehealth Platform

Technological innovation plays a crucial role in digital healthcare services. A growing number of telehealth platforms are concentrating on using digital tools to improve the quality and availability of care. Virtual care solutions employ not only advanced telehealth technology but also a comprehensive range of healthcare services. As a result, these can reduce patient healthcare costs as well as increase accessibility and convenience. At the same time, the healthcare service provider can leverage healthcare professionals to get a better perspective into the needs of their patients. The objective of this research is to provide a comprehensive design blueprint for a large-scale telehealth platform. Telehealth is the digital healthcare service combining online services and offline access for healthcare facilities to offer various healthcare services directly to patients. This design blueprint covers the digital healthcare ecosystem, new patient journey design for digital health services, telehealth functionality design, and an outline of the platform infrastructure and security design. Ultimately, telehealth platforms establish a completed digital healthcare service and new ecosystem that provides better care for every patient worldwide.

Perancangan Spesifikasi Keamanan untuk Pengembangan Aplikasi Secure Chat Berdasarkan Common Criteria For It Security Evaluation

<p class="Abstrak">Spesifikasi keamanan sangat penting bagi pengembangan aplikasi <em>chatting</em> karena dapat menentukan tingkat keamanan aplikasi yang tentunya akan berdampak pada kepercayaan pengguna. Namun, pengembangan fitur keamanan pada aplikasi yang beredar belum semua didasarkan pada suatu spesifikasi kebutuhan keamanan yang jelas. Misanya, aplikasi Mxit dan QQ Mobile tidak memenuhi satu pun dari tujuh kategori keamanan untuk <em>secure chat</em> yang dikeluarkan oleh Electronic Frontiers Foundtaion (EFF). Bahkan, Yahoo! Messenger belum menerapkan disain keamanan yang baik, misalnya kita tidak dapat memverifikasi identitas kontak kita. Selain itu, Yahoo! Messenger tidak menerapkan <em>perfect forward secrecy</em>. Artinya, fitur keamanan pada beberapa aplikasi<em> chat</em> dikembangkan tidak berdasarkan pada rancangan spesifikasi keamanan. Pada penelitian ini, dilakukan perancangan spesifikasi keamanan untuk pengembangan aplikasi <em>secure chat</em> dengan mengacu pada <em>Common Criteria for IT Security Evaluation Version 3.1:2017</em>. Pada hasil rancangan tersebut, telah ditentukan 28 famili dari 7 kelas <em>Secure Functional Requirement</em> (SFR) yang harus dipenuhi dalam pengembangan aplikasi secure chat. Hasil rancangan telah divalidasi dengan metode <em>expert judgment</em>.</p><p class="Abstrak"><em><strong>Abstract</strong></em></p><p class="Abstrak"><em>Security specifications are very important for chat application development because they can determine the level of its security which, of course, will have an impact on user trust. However, the development of outstanding application security features is not all based on a clear security requirement specification. For example, the Mxit and QQ Mobile applications do not meet any of the seven security categories for secure chat issued by the Electronic Frontier Foundation (EFF). In fact, Yahoo! Messenger has not implemented a good security design, for example, we cannot verify the identity of our contacts and do not apply perfect forward secrecy. This means that security features in some chat applications are developed not based on security specification designs. In this study, the design of security specifications for secure chat application development was carried out by referring to the Common Criteria for IT Security Evaluation Version 3.1: 2017. In the design results, 28 families of 7 classes of Secure Functional Requirements (SFR) have been determined that must be met in the development of secure chat applications. The design result has been validated using expert judgment method.</em></p>

Realization And Network Security Design of Information System Digitization of Scientific Project By JAVA+STRUTS

At present, the technical plan project appraised the management systematic characteristic, continuous, the independent not strong third party appraised carries out the advancement to be slow; The project may supervise the measure not strong not to have the explicit monitor target and the baseline data; Has not established a set to conform to the technical project characteristic and the project monitor appraisal system which matches with the science and technology project management. In view of above question, uses JAVA and the STRUTS method of exploitation realization easy to maintain, the easy dynamic expansion, to have the secure technical plan project appraisal management process. Through in the recent three years in the Gansu Province science and technology plan project appraised in the management the application indicated, the system enormous enhancement project appraisal management working efficiency, the system movement has been stable, the speed of response is quick, the security is high.

A hybrid threat model for system-centric and attack-centric for effective security design in SDLC

Threat modeling is an essential activity in the security development lifecycle. To provide security at the design phase of software development, Microsoft introduced threat modeling stride to identify the vulnerabilities and attacks of application. An efficient solution is necessary to deal with these issues in the software development life cycle. In this context, the paper focused on the analysis of threats and attack tree techniques that are traditionally available and frequently used. Automated Threat modeling enables to simulate attacks and visualized the existing vulnerabilities and misconfiguration. A hybrid model is proposed based on system-centric and attacker-centric to identify the threats in the software application during the software design phase. This model is built by STRIDE by defining security architecture and then analyzed the risks regarding its security characteristics and applied to its real application system. Our model is applied in a case study of the health center management system and shows a better result is identifying the threats and severity in the design phase. And also attack tree defines the stages of threats to understand the severity.