| 1. |
- Åhlfeldt, Rose-Mharie
(författare)
-
Information Security in Distributed Healthcare : Exploring the Needs for Achieving Patient Safety and Patient Privacy
- 2008
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.This thesis is focused on information security in healthcare when patient information has to be managed and communicated between various healthcare actors and organizations. The work takes a practical approach with a set of investigations from different perspectives and with different professionals involved. Problems and needs have been identified, and a set of guidelines and recommendations has been suggested and developed in order to improve patient safety as well as patient privacy.The results show that a comprehensive view of the entire area concerning patient information management between different healthcare actors is missing. Healthcare, as well as patient processes, have to be analyzed in order to gather knowledge needed for secure patient information management.Furthermore, the results clearly show that there are deficiencies both at the technical and the administrative level of security in all investigated healthcare organizations.The main contribution areas are: an increased understanding of information security by elaborating on the administrative part of information security, the identification of information security problems and needs in cross border healthcare, and a set of guidelines and recommendations in order to advance information security measures in healthcare.
|
|
| 2. |
|
|
| 3. |
- Nohlberg, Marcus, et al.
(författare)
-
A Conceptual Model of Social Engineering
- 2011
-
Ingår i: Journal of Information System Security. - Washington DC : The Information Institute. - 1551-0123 .- 1551-0808. ; 7:2, s. 3-13
-
Tidskriftsartikel (refereegranskat)abstract
- Social engineering is a term used for techniques to trick, or con, users into giving out information to someone that should not have it. In this paper we discuss and model various notions related to social engineering. By using a broad, cross disciplinary approach, we present a conceptual model of the different kinds of social engineering attacks, and their preparation, the victim and the perpetrator, as well as the cultural aspects. By using this approach a better general understanding of social engineering can be reached. The model is also a good tool for teaching about and protecting against social engineering attacks.
|
|
| 4. |
- Perjons, Erik A, et al.
(författare)
-
Introducing a process manager in healthcare : An experience report
- 2005
-
Ingår i: Health Informatics Journal. - : SAGE Publications. - 1460-4582 .- 1741-2811. ; 11:1, s. 45-61
-
Tidskriftsartikel (refereegranskat)abstract
- To be efficient and patient focused, healthcare units need to be process oriented and integrated with the processes and IT systems of other healthcare units. A process manager facilitates integration of different systems by using graphical and executable process models. The process manager also communicates directly with healthcare personnel via desktop computers and mobile devices. This article reports on a Swedish project where a prototype system was developed and tested with several healthcare units. The experience shows several advantages and opportunities. For example, current information about patients can be transferred automatically between healthcare units; resource intensive manual tasks can be replaced with automated tasks; and long-term process monitoring and quality assessment can be enabled. However, introducing a process manager requires attention to issues of security, ethics and legality. Healthcare units may also show differences in security awareness and IT maturity, which could obstruct the introduction of a process manager.
|
|
| 5. |
- Åhlfeldt, Rose-Mharie, et al.
(författare)
-
Security Issues in Health Care Process Integration : a Research-in-Progress Report
- 2005
-
Ingår i: EMOI - INTEROP'05 Enterprise Modelling and Ontologies for Interoperability. - : CEUR.
-
Konferensbidrag (refereegranskat)abstract
- The aim of this paper is to summarize our research and describe our current position in the areas of health care process integration and information security. Security is one of the important non functional aspect of interoperability within the INTEROP NoE. The paper will briefly introduce our work and some findings concerning security issues in process integration within the health care sector.
|
|
| 6. |
- Nohlberg, Marcus
(författare)
-
Securing Information Assets : Understanding, Measuring and Protecting against Social Engineering Attacks
- 2008
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Social engineering denotes, within the realm of security, a type of attack against the human element during which the assailant induces the victim to release information or perform actions they should not. Our research on social engineering is divided into three areas: understanding, measuring and protecting. Understanding deals with finding out more about what social engineering is, and how it works. This is achieved through the study of previous work in information security as well as other relevant research areas. The measuring area is about trying to find methods and approaches that put numbers on an organization’s vulnerability to social engineering attacks. Protecting covers the ways an organization can use to try to prevent attacks. A common approach is to educate the users on typical attacks, assailants, and their manipulative techniques. In many cases there are no preventive techniques, dealing with the human element of security, in place.The results show that social engineering is a technique with a high probability of success. Furthermore, defense strategies against it are complicated, and susceptibility to it is difficult to measure. Important contributions are a model describing social engineering attacks and defenses, referred to as the Cycle of Deception, together with a thorough discussion on why and how social engineering works. We also propose new ways of conducting social engineering penetration testing and outline a set of recommendations for protection. It is crucial to involve managers more, but also to train the users with practical exercises instead of theoretical education, for example, by combining measuring exercises and penetration testing with training. We also discuss the future threat of Automated Social Engineering, in which software with a simple form of artificial intelligence can be used to act as humans using social engineering techniques online, making it quite hard for Internet users to trust anyone they communicate with online.
|
|
