| 1. |
- Åhlfeldt, Rose-Mharie
(författare)
-
Information Security in Home Healthcare : A Case Study
- 2002
-
Ingår i: Conference Proceedings of AiCE2002, Sydney, September 30th, 2002: Third Australian Institute of Computer Ethics Conference. - Geelong : School of Information Technology, Deakin University. - 0730025608 ; , s. 6-15
-
Konferensbidrag (refereegranskat)
|
|
| 2. |
- Åhlfeldt, Rose-Mharie, et al.
(författare)
-
Information Security in Electronic Medical Records : A case study with the user in focus
- 2004
-
Ingår i: 2004 Information Resources Management Association International Conference. - Hershey, PA : Idea Group Publishing. - 1591402611 ; , s. 345-347
-
Konferensbidrag (refereegranskat)abstract
- Healthcare manages a large amount of information. which represented in different forms is a necessity for the healthcare work. Furthermore, security is air obvious requirement for almost everything one does in healthcare. Information are available quicker and easier by means of modern information technology (IT) but IT also entails new demands on information security awareness. It is obvious, from different sources and earlier work in this area, that user behavior is one of the most important reasons for present shortcomings in information security. This paper reports on experiences from a case study at a hospital in southwestern Sweden. The aim with the work was to determine how users, using electronic medical records (EMR), are affected by the requirements of information security, how they affect the information security, and how they obey the recommendations and common advice for processing of personal data compiled by the Swedish Data Inspection Board. The result from this work shows that users are indeed affected by, and affect the requirements of information security. This is due to, above all, insufficient knowledge about information security, but also because security policies and routines in the organization (ire inadequate. Consequently, users are still a critical factor when information security measures are applied in healthcare.
|
|
| 3. |
|
|
| 4. |
- Yngström, Louise
(författare)
-
An holistic approach to an international doctoral program
- 2004
-
Ingår i: Information security management, education and privacy. - Boston, MA : Springer-Verlag New York. - 1402081448 - 9781402081446 ; , s. 117-132
-
Konferensbidrag (refereegranskat)abstract
- The paper discusses forms and structures for an international doctoral program with specialization in information security and information assurance based on an analysis of international educational efforts in the area 1995-2003. The presentation underlines the need for holistic approaches to the IT security area and presents, as an example, the Systemic-Holistic Approach, SHA.
|
|
| 5. |
- Brandt, Patrik, et al.
(författare)
-
System thinking on Risk Analysis
- 2004
-
Ingår i: SABI 2004: Business Systems -- Environmental Contexts.
-
Konferensbidrag (refereegranskat)abstract
- The word risk originates from the Italian word risicare which means to dare and from this point of view, risk is more of a choice than a fate. Risk is about the actions that we dare to take and these in turn depend on the freedom we have to make choices (Bernstein, 1998). It can also be defined as the possibility of harm or loss to any resource within an information system, which accentuate the importance of identifying the organisation's assets (Ramachandran, 2002).The obvious fact that information is one of the most important asset within a company, results in that it is necessary to try to predict the risks that exists against these and consequently also against the organisation's goals and visions. It is impossible to identify all potential risks but a very good tool for identifying as many as possible and then assigning them appropriate protective measures, is the risk analysis.Since many significant security processes are built upon risk analysis and also security planning, it is necessary that the analysis is accomplished in an accurate way. This meaning that factors in the inner and outer surrounding environment that could affect the final result also must be taken into consideration, e.g. different communication channels. Thus, a holistic perspective is necessary when performing a risk analysis but also when working with security issues in general.Today, security solutions are often focused on technology and not on the system as a whole (Schneier, 2000) and considering that development and use of technology has lead us to think in terms of systems, we mean that this should hold for the information security area as well. Also the fact that the concept of wholeness is very important in information security and that general system theory is a general science of wholeness (v. Bertalanffy, 1969), makes us wonder: what could be more suitable to apply on security issues?For that reason, we present some ideas for a modified risk analysis method in this paper, based upon an existing risk analysis used by the case study object The Corporation of Swedish Pharmacies, Apoteket AB. They has recently added two customer care centres to its organisation and as a result of this, also a number of communication channels that are integrated with different information sources that contains classified information, e.g. personal particulars. The ideas of a modified risk analysis could be used by customer care centre organisations using several communication channels. These ideas are influenced by general systems theory that has been combined with a method used to analyse information flows in organisations. We have studied the company's existing risk analysis method and in combination with qualitative data, e.g. interviews, we have some suggestions of a risk analysis that emphasises the holistic perspective and the relations between the different entities in the overall information system.The suggested ideas will be reviewed together with the department of IT-security at Apoteket AB and after that tested within the organisation. It is noticeable that like all work with information security, the suggested method is a cyclic process that constantly develops and undergoes changes in relation to its dynamic context. Results and feedback from this implementation will be presented in forthcoming papers during 2004.
|
|
| 6. |
- Frisinger, Ann
(författare)
-
A generic security evaluation method for open distributed systems
- 2001
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Security is an important attribute of any informationsystem. Whether your business is small or large you have to beable to set the desired security levels for your system. Anon-decided or non-fulfilled security level target can easilyend up in unplanned costs. With a target set for the securitylevel it is possible to control how much to invest in securityand to forecast the costs for security incidents. The systemowners have a job in deciding and implementing the degree ofsecurity needed. Before they can make any decisions, they needto be provided with the best available facts about risks,costs, etc., to base their decisions on. That can be achievedby performing a security evaluation with risk analysis. As theuse of global networking grows and information systems changecharacteristics, become open, distributed, mobile and integratecommunication, computing, and media technology, there is a needfor security evaluation methods that can handle the newenvironment with new actors, new rules, shorter systemdevelopment and life times, and also new ways of using thesystems. Current risk analysis methods are inadequate becausethey are not focusing the emergent character of an opendistributed system environment where the system is also often,at least partly, in a virtual stage, and methods are criticizedfor being not precise, not updated, complicated, resourceintensive, harmful, misleading, tedious, subjective,inconsistent, etc. We will in this thesis propose a genericmethod for performing security evaluations in open distributedsystems. Although generic, it will also be possible to use themethod for various specific environments. The method may beapplied to real as well as to virtual systems, i.e. systemsthat are premature or in an early development stage. It willconsider security issues in open distributed systems, andevaluates what can happen when all components start to interactand when all sorts of users exploit the system. The explosivegrowth in global networking provides an attractive environmentfor criminals to operate in. This aspect is also considered.The method copes practically with security by adopting asystemic-holistic approach. It handles the multidimensionalattribute of open distributed environments where also limitedcontrol and vague and numerically imprecise information is afact to live with. The method acknowledges the emergence ofsystems and environments by introducing a repetitiveness withan adjusting capability both for the system as well as for themethod itself. The forecasts balance a subjective and objectiveview by introducing the concept of X-ify. X-ifying is the wayof mating together the best available experiencewith dataappropriate for the target system. The customizing data can bean assessment of asset attractiveness, actor capabilities,system and media vulnerabilities, and business values. In thisway it is possible to compensate for errors and disbelief inestimates, non-existing or outdated experience numbers.Qualitative measures are used to fill in the blanks whenquantitative measures are lacking, or opposite quantitativeevidence can assist building trust and robustness intoqualitative results.
|
|
| 7. |
|
|
| 8. |
|
|
| 9. |
- Lindkvist, Tina
(författare)
-
Characteristics of some binary codes for fingerprinting
- 2000
-
Ingår i: Information Security. - Berlin, Heidelberg : Springer Berlin/Heidelberg. - 3540414169 - 9783540414162 - 9783540444565 ; , s. 97-107
-
Bokkapitel (refereegranskat)abstract
- A digital fingerprint is a unique pattern embedded in a digital document to be able to identify a specific copy when it is used illegally. We have looked at two specific code structures for fingerprinting purpose. Binary linear codes, often used as error correcting codes, and what we call a binary sorted code.
|
|
| 10. |
- Brandt, Patrik, et al.
(författare)
-
Informatisk forskning om riskanalysprocess applicerad på Apoteket AB:s kundcenterverksamhet
- 2004
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- English summary This licentiate paper describes a study of how the introduction of Customer Care Centres into The Corporation of Swedish Pharmacies affects its work on risk analysis. The two Customer Care Centres in operation today function as central nodes to which calls are connected that before were usually answered by one of the country’s 900 pharmacies. In addition the Customer Care Centres can offer extra channels of communication such as fax, e-mail and the Internet via The Corporation of Swedish Pharmacies’ home page, to increase access for customers and other interested parties as well as to meet the demand for different ways of obtaining information in today’s information age. The integration with The Corporation of Swedish Pharmacies’ other systems offers a rapid answering service and allows customers to accomplish the greater part of their errands themselves. What is easily overlooked, however, is how information security is affected by the introduction of Customer Care Centres and the accompanying integration and especially the dangers and risks that threaten the organisation and indirectly even the customers. A valuable tool that is used in information security, to try to foresee as well as to narrow down as many of the threats as possible, is risk analysis. Today one has begun to see an increased awareness in the general public of the risks and threats related to, amongst other things, the Internet regarding its use by both individuals and commercial and other organisations. As a result firms and organisations have realized the importance of pursuing an active security policy in order to provide an appropriate level of security. It is very important that customers have the same confidence in the firm’s or organisation’s trademark as before, irrespective of organisational or technological changes that have taken place internally. An important part of the process to achieve this, is risk analysis and the results it produces. In this study we have drawn attention to the need of adapting the risk analysis, used in the organisation, to the new Customer Care Centres. This need is great, especially since the communication channels are of different kinds. This results in their respective threats being different. Therefore this broad spectrum of threats must be highlighted in risk analysis and the work with it. Developments in the surrounding environment should also be reflected in risk analysis which accordingly needs to be dynamic. In this study we have attached great importance to the placing of risk analysis in a holistic context.
|
|
