A participational security method for healthcare organisations

The use of participational approaches in system design have been debated for a number of years. Within this paper we describe a method that was used to effectively design information systems and implement information security countermeasures within a health care environment. The paper shows how it was used in a number of different environments.<br /

HI-Risk: a socio-technical method for the identification and monitoring of healthcare information security risks in the information society

This thesis describes the development of the HI-risk method to assess socio-technical information security risks. The method is based on the concept that related organisations experience similar risks and could benefit from sharing knowledge in order to take effective security measures. The aim of the method is to predict future risks by combining knowledge of past information security incidents with forecasts made by experts. HI-risks articulates the view that information security risk analysis should include human, environmental, and societal factors, and that collaboration amongst disciplines, organisations and experts is essential to improve security risk intelligence in today’s information society. The HI-risk method provides the opportunity for participating organisations to register their incidents centrally. From this register, an analysis of the incident scenarios leads to the visualisation of the most frequent scenario trees. These scenarios are presented to experts in the field. The experts express their opinions about the expected frequency of occurrence for the future. Their expectation is based on their experience, their knowledge of existing countermeasures, and their insight into new potential threats. The combination of incident and expert knowledge forms a risk map. The map is the main deliverable of the HI-risk method, and organisations could use it to monitor their information security risks. The HI-risk method was designed by following the rigorous process of design science research. The empirical methods used included qualitative and quantitative techniques, such as an analysis of historical security incident data from healthcare organisations, expert elicitation through a Delphi study, and a successful test of the risk forecast in a case organisation. The research focused on healthcare, but has potential to be further developed as a knowledge-based system or expert system, applicable to any industry. That system could be used as a tool for management to benchmark themselves against other organisations, to make security investment decisions, to learn from past incidents and to provide input for policy makers

HI-Risk: a socio-technical method for the identification and monitoring of healthcare information security risks in the information society

This thesis describes the development of the HI-risk method to assess socio-technical information security risks. The method is based on the concept that related organisations experience similar risks and could benefit from sharing knowledge in order to take effective security measures. The aim of the method is to predict future risks by combining knowledge of past information security incidents with forecasts made by experts. HI-risks articulates the view that information security risk analysis should include human, environmental, and societal factors, and that collaboration amongst disciplines, organisations and experts is essential to improve security risk intelligence in today’s information society. The HI-risk method provides the opportunity for participating organisations to register their incidents centrally. From this register, an analysis of the incident scenarios leads to the visualisation of the most frequent scenario trees. These scenarios are presented to experts in the field. The experts express their opinions about the expected frequency of occurrence for the future. Their expectation is based on their experience, their knowledge of existing countermeasures, and their insight into new potential threats. The combination of incident and expert knowledge forms a risk map. The map is the main deliverable of the HI-risk method, and organisations could use it to monitor their information security risks. The HI-risk method was designed by following the rigorous process of design science research. The empirical methods used included qualitative and quantitative techniques, such as an analysis of historical security incident data from healthcare organisations, expert elicitation through a Delphi study, and a successful test of the risk forecast in a case organisation. The research focused on healthcare, but has potential to be further developed as a knowledge-based system or expert system, applicable to any industry. That system could be used as a tool for management to benchmark themselves against other organisations, to make security investment decisions, to learn from past incidents and to provide input for policy makers

Blockchain Technologies in Healthcare System for Real Time Applications Using IoT and Deep Learning Techniques

Data transparency, flexible access, immutability, privacy, audit, traceability, data provenance, trust, and security are fundamental issues for modern healthcare data management systems. As a promising new technology, blockchain has the potential to enhance healthcare data management functions by boosting data efficiency and guaranteeing trust. The present research looked into the benefits of blockchain technology in healthcare and the challenges that have prevented its widespread implementation so far. Healthcare organisations around the world are using a variety of methods to modernise into more effective, coordinated and user-cantered structures. There is an increase in both human effort and security risks when dealing with massive amounts of data, such as reports and images for each individual. Internet of Things (IoT) solutions in healthcare aim to address these problems by enhancing patient care while reducing costs through more effective use of healthcare resources. However, many different types of intrusion can pose serious risks to IoT devices. In some cases, doctors will insist that their patients use only certain labs or pharmacies, regardless of the quality of the services they provide, simply to increase the doctor's bottom line. Because of this, protecting data is essential when discussing the Internet of Things. To solve these problems, Blockchain technology has emerged as the most reliable method for protecting the privacy of control systems in real time. In this paper, we will introduce a CNN-based healthcare data security framework using the blockchain technique by generating the hash of each data point, which will alert all users of the blockchain network to any unauthorised changes to data or breaches in the supply of medicines

Published incidents and their proportions of human error

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Purpose - The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error. Methodology - This paper analyses recent published incidents and breaches to establish the proportions of human error, and where possible subsequently utilises the HEART human reliability analysis technique, which is established within the safety field. Findings - This analysis provides an understanding of the proportions of incidents and breaches that relate to human error as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field. Originality - This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches in order to understand the proportions that relate to human erro

The NPFIT strategy for information security of care record service

The National Programme for IT in England doesn’t have a one-document strategy for its information security of the Care Records Service, which is the national EHR system. This paper provides a comprehensive understanding of the information security strategy of England’s EHR system by presenting its different information security issues such as consent mechanisms, access control, sharing level, and related legal and regulations documents

Security oriented e-infrastructures supporting neurological research and clinical trials

The neurological and wider clinical domains stand to gain greatly from the vision of the grid in providing seamless yet secure access to distributed, heterogeneous computational resources and data sets. Whilst a wealth of clinical data exists within local, regional and national healthcare boundaries, access to and usage of these data sets demands that fine grained security is supported and subsequently enforced. This paper explores the security challenges of the e-health domain, focusing in particular on authorization. The context of these explorations is the MRC funded VOTES (Virtual Organisations for Trials and Epidemiological Studies) and the JISC funded GLASS (Glasgow early adoption of Shibboleth project) which are developing Grid infrastructures for clinical trials with case studies in the brain trauma domain

The Social Dimension in Selected Candidate Countries in the Balkans: Country Report on Croatia. ENEPRI Research Reports No. 39, 14 December 2007

The European Commission awarded a contract in November 2005 to a consortium composed of t TARKI (Social Research Institute in Hungary), CASE (Center for Social and Economic Research in Poland) and CEPS to analyse the socio-economic developments and the process of structural reforms in what were then four candidate countries: Bulgaria, Croatia, Romania and Turkey. The objective was to identify the major challenges in the current demographic, social and economic context that could be considered relevant in determining the capacity of these countries to function in the European Union. This study presents the findings for Croatia and consists of an analytical section and a statistical annex. The other country reports and synthesis report are published separately in this same series

Between War and Peace: Humanitarian Assistance in Violent Urban Settings

Cities are fast becoming new territories of violence. The humanitarian consequences of many criminally violent urban settings are comparable to those of more traditional wars, yet despite the intensity of the needs, humanitarian aid to such settings is limited. The way in which humanitarian needs are typically defined, fails to address the problems of these contexts, the suffering they produce and the populations affected. Distinctions between formal armed conflicts, regulated by international humanitarian law, and other violent settings, as well as those between emergency and developmental assistance, can lead to the neglect of populations in distress. It can take a lot of time and effort to access vulnerable communities and implement programmes in urban settings, but experience shows that it is possible to provide humanitarian assistance with a significant focus on the direct and indirect health consequences of violence outside a traditional conflict setting. This paper considers the situation of Port-au-Prince (Haiti), Rio de Janeiro (Brazil) and Guatemala City (Guatemala)