A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure

Insider attacks are becoming increasingly detrimental and frequent, affecting critical infrastructure at a massive scale. Recent attacks such as the UK National Health Service (NHS) WannaCry ransomware attack which partly depends on internal users for initial infection highlight the increasing role of the malicious insiders in cyber attack campaigns . The objective of this research is to ascertain the existing technological capability to mitigate insider threats within computer security systems by way of a mixed-method systematic review. Evidence was acquired from major sources of mainstream and grey literature by analysing about 300, 000 papers. Crude aggregated results were analysed across the literature, the results were TPR 0.75, FPR 0.32, σ 0.24 and 0.36 respectively, σ 2 0.06 and 0.13 respectively. In totality, the literature evidence suggests that there is high heterogeneity across crude data indicating that the effectiveness of security measures varies significantly. No solution is able to totally mitigate an insider threat. Themes when set against that data suggest that most, if not all, security measures require breaches to occur before an analysis of malicious activity can prevent it in future through recall. Such a reactive approach is not effective to protect our critical infrastructure including our healthcare systems. Consequently, there is a major theoretical shortfall in current cyber defence architecture

Data-Driven and Artificial Intelligence (AI) Approach for Modelling and Analyzing Healthcare Security Practice: A Systematic Review

Data breaches in healthcare continue to grow exponentially, calling for a rethinking into better approaches of security measures towards mitigating the menace. Traditional approaches including technological measures, have significantly contributed to mitigating data breaches but what is still lacking is the development of the “human firewall,” which is the conscious care security practices of the insiders. As a result, the healthcare security practice analysis, modeling and incentivization project (HSPAMI) is geared towards analyzing healthcare staffs’ security practices in various scenarios including big data. The intention is to determine the gap between staffs’ security practices and required security practices for incentivization measures. To address the state-of-the art, a systematic review was conducted to pinpoint appropriate AI methods and data sources that can be used for effective studies. Out of about 130 articles, which were initially identified in the context of human-generated healthcare data for security measures in healthcare, 15 articles were found to meet the inclusion and exclusion criteria. A thorough assessment and analysis of the included article reveals that, KNN, Bayesian Network and Decision Trees (C4.5) algorithms were mostly applied on Electronic Health Records (EHR) Logs and Network logs with varying input features of healthcare staffs’ security practices. What was found challenging is the performance scores of these algorithms which were not sufficiently outlined in the existing studies

Security aspects in healthcare information systems: A systematic mapping

The security of patient’s data is the most overbearing barrier to access when considering the adoption of Healthcare Information Systems (HIS) in the healthcare industry. Recently, several studies were conducted to address security risks, and a series of solutions were proposed to enable data and privacy protection. In this paper we conduct the systematic mapping review to know more about security aspects in HIS. Our study provides a comprehensive review of the literature on the evaluation and implementation of HIS security, detailing the challenges and recommendations for implementers and adopters alike. The purpose of this paper is to analyse the security perspective and some of the important concerns that need to be considered to successfully use information systems in healthcare.publishedVersio

Threats on the horizon: Understanding security threats in the era of cyber-physical systems

Disruptive innovations of the last few decades, such as smart cities and Industry 4.0, were made possible by higher integration of physical and digital elements. In today's pervasive cyber-physical systems, connecting more devices introduces new vulnerabilities and security threats. With increasing cybersecurity incidents, cybersecurity professionals are becoming incapable of addressing what has become the greatest threat climate than ever before. This research investigates the spectrum of risk of a cybersecurity incident taking place in the cyber-physical-enabled world using the VERIS Community Database. The findings were that the majority of known actors were from the US and Russia, most victims were from western states and geographic origin tended to reflect global affairs. The most commonly targeted asset was information, with the majority of attack modes relying on privilege abuse. The key feature observed was extensive internal security breaches, most often a result of human error. This tends to show that access in any form appears to be the source of vulnerability rather than incident specifics due to a fundamental trade-off between usability and security in the design of computer systems. This provides fundamental evidence of the need for a major reevaluation of the founding principles in cybersecurity

Enhancing and simplifying data security and privacy for multitiered applications

© 2020 Elsevier Inc. While databases provide capabilities to enforce security and privacy policies, two major issues still prevent applications from safely delegating such policies to the database. The first one is the loss of user identity in multitiered environments which renders the database security features of little to no value. The second issue is the unsafe coexistence between the security capabilities and fundamental database tenets which creates data leakage vulnerabilities. This paper proposes extensions to database systems to allow applications, such as those used in managing the operations of energy clouds, to safely delegate the security and privacy policies to the database. This delegation reduces complexity for applications and improves overall data security and privacy. Our performance evaluation shows that almost all the TPC-H queries perform the same or better when the security policy is enforced by the database. For the set of queries that performed better, the improvement observed ranges from 8 to 68%

Impact and key challenges of insider threats on organizations and critical businesses

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed

Ciberseguridad y bibliotecas: apuntes para una propuesta de formación sobre riesgo tecnológico en bibliotecas

A proposal for training for workers in public libraries on basic aspects of cybersecurity and privacy is presented, through a list of elements to consider and a commitment to distance education. In advance, the most significant terms are delimited to avoid any possible ambiguity, and a new technology risk forecast is made in the short and medium term

Cybersecurity and libraries notes for a training proposal on technological risk in libraries

[ES] Se presenta una propuesta de formación para trabajadores en bibliotecas públicas sobre aspectos básicos de ciberseguridad y privacidad, mediante un listado de elementos a considerar y una apuesta por su impartición a distancia. De forma previa se delimitan los términos más significativos para evitar toda posible ambigüedad. Así mismo, se hace una previsión de nuevos riesgos tecnológicos a un corto y medio plazo.[EN] A proposal for training for workers in public libraries on basic aspects of cybersecurity and privacy is presented, through a list of elements to consider and a commitment to distance education. In advance, the most significant terms are delimited to avoid any possible ambiguity, and a new technology risk forecast is made in the short and medium term.Oltra Gutiérrez, JV.; Ibáñez-Hernández, R. (2019). Ciberseguridad y bibliotecas: apuntes para una propuesta de formación sobre riesgo tecnológico en bibliotecas. Métodos de informacion. 10(19):75-126. https://doi.org/10.5557/IIMEI10-N19-075126S75126101

Factors Influencing Small Construction Businesses from Implementing Information Security: A Case Study

This qualitative study described the influence of small businesses’ failure to properly implement information security technologies resulting in the loss of sensitive and proprietary business information. A collective case study approach was used to determine the most effective way to gain a holistic picture of how small construction businesses make security technology implementation decisions to support their workforce. The theory guiding this study was the Unified Theory of Acceptance and Use of Technology (UTAUT) model which is related to the Theory of Planned Behavior and the Technology Acceptance Model which helped explain the intentions of individuals to use information systems. Security policies and threats (insider and cyber) were also looked at during this study. Data collection methods included questionnaires, interviews, document reviews, journaling, and webpage scans to provide insight into security information technology use. The results of this study indicated small construction businesses rely heavily on third-party information technology venders to perform security functions. This security model has led to several of the businesses experiencing cyber security incidents and the businesses being more reactive in responding to cyber-attacks. Deficiencies with planning for system implementations also impacted how employees thought and used the businesses’ security information systems. The study’s results indicated employee’s behavior intention and use behavior was highly impacted by the age moderator with older employees more likely to display a lower behavior intention and use behavior for using systems

‘Enhanced Encryption and Fine-Grained Authorization for Database Systems

The aim of this research is to enhance fine-grained authorization and encryption so that database systems are equipped with the controls necessary to help enterprises adhere to zero-trust security more effectively. For fine-grained authorization, this thesis has extended database systems with three new concepts: Row permissions, column masks and trusted contexts. Row permissions and column masks provide data-centric security so the security policy cannot be bypassed as with database views, for example. They also coexist in harmony with the rest of the database core tenets so that enterprises are not forced to compromise neither security nor database functionality. Trusted contexts provide applications in multitiered environments with a secure and controlled manner to propagate user identities to the database and therefore enable such applications to delegate the security policy to the database system where it is enforced more effectively. Trusted contexts also protect against application bypass so the application credentials cannot be abused to make database changes outside the scope of the application’s business logic. For encryption, this thesis has introduced a holistic database encryption solution to address the limitations of traditional database encryption methods. It too coexists in harmony with the rest of the database core tenets so that enterprises are not forced to choose between security and performance as with column encryption, for example. Lastly, row permissions, column masks, trusted contexts and holistic database encryption have all been implemented IBM DB2, where they are relied upon by thousands of organizations from around the world to protect critical data and adhere to zero-trust security more effectively