Secure IoT Devices for the Maintenance of Machine Tools

Through the Internet of Things (IoT) interaction between objects becomes possible in a way we have never seen before. With the advent of IoT and its introduction into almost all aspects of life, safety and security of IoT devices has to be considered for their whole life cycle. This concerns not only the large amounts of data that needs to be exchanged securely but also the design of the hardware of the devices themselves. Security has to be designed right from the start into IoT devices rather than added on later. This paper will introduce a global strategy for secure Design for IoT which includes: • Safe solutions for environments with rich information • Guarantee that the devices are functioning as intended by the manufacturer and are not damaged • Life cycle security across devices, networks and data centers • Support for industry standards and interoperability of devices • Ability to solve the challenges of the information link • Secure Clouds for traditional systems. This paper lays the foundation for the creation of a safe remote monitoring system for machine tools through IoT devices and analyses the critical issues focusing on the manufacturing environment

Comparative Analysis of Hospital Information Management Systems Among Healthcare Workers in Two Selected Hospitals in Kenya

Purpose of the study was to examine the use of hospital information management systems among healthcare workers in two public and private hospitals in Kenya. Specific objectives were to assess the use of the hospital information management systems in two selected public and private hospitals, find out the extent to which the hospital information system provides accurate and relevant information of the patients, establish the perception of the healthcare workers towards the hospital information management systems, find out the challenges faced in the use of the hospital information management systems in the selected hospitals, and find out possible solutions to improve the use of the hospital information management system in both hospitals. Private hospitals have well integrated hospital information management systems as compared to public ones. Hospital information management systems provide relevant and accurate information to the health workers. Challenges that face the hospital information management systems include inaccurate information, staff not knowledgeable, system not user friendly, and employees having negative attitude towards the system

Modelling semantics of security risk assessment for bring your own device using metamodelling technique

Rapid changes in mobile computing devices or modern devices such as smartphones, tablets and iPads have encouraged employees to use their personal devices at workplace. Bring Your Own Devices (BYOD) phenomenon in an enterprise has become pervasive in demand for business purposes. Most organizations practice BYOD as it offers a wide variety of advantages such as increasing work productivity, reducing cost and giving employee’s satisfaction. Despite that, BYOD practices trigger opportunities and challenges for the enterprise if there have no security policies, regulations and management on personal devices. Common BYOD security threats includes data leakage, exposure to malicious malware and sensitive corporates information. In this study, the Security-based BYOD Risk Assessment Metamodel (Security-based BYODRAM), a high-level knowledge structure was proposed for describing Security-based BYOD Risk Assessment domain. Review on thirty-five existing models which comprises of Risk Assessment and BYOD security models was done to identify the important concepts and semantic. Meta Object Facility (MOF) was the metamodeling language used in developing the metamodel. This study contributes a platform of incorporating and sharing of the Security-based BYOD Risk Assessment knowledge and giving solutions in managing BYOD security breaches. Real BYOD scenarios such as the Ottawa Hospital, privacy risks in enterprise and independent schools in Western Australian were used in demonstrating the semantics of proposed metamodel

Information security risk management for computerized health information systems in hospitals: A case study of Iran

Background: In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods: This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts� opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results: Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion: Information security risk management is not followed by Iran�s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran�s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. © 2016 Zarei and Sadoughi

A tree model for identification of threats as the first stage of risk assessment in HIS

Security remains to be a critical issue in the safe operation of Information Systems (IS). Identifying the threats to IS may lead to an effective method for measuring security as the initial stage for risk management. Despite many attempts to classify threats to IS, new threats to Health Information Systems (HIS) remains a continual concern for system de-velopers. The main aim of this paper is to present a research agenda of threats to HIS. A cohesive completeness study on the identification of possible threats on HIS was conducted. This study reveals more than 70 threats for HIS. They are classified into 30 common criteria. The abstraction was carried out using secondary data from various research da-tabases. This work-in-progress study will proceed to the next stage of ranking the security threats for assessing risk in HIS. This classification of threats may provide some insights to both researchers and professionals, who are interested in conducting research in risk management of HIS security