Combining secure system design with risk assessment for IoT healthcare systems

In this paper, we show how to derive formal spec- ifications of secure IoT systems by a process that uses the risk assessment strategy of attack trees on infrastructure models. The models of the infrastructure are logical models in the Isabelle Infrastructure framework. It comprises actors, policies and a state transition of the dynamic evolution of the system. This logical framework also provides attack trees. The process we propose in this paper incrementally uses those two features to refine a system specification until expected security and privacy properties can be proved. Infrastructures allow modeling logical as well as physical elements which makes them well suited for IoT applications. We illustrate the stepwise application of the proposed process in the Isabelle Insider framework on the case study of an IoT healthcare system

Combining secure system design with risk assessment for IoT healthcare systems

In this paper, we show how to derive formal spec- ifications of secure IoT systems by a process that uses the risk assessment strategy of attack trees on infrastructure models. The models of the infrastructure are logical models in the Isabelle Infrastructure framework. It comprises actors, policies and a state transition of the dynamic evolution of the system. This logical framework also provides attack trees. The process we propose in this paper incrementally uses those two features to refine a system specification until expected security and privacy properties can be proved. Infrastructures allow modeling logical as well as physical elements which makes them well suited for IoT applications. We illustrate the stepwise application of the proposed process in the Isabelle Insider framework on the case study of an IoT healthcare system

Risk in Healthcare Information Technology: Creating a Standardized Risk Assessment Framework

Data breaches are occurring at an unprecedented rate. Between June 2019 and early October 2020, over 564 data breaches affected over 36.6 million patients as posted to the United States Federal government HITECH portal. These patients are at risk for having their identities stolen or sold on alternative marketplaces. Some healthcare entities are working to manage privacy and security risks to their operations, research, and patients. However, many have some procedures and policies in place, with few (if any) centrally managing all their infrastructure risks. For example, many healthcare organizations are not tracking or updating all the known and potential concerns and elements into a centralized repository following industry best practice timetables for auditing and insurance quantification. This chapter examines known and potential problems in healthcare information technology and discusses a new open source risk management standardized framework library to improve the coordination and communication of the aforementioned problematic management components. The healthcare industry would benefit from adopting such a standardized risk-centric framework

Internet of Medical Things Security Frameworks for Risk Assessment and Management: A Scoping Review

Katerina Svandova,* Zdenek Smutny* Faculty of Informatics and Statistics, Prague University of Economics and Business, Prague, Czech Republic*These authors contributed equally to this workCorrespondence: Zdenek Smutny, Faculty of Informatics and Statistics, Prague University of Economics and Business, W. Churchill Sq. 1938/4, 130 67 Prague 3, Prague, Czech Republic, Email [email protected]: The massive expansion of the Internet of medical things (IoMT) technology brings many opportunities for improving healthcare. At the same time, their use increases security risks, brings security and privacy concerns, and threatens the functioning of healthcare facilities or healthcare provision.Purpose: This scoping review aims to identify progress in designing risk assessment and management frameworks for IoMT security. The frameworks found are divided into two groups according to whether frameworks address the technological design of risk management or assess technological measures to ensure the security of the IoMT environment. Furthermore, the article intends to find out whether frameworks also include an assessment of organisational measures related to IoMT security.Methods: This review was prepared using PRISMA ScR guidelines. Relevant studies were searched in the citation databases Web of Science and Scopus. The search was limited to articles published in English between 2018 and 17 September 2023. The initial search yielded 1341 articles, of which 44 (3.3%) were included in the scoping review. A qualitative content analysis focused on selected security perspectives and progress in the given area was carried out.Results: Thirty-two articles describe the design of risk assessment and management frameworks. Twelve articles describe the design of frameworks for assessing the security of IoMT devices and possibly offer a comparison of different IoMT alternatives. A description of the included articles was prepared from the selected security perspectives.Conclusion: The review shows the need to create comprehensive or holistic frameworks for operational security and privacy risk management at all layers of the IoMT architecture. It includes the design of specific technological solutions and frameworks for continuously assessing the overall level of information security and privacy of the IoMT environment. Unfortunately, none of the found frameworks offer an assessment of organizational measures even though the importance of the organization measures was highlighted in articles. Another area of interest for researchers could be the design of a general risk management database for IoMT, which would include potential IoMT-related risks connected to a particular device.Keywords: cybersecurity, healthcare, information systems, IoMT, internet of things, IoT, threat, sensor

Computer-Mediated Communication

This book is an anthology of present research trends in Computer-mediated Communications (CMC) from the point of view of different application scenarios. Four different scenarios are considered: telecommunication networks, smart health, education, and human-computer interaction. The possibilities of interaction introduced by CMC provide a powerful environment for collaborative human-to-human, computer-mediated interaction across the globe