897 research outputs found

    Data security in European healthcare information systems

    Get PDF
    This thesis considers the current requirements for data security in European healthcare systems and establishments. Information technology is being increasingly used in all areas of healthcare operation, from administration to direct care delivery, with a resulting dependence upon it by healthcare staff. Systems routinely store and communicate a wide variety of potentially sensitive data, much of which may also be critical to patient safety. There is consequently a significant requirement for protection in many cases. The thesis presents an assessment of healthcare security requirements at the European level, with a critical examination of how the issue has been addressed to date in operational systems. It is recognised that many systems were originally implemented without security needs being properly addressed, with a consequence that protection is often weak and inconsistent between establishments. The overall aim of the research has been to determine appropriate means by which security may be added or enhanced in these cases. The realisation of this objective has included the development of a common baseline standard for security in healthcare systems and environments. The underlying guidelines in this approach cover all of the principal protection issues, from physical and environmental measures to logical system access controls. Further to this, the work has encompassed the development of a new protection methodology by which establishments may determine their additional security requirements (by classifying aspects of their systems, environments and data). Both the guidelines and the methodology represent work submitted to the Commission of European Communities SEISMED (Secure Environment for Information Systems in MEDicine) project, with which the research programme was closely linked. The thesis also establishes that healthcare systems can present significant targets for both internal and external abuse, highlighting a requirement for improved logical controls. However, it is also shown that the issues of easy integration and convenience are of paramount importance if security is to be accepted and viable in practice. Unfortunately, many traditional methods do not offer these advantages, necessitating the need for a different approach. To this end, the conceptual design for a new intrusion monitoring system was developed, combining the key aspects of authentication and auditing into an advanced framework for real-time user supervision. A principal feature of the approach is the use of behaviour profiles, against which user activities may be continuously compared to determine potential system intrusions and anomalous events. The effectiveness of real-time monitoring was evaluated in an experimental study of keystroke analysis -a behavioural biometric technique that allows an assessment of user identity from their typing style. This technique was found to have significant potential for discriminating between impostors and legitimate users and was subsequently incorporated into a fully functional security system, which demonstrated further aspects of the conceptual design and showed how transparent supervision could be realised in practice. The thesis also examines how the intrusion monitoring concept may be integrated into a wider security architecture, allowing more comprehensive protection within both the local healthcare establishment and between remote domains.Commission of European Communities SEISMED proje

    Electronic Payment Systems Observatory (ePSO). Newsletter Issues 9-15

    Get PDF
    Abstract not availableJRC.J-Institute for Prospective Technological Studies (Seville

    The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Australia

    Get PDF
    Conference Foreword The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fifteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The papers cover topics from vulnerabilities in “Internet of Things” protocols through to improvements in biometric identification algorithms and surveillance camera weaknesses. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Twenty two papers were submitted from Australia and overseas, of which eighteen were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conference. To our sponsors, also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference

    Mobile Payments in the Netherlands: Adoption Bottlenecks and Opportunities, or… Throw Out Your Wallets

    Get PDF
    Het doel van dit onderzoek is het analyseren van de marktgrootte van mobiel betalen en de bijbehorende omzetbasis, alsmede de invoering van knelpunten, om inzicht te verkrijgen in de introductie en ontwikkeling van mobiele bankservices in Nederland. Het onderzoek beschrijft verscheidene aspecten van mobiel betalen/mobiel bankieren in Nederland. Onderwerpen als implementatie, wetgeving, geschatte businesscase, aanbevolen businessmodel, ontwikkelingsscenario’s, een SWOT - analyse van technische oplossingen, organisatorische knelpunten, een analyse van de redenen van succes en falen en openstaande problemen en uitdagingen komen aan de orde. Het voornaamste doel van het onderzoek is het trachten te beantwoorden van de vraag of er een markt voor mobiel betalen is in Nederland en een analyse geven van waarom mobiele bankservices niet succesvol zijn geweest in Nederland. Bovendien dient gemeld te worden dat de focus van dit verslag lag op microbetalingen, waar over het algemeen betalingen tot €10 onder verstaan worden.The purpose of this research report is to analyse the mobile payment market size and its revenue basis, as well as adoption bottlenecks, in view of establishing the adoption and deployment of mobile banking services in The Netherlands. The research report describes various aspects with regard to mobile payments/mobile banking in The Netherlands. Issues like implementation, regulatory framework, estimated business case, deployment scenario’s, recommended business model, a SWOT analysis of the technical solutions, organisational bottlenecks, an analysis of the reasons for success and failures, and open issues and challenges are addressed. The main aim is to try to answer the question whether there is a market in The Netherlands for mobile banking services, and providing an analysis of why M-banking services have not been so successful in The Netherlands. Furthermore, it needs to be mentioned that the focus of this paper was on micro-payments, which are generally considered to be payments of up to €10

    Multimodal Information Sharing Team (MIST) – Port of Baltimore Industry and Public Sector Cooperation for Information Sharing

    Get PDF
    The Multimodal Information Sharing Team (MIST) is an evolution of the Maritime Information Sharing Taskforce that has been conducting workshops in domestic ports since 2008. The MIST provides a framework and process for the collaborative exploration of information sharing across the port multimodal community. The MIST emphasizes the private sector perspective to ensure that government stakeholders are leveraging this critical player in the sharing of all hazards threat information. The Program Manager for the Information Sharing Environment (PM-ISE) sponsored the Baltimore MIST. This report presents the results of an action planning workshop that involved over 30 local, state, and national public and private sector stakeholders in maritime security for the Port of Baltimore. It highlights the motivations for information sharing and the information needs of both public and private sector. It uses the Inter-Organizational Collaborative Capacity model to organize the analysis and recommendations for three aspects of information sharing: security-focused mechanisms, commerce-focused mechanisms, and technology mechanisms. The report concludes with a set of both immediate-term and long term actions that were identified by workshop participants. Through the MIST collaboration, the PM-ISE in partnership with National Maritime Intelligence-Integration Office (NMIO) will continue to work with the Baltimore area, supporting the on-going development of the Maritime Law Enforcement Information Network (MLEIN)

    Cyber Supply Chain Risk Management: Implications for the SOF Future Operating Environment

    Get PDF
    The emerging Cyber Supply Chain Risk Management (C-SCRM) concept assists at all levels of the supply chain in managing and mitigating risks, and the authors define C-SCRM as the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of information and operational technology products and service supply chains. As Special Operations Forces increasingly rely on sophisticated hardware and software products, this quick, well-researched monograph provides a detailed accounting of C-SCRM associated laws, regulations, instructions, tools, and strategies meant to mitigate vulnerabilities and risks—and how we might best manage the evolving and ever-changing array of those vulnerabilities and risks

    Cyber-Security Challenges in Aviation Industry: A Review of Current and Future Trends

    Get PDF
    The integration of Information and Communication Technology (ICT) tools into mechanical devices in routine use within the aviation industry has heightened cyber-security concerns. The extent of the inherent vulnerabilities in the software tools that drive these systems escalates as the level of integration increases. Moreover, these concerns are becoming even more acute as the migration within the industry in the deployment of electronic-enabled aircraft and smart airports gathers pace. A review of cyber-security attacks and attack surfaces within the aviation sector over the last 20 years provides a mapping of the trends and insights that are of value in informing on future frameworks to protect the evolution of a key industry. The goal is to identify common threat actors, their motivations, attacks types and map the vulnerabilities within aviation infrastructures most commonly subject to persistent attack campaigns. The analyses will enable an improved understanding of both the current and potential future cyber-security protection provisions for the sector. Evidence is provided that the main threats to the industry arise from Advance Persistent Threat (APT) groups that operate, in collaboration with a particular state actor, to steal intellectual property and intelligence in order to advance their domestic aerospace capabilities as well as monitor, infiltrate and subvert other sovereign nations’ capabilities. A segment of the aviation industry commonly attacked is the Information Technology (IT) infrastructure, the most prominent type of attack being malicious hacking with intent to gain unauthorised access. The analysis of the range of attack surfaces and the existing threat dynamics has been used as a foundation to predict future cyber-attack trends. The insights arising from the review will support the future definition and implementation of proactive measures that protect critical infrastructures against cyber-incidents that damage the confidence of customers in a key service-oriented industry

    Cyber-security challenges in aviation industry : a review of current and future trends

    Get PDF
    The integration of Information and Communication Technology (ICT) tools into mechanical devices in routine use within the aviation industry has heightened cyber-security concerns. The extent of the inherent vulnerabilities in the software tools that drive these systems escalates as the level of integration increases. Moreover, these concerns are becoming even more acute as the migration within the industry in the deployment of electronic-enabled aircraft and smart airports gathers pace. A review of cyber-security attacks and attack surfaces within the aviation sector over the last 20 years provides a mapping of the trends and insights that are of value in informing on future frameworks to protect the evolution of a key industry. The goal is to identify common threat actors, their motivations, attacks types and map the vulnerabilities within aviation infrastructures most commonly subject to persistent attack campaigns. The analyses will enable an improved understanding of both the current and potential future cyber-security protection provisions for the sector. Evidence is provided that the main threats to the industry arise from Advance Persistent Threat (APT) groups that operate, in collaboration with a particular state actor, to steal intellectual property and intelligence in order to advance their domestic aerospace capabilities as well as monitor, infiltrate and subvert other sovereign nations’ capabilities. A segment of the aviation industry commonly attacked is the Information Technology (IT) infrastructure, the most prominent type of attack being malicious hacking with intent to gain unauthorised access. The analysis of the range of attack surfaces and the existing threat dynamics has been used as a foundation to predict future cyber-attack trends. The insights arising from the review will support the future definition and implementation of proactive measures that protect critical infrastructures against cyber-incidents that damage the confidence of customers in a key service-oriented industry
    • …
    corecore