4 research outputs found

    Chapter 8 ENHANCING THE SAFETY, SECURITY AND RESILIENCE OF ICT AND SCADA SYSTEMS USING ACTION RESEARCH

    Get PDF
    Abstract This paper discusses the results of a questionnaire-based survey used to assess the safety, security and resilience of information and communications technology (ICT) and supervisory control and data acquisition (SCADA) systems used in the Norwegian oil and gas industry. The survey identifies several challenges, including the involvement of professionals with different backgrounds and expertise, lack of common risk perceptions, inadequate testing and integration of ICT and SCADA systems, poor information sharing related to undesirable incidents and lack of resilience in the design of technical systems. Action research is proposed as a process for addressing these challenges in a systematic manner and helping enhance the safety, security and resilience of ICT and SCADA systems used in oil and gas operations

    Dise帽o de un modelo de negocio para ofrecer servicios de seguridad de la informaci贸n a Pymes del sector salud en Bogot谩

    Get PDF
    La seguridad de la informaci贸n busca su protecci贸n de posibles da帽os por revelaci贸n y uso no autorizado; dado que ha cobrado fuerza con el incremento en el uso de informaci贸n digital, las tecnolog铆as de la informaci贸n (TICs), la interconexi贸n para la comunicaci贸n, negociaci贸n y prestaci贸n de servicios; tambi茅n en los eventos disruptivos, como es el caso de la actual pandemia. En el sector de servicios de salud lo anterior toma relevancia por el uso de informaci贸n m茅dica, considerada confidencial y sensible, y cuya revelaci贸n no autorizada puede afectar a las personas y su integridad f铆sica y psicol贸gica. Si bien existe regulaci贸n que busca proteger el derecho b谩sico de las personas a la intimidad y atender a su protecci贸n por estigmas sociales asociados a factores de enfermedad, en el sector salud a煤n no se brinda la relevancia requerida para proteger estos datos, que a la vista de criminales resultan llamativos por su valor en el mercado ilegal. Adem谩s, las condiciones econ贸micas y de desconocimiento agravan esta situaci贸n en las peque帽as y medianas empresas (Pymes), dado que presentan retos en el momento de implementar controles para proteger la informaci贸n de usuarios y pacientes. Este trabajo pretender identificar los elementos que pueden influir en la implementaci贸n de la seguridad de la informaci贸n en las Pymes del sector salud en la ciudad de Bogot谩 y propone un modelo de negocio basado en el Canvas de Osterwalder & Pigneur (2011). Para ello se realiza una revisi贸n de literatura entre los a帽os 2000 y 2020 en relaci贸n con el tema.Information security seeks to protect this from possible hurts for unauthorized disclosure and use. It has gained strength with the increase in to use of digital information, information technologies (TICs), the interconnection for communication, negotiation, and provision of services, as well as disruptive events such as the current pandemic. In the healthcare sector, the above takes relevance for the use of medical information that is considered confidential and sensitive, and whose unauthorized disclosure may affect people and their physical and psychological integrity. Although there are regulations that seek to protect the people鈥檚 basic right to privacy and attend to their protection due to social stigmas associated with disease factors; in the healthcare sector, the relevance required to protect these data isn鈥檛 yet provided, which in the eyes of criminals are striking for their value in the black market. Furthermore, the economic conditions and ack of knowledge aggravate this situation in SMEs since they present challenges when implementing controls to protect users and patient information. This work aims to identify the elements that can be included in the implementation of information security in SMEs in the healthcare sector in Bogot谩 city and propose a business model based on the Osterwalder & Pigneur Canvas (2011). For this, a literature review is carried out between the years 2000 and 2020 in relation to the subject

    The Web Engineering Security (WES) methodology

    Get PDF
    The World Wide Web has had a significant impact on basic operational economical components in global information rich civilizations. This impact is forcing organizations to provide justification for security from a business case perspective and to focus on security from a web application development environment perspective. This increased focus on security was the basis of a business case discussion and led to the acquisition of empirical evidence gathered from a high level Web survey and more detailed industry surveys to analyse security in the Web application development environment. Along with this information, a collection of evidence from relevant literature was also gathered. Individual aspects of the data gathered in the previously mentioned activities contributed to the proposal of the Essential Elements (EE) and the Security Criteria for Web Application Development (SCWAD). The Essential Elements present the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a Web Engineering Development process. The Security Criteria for Web Application Development identifies criteria that need to be addressed by a secure Web Engineering process. Both the EE and SCWAD are presented in detail along with relevant justification of these two elements to Web Engineering. SCWAD is utilized as a framework to evaluate the security of a representative selection of recognized software engineering processes used in Web Engineering application development. The software engineering processes appraised by SCWAD include: the Waterfall Model, the Unified Software Development Process (USD), Dynamic Systems Development Method (DSDM) and eXtreme Programming (XP). SCWAD is also used to assess existing security methodologies which are comprised of the Orion Strategy; Survivable / Viable IS approaches; Comprehensive Lightweight Application Security Process (CLASP) and Microsoft鈥檚 Trust Worthy Computing Security Development Lifecycle. The synthesis of information provided by both the EE and SCWAD were used to develop the Web Engineering Security (WES) methodology. WES is a proactive, flexible, process neutral security methodology with customizable components that is based on empirical evidence and used to explicitly integrate security throughout an organization鈥檚 chosen application development process. In order to evaluate the practical application of the EE, SCWAD and the WES methodology, two case studies were conducted during the course of this research. The first case study describes the application of both the EE and SCWAD to the Hunterian Museum and Art Gallery鈥檚 Online Photo Library (HOPL) Internet application project. The second case study presents the commercial implementation of the WES methodology within a Global Fortune 500 financial service sector organization. The assessment of the WES methodology within the organization consisted of an initial survey establishing current security practices, a follow-up survey after changes were implemented and an overall analysis of the security conditions assigned to projects throughout the life of the case study

    Managing information security in healthcare - an action research experience

    No full text
    This paper describes a project involving the planning and management of information security at a large private hospital. A high level model derived using the Soft Systems Methodology [5] named the Orion Strategy, was implemented and further developed during its application using Action Research. This method features a high level of user participation, including education seminars and workshops with senior and middle managers ofthe hospital. The project resulted in a noticeable improvement in information security measures at the hospital, a raised awareness of security issues and an acceptance of ownership by staff of the resultant security plan
    corecore