A Strategic Decision for Information Security

A utilização de recursos informáticos é a estratégia mais comum à maioria das organizações para gerirem os seus ativos e propriedade intelectual. Esta decisão estratégica implica a sua exposição ao exterior através de canais de comunicação (infraestrutura de dados). McDermott e Redish (1999), descrevem a terceira lei de Newton como o princípio da ação - reação, as organizações ao exporem a sua infraestrutura ao exterior despoletaram, como reação, estranhos quererem aceder à sua infraestrutura para diversos fins, seja como puro divertimento, detetarem fragilidades ou, mais relevante para este trabalho, roubarem ativos/propriedade intelectual e criarem uma disrupção no serviços. As organizações sentem necessidade de se protegerem contra estes estranhos/ataques ao implementarem estratégias de segurança, mas a realidade é que as linhas de defesa da rede são permeáveis e as arquiteturas de segurança não são suficientemente dinâmicas para travar as ameaças existentes. Uma estratégia de segurança informática baseada na tecnologia “Deception” poderá permitir de uma forma rápida detetar, analisar e defender as redes organizacionais contra-ataquesem tempo real. Esta tecnologia “Deception” poderá oferecer informações precisas sobre “malware” e atividades maliciosas não detetadas por outros tipos de defesa cibernética. Este trabalho pretende explorar esta estratégia recente baseada em “Deception”, que pretende ser diferenciadora face à panóplia de dispositivos/software de segurança informática existentes. Como resultados, pretende-se elaborar uma análise onde as organizações possam perceber a tecnologia “Deception” nas suas vertentes da eficácia, eficiência e o seu valor estratégico para que, eventualmente, a possam utilizar para suportar/adicionar valor a uma decisão de estratégia de segurança informática.The use of Information Technology (IT) resources are the common approach for most organizations so they assets and intellectual property are properly managed. This strategic decision implies its exposure to the outside world through the data infrastructure. McDermott and Redish (1999), described the third Newton’s law as the principle of action- reaction, when organizations expose their infrastructure to the outside world and, as a response, strangers want to access their infrastructure for various purposes, either as pure fun, detect weaknesses or, more relevant for this work, steal assets/intellectual property. Organizations feel the need to protect themselves against these strangers/attacks by implementing security strategies, but truly, the network's first defense lines are permeable, and the security architectures are not dynamic enough to face existing or future threats. A Deception-based technology could enable the organizations to quickly detect, analyze and defend organizational networks against real-time attacks. Deception technology may provide accurate information on malware and malicious activity not detected by other types of cyber defense. This work intends to explore a new technology, Deception, that claims a differentiation when compared with the range of existing information security suite. The types of cyber-threats and their materialization could be relevant to the information technology and risk analysis. Thus, the intent is to elaborate an analysis where organizations can understand the Deception technology, his effectiveness, and strategic value so they can, eventually, use it to support/add value to a decision regarding information security strategy

Gamificação aplicada à formação em cibersegurança de profissionais de saúde: uma prova de conceito

Mestrado em Gestão e Avaliação de Tecnologias em SaúdeIntrodução: O sector da saúde é fortemente afetado pelo cibercrime, com as principais técnicas de ataque a serem direcionadas para os utilizadores. Por isso, os profissionais de saúde têm um papel fundamental na minimização destes ataques, quando devidamente treinados. As estratégias de formação gamificada em cibersegurança têm resultados bastante positivos ao nível da aquisição e retenção de conhecimento, tendo vantagens ao nível da gestão dos recursos e do tempo. Objetivos: Descrever o estado da arte relacionado com o impacto da cibersegurança no sector da saúde e com a gamificação; identificar os componentes associados ao desenvolvimento de soluções de gamificação; comparar as plataformas de gamificação existentes; definir uma metodologia de gamificação adequada para a formação em cibersegurança de profissionais de saúde e desenvolver uma ferramenta de gamificação para a sensibilização em cibersegurança de profissionais de saúde. Metodologia: Desenvolveu-se uma metodologia de gamificação para a formação em cibersegurança dos profissionais de saúde. Foi igualmente desenvolvido um protótipo da estratégia de formação gamificada, específica para o setor da saúde, onde consta um piloto da aplicação (Health-Cy-Game). Resultados: Desenvolvimento do protótipo da estratégia de formação gamificada – Health-Cy-Game – de acordo com o perfil de conhecimentos estabelecido: conhecimento geral de tecnologia; autenticação e gestão de palavras-passe; técnicas de ciberataques dirigidas ao sector da saúde; gestão da informação; manutenção e atualização de software, e procedimentos e regulamentos em cibersegurança das instituições de saúde. Disposições finais: No setor da saúde, a cibersegurança deverá constituir uma preocupação central dos planos estratégicos de segurança e qualidade dos cuidados. Para atingir este estado de segurança, é preciso munir os utilizadores da tecnologia de conhecimento adequados. “Health-Cy-Game” foi construído tendo em conta o perfil de competências destes profissionais e as especificidades deste sector, de acordo com o Referencial de Competências e Conhecimentos do Centro Nacional de Cibersegurança e as escalas Risky Cybersecurity Behaviours Scale (RsCB) e Security Behaviour Intentions Scale (SeBIS).ABSTRACT - Introduction: The healthcare sector is heavily affected by cybercrime, with the majority of techniques used being addressed to its users. Health professionals have a key role in minimizing these attacks when properly trained. Gamified training strategies in cybersecurity have very positive results in terms of knowledge acquisition and retention, with advantages in terms of resources and time management. Objectives: To describe the state-of-the-art related to the impact of cybersecurity in the health sector and with gamification; identify the components associated with the development of gamification solutions; compare existing gamification platforms; define an appropriate gamification methodology for training health professionals in cybersecurity and develop a gamification tool to raise awareness of cybersecurity among health professionals. Methodology: A gamification methodology was developed for training health professionals in cybersecurity. A prototype of the gamified training strategy, specific for the health sector, was also developed, which contains a pilot application (Health-Cy-Game). Results: Development of the prototype of the gamified training strategy – Health-Cy-Game – according to the knowledge profile established: general knowledge of technology; authentication and password management; cyberattack techniques targeting the health sector; information management; maintenance and updating of software, and procedures and regulations in cybersecurity of health institutions. Final Provisions: In the healthcare sector, cybersecurity must be a central concern of strategic plans addressed to safety and quality of care. To achieve this state of security, it is necessary to provide adequate training to healthcare professionals. “Health-Cy-Game” was built taking into account the skills profile of these professionals and the specificities of this sector, in accordance with Centro Nacional de Cibersegurança’s roadmap “Competências e Conhecimentos”, the Risky Cybersecurity Behaviours Scale (RsCB) and Security Behaviour Intentions Scale (SeBIS).N/

ENERGY-AWARE OPTIMIZATION FOR EMBEDDED SYSTEMS WITH CHIP MULTIPROCESSOR AND PHASE-CHANGE MEMORY

Over the last two decades, functions of the embedded systems have evolved from simple real-time control and monitoring to more complicated services. Embedded systems equipped with powerful chips can provide the performance that computationally demanding information processing applications need. However, due to the power issue, the easy way to gain increasing performance by scaling up chip frequencies is no longer feasible. Recently, low-power architecture designs have been the main trend in embedded system designs. In this dissertation, we present our approaches to attack the energy-related issues in embedded system designs, such as thermal issues in the 3D chip multiprocessor (CMP), the endurance issue in the phase-change memory(PCM), the battery issue in the embedded system designs, the impact of inaccurate information in embedded system, and the cloud computing to move the workload to remote cloud computing facilities. We propose a real-time constrained task scheduling method to reduce peak temperature on a 3D CMP, including an online 3D CMP temperature prediction model and a set of algorithm for scheduling tasks to different cores in order to minimize the peak temperature on chip. To address the challenging issues in applying PCM in embedded systems, we propose a PCM main memory optimization mechanism through the utilization of the scratch pad memory (SPM). Furthermore, we propose an MLC/SLC configuration optimization algorithm to enhance the efficiency of the hybrid DRAM + PCM memory. We also propose an energy-aware task scheduling algorithm for parallel computing in mobile systems powered by batteries. When scheduling tasks in embedded systems, we make the scheduling decisions based on information, such as estimated execution time of tasks. Therefore, we design an evaluation method for impacts of inaccurate information on the resource allocation in embedded systems. Finally, in order to move workload from embedded systems to remote cloud computing facility, we present a resource optimization mechanism in heterogeneous federated multi-cloud systems. And we also propose two online dynamic algorithms for resource allocation and task scheduling. We consider the resource contention in the task scheduling

Embedded System Design

A unique feature of this open access textbook is to provide a comprehensive introduction to the fundamental knowledge in embedded systems, with applications in cyber-physical systems and the Internet of things. It starts with an introduction to the field and a survey of specification models and languages for embedded and cyber-physical systems. It provides a brief overview of hardware devices used for such systems and presents the essentials of system software for embedded systems, including real-time operating systems. The author also discusses evaluation and validation techniques for embedded systems and provides an overview of techniques for mapping applications to execution platforms, including multi-core platforms. Embedded systems have to operate under tight constraints and, hence, the book also contains a selected set of optimization techniques, including software optimization techniques. The book closes with a brief survey on testing. This fourth edition has been updated and revised to reflect new trends and technologies, such as the importance of cyber-physical systems (CPS) and the Internet of things (IoT), the evolution of single-core processors to multi-core processors, and the increased importance of energy efficiency and thermal issues

Embedded System Design

A unique feature of this open access textbook is to provide a comprehensive introduction to the fundamental knowledge in embedded systems, with applications in cyber-physical systems and the Internet of things. It starts with an introduction to the field and a survey of specification models and languages for embedded and cyber-physical systems. It provides a brief overview of hardware devices used for such systems and presents the essentials of system software for embedded systems, including real-time operating systems. The author also discusses evaluation and validation techniques for embedded systems and provides an overview of techniques for mapping applications to execution platforms, including multi-core platforms. Embedded systems have to operate under tight constraints and, hence, the book also contains a selected set of optimization techniques, including software optimization techniques. The book closes with a brief survey on testing. This fourth edition has been updated and revised to reflect new trends and technologies, such as the importance of cyber-physical systems (CPS) and the Internet of things (IoT), the evolution of single-core processors to multi-core processors, and the increased importance of energy efficiency and thermal issues

Digital innovation in Multiple Sclerosis Management

Due to innovation in technology, a new type of patient has been created, the e-patient, characterized by the use of electronic communication tools and commitment to participate in their own care. The extent to which the world of digital health has changed during the COVID-19 pandemic has been widely recognized. Remote medicine has become part of the new normal for patients and clinicians, introducing innovative care delivery models that are likely to endure even if the pendulum swings back to some degree in a post-COVID age. The development of digital applications and remote communication technologies for patients with multiple sclerosis has increased rapidly in recent years. For patients, eHealth apps have been shown to improve outcomes and increase access to care, disease information, and support. For HCPs, eHealth technology may facilitate the assessment of clinical disability, analysis of lab and imaging data, and remote monitoring of patient symptoms, adverse events, and outcomes. It may allow time optimization and more timely intervention than is possible with scheduled face-to-face visits. The way we measure the impact of MS on daily life has remained relatively unchanged for decades, and is heavily reliant on clinic visits that may only occur once or twice each year.These benefits are important because multiple sclerosis requires ongoing monitoring, assessment, and management.The aim of this Special Issue is to cover the state of knowledge and expertise in the field of eHealth technology applied to multiple sclerosis, from clinical evaluation to patient education

An Overview on Bonded Marine Hoses for Sustainable Fluid Transfer and (Un)Loading Operations via Floating Offshore Structures (FOS)

Due to the demand for oil production in varying water depth regions, the advantage of flexible buoyant conduits has led to an increase in bonded marine hoses for fluid transfer and (un)loading operations. The fluid transfer system for bonded marine hoses is dependent on floating offshore structures (FOS). This paper presents an overview of different systems for sustainable fluid transfer and (un)loading operations via FOS, such as Single Point Mooring (SPM) systems. SPMs are component aspects of the techno-economic design and FOS operation. This review aims to present sustainable fluid transfer technologies while addressing the subject of bonded marine hoses based on application, configuration, test models, hose selection criteria, hose-mooring configurations and operational views. This paper also includes an overview of the hose dynamics, with the loading and unloading (or discharging) techniques for sustainable fluid transfer via marine bonded hoses, based on operational challenges encountered. To dynamically present the hose performance in this review, an overview of the test methods’ guidance as specified in available industry standards was conducted. The pros and cons of marine hose application were also presented. Finally, this study presents different marine hose types and novel design configurations applied in implementing hose-mooring systems. Some concluding remarks with recommended solutions on the technology were presented in this review

Electronic health record portals in Portugal : a perspective from providers and patients

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Knowledge Management and Business IntelligenceHealthcare systems are becoming more patient centered, as today’s citizens are more active and more informed. In line with this trend, healthcare providers are promoting the use of online applications such as Electronic Health Record (EHR) portals. EHR portals can be defined as web based applications that combine an EHR system and a patient portal, with the potential of helping to achieve benefits for both patients and healthcare providers, which makes the adoption of EHR portals an important field to study and understand. The aim of this study is to characterize the view from providers and patients on EHR portals, having the Portuguese health system as scenario. The methodology was divided into a provider-centered and a patient-centered approach, being characterized as a mixed-methods research as qualitative and quantitative data collection procedures were followed. Results point out that EHR portals are considered by providers as crucial in the establishment of a digital relationship with patients, but efforts still need to be carried out for the users to adhere to these technologies. Also, the portals available in Portugal are heterogeneous in terms of functionalities offered, greatly differing in terms of number of functionalities. Patients view some functionalities of EHR portals more important than others and half of them are users of the portal developed by the public provider. The statistically determinants of adoption of EHR portals were verified. By having the perspective of providers and users, it was possible to provide insights that can be helpful to develop EHR portals that meet patient demands

Intelligent Systems

This book is dedicated to intelligent systems of broad-spectrum application, such as personal and social biosafety or use of intelligent sensory micro-nanosystems such as "e-nose", "e-tongue" and "e-eye". In addition to that, effective acquiring information, knowledge management and improved knowledge transfer in any media, as well as modeling its information content using meta-and hyper heuristics and semantic reasoning all benefit from the systems covered in this book. Intelligent systems can also be applied in education and generating the intelligent distributed eLearning architecture, as well as in a large number of technical fields, such as industrial design, manufacturing and utilization, e.g., in precision agriculture, cartography, electric power distribution systems, intelligent building management systems, drilling operations etc. Furthermore, decision making using fuzzy logic models, computational recognition of comprehension uncertainty and the joint synthesis of goals and means of intelligent behavior biosystems, as well as diagnostic and human support in the healthcare environment have also been made easier