Healthcare Professionals’ Views on Security – A Text Analytical Approach

Technological advancement has revolutionized patient care. With massive amount of data collected patients, personalized treatment can be provided. However, technology is a double-edge sword. Both news and media report the significant impact of security breaches, study of security is needed and as our work, life and health continually rely on more technologies, any breach or failure of the system could create disastrous impact. In this paper, we use a text analytic approach to study healthcare professionals’ view on security. Data were collected from 50 healthcare professionals with an average work experience of 17.5 years. A total of 145 posts were analyzed. The results indicate that healthcare organizations need to invest on employee training on security, developing standards in healthcare terminologies as well as security and privacy policies related to mobile and social media use

Security knowledge representation artifacts for creating secure IT systems

The creation of secure applications is more than ever a complex task because it requires from system engineers increasing levels of knowledge in security requirements, design and implementation. In fact, the fast increasing size and volatility of this knowledge has reached a point in which it is unrealistic to expect that system engineers can keep up to date with it. The most prominent paradigm for addressing this problem is the use of security patterns to communicate security knowledge from experts to system designers. This, and other security artifacts, have proved their utility and benefits in the past years, improving the way security is taken into account by system engineers and developers. On the other hand, these artifacts have some limitations that have prevented them from becoming more widespread. In particular, security patterns are human-oriented and as such heavily based on natural language, which implies intrinsic high degrees of imprecision and ambiguity. In our opinion, we need to make the move from purely human oriented artifacts to hybrid artifacts that convey information for both humans (engineers and designers) and computer tools (engineering and development environments). Therefore, we have created a new security knowledge representation artifact that aims to cover the needs of system engineers and help them not only in applying a solution, but also in understanding the security aspects of a given domain as a highly-related set of security concepts (e.g. properties, requirements, solutions, etc.). This artifact, called Domain Security Metamodel (DSM), is, as its name suggests, domain-specific and contains information about all security aspects that are relevant in a specific domain (e.g. embedded systems, web services, etc.). The DSM contains security solutions that implement the security properties of the specific domains. That way, when users apply them into their system models the solutions for development time can be integrated directly and naturally. In order to describe our approach in a useful way we use a running example based on the Web Service Security (WS-Security) specification