A Comprehensive Study of Security and Cyber-Security Risk Management within e-Health Systems: Synthesis, Analysis and a Novel Quantified Approach

Ksibi, Sondes; Jaidi, Faouzi; Bouhoula, Adel

doi:10.1007/s11036-022-02042-1

Cited by 22 publications

(17 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The frameworks focus either directly on the IoMT and the healthcare sector or propose frameworks for the IoT in general, with an outline of possible applications in healthcare. 16 Upon examination of the full text, it was found that two papers by the same collective of authors 15 , 27 describe essentially the same framework. Both papers were included in the review because the authors in 15 describe the design of a risk management system falling under RQ 1, whereas paper 27 states that it is not only a method to enable operational risk management (falling under RQ 1), but also a risk assessment to help select the most suitable medical device from different alternatives, which falls under RQ 2.…”

Section: Resultsmentioning

confidence: 99%

“… 16 Upon examination of the full text, it was found that two papers by the same collective of authors 15 , 27 describe essentially the same framework. Both papers were included in the review because the authors in 15 describe the design of a risk management system falling under RQ 1, whereas paper 27 states that it is not only a method to enable operational risk management (falling under RQ 1), but also a risk assessment to help select the most suitable medical device from different alternatives, which falls under RQ 2. The risk calculation is described similarly, but the paper 27 additionally presents a method to calculate the risk probability, including examples of weights.…”

Section: Resultsmentioning

confidence: 99%

“…This is likely linked to the increasing use of IoMT in hospitals and the increasing number of cyber attacks. The work 27 published in 2021 is not listed in this section addressing RQ 1 because the operational risk management described here is also presented in newer work 15 published in 2022; see the justification in Study characteristics.

Figure 2 Publication year and focus of articles according to threat type (n = 32).…”

Section: Resultsmentioning

confidence: 99%

“…The study 15 provides an overview and analysis of existing risk assessment methods and management standards. It divides the analysed existing standards and frameworks into three categories: trust‑risk awareness methods, models and standards; trust‑risk awareness in IoT, IoMT and e‑health; and trust‑risk awareness in access control.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Internet of Medical Things Security Frameworks for Risk Assessment and Management: A Scoping Review

Svandova,

Smutny

2024

JMDH

View full text Add to dashboard Cite

Background The massive expansion of the Internet of medical things (IoMT) technology brings many opportunities for improving healthcare. At the same time, their use increases security risks, brings security and privacy concerns, and threatens the functioning of healthcare facilities or healthcare provision. Purpose This scoping review aims to identify progress in designing risk assessment and management frameworks for IoMT security. The frameworks found are divided into two groups according to whether frameworks address the technological design of risk management or assess technological measures to ensure the security of the IoMT environment. Furthermore, the article intends to find out whether frameworks also include an assessment of organisational measures related to IoMT security. Methods This review was prepared using PRISMA ScR guidelines. Relevant studies were searched in the citation databases Web of Science and Scopus. The search was limited to articles published in English between 2018 and 17 September 2023. The initial search yielded 1341 articles, of which 44 (3.3%) were included in the scoping review. A qualitative content analysis focused on selected security perspectives and progress in the given area was carried out. Results Thirty-two articles describe the design of risk assessment and management frameworks. Twelve articles describe the design of frameworks for assessing the security of IoMT devices and possibly offer a comparison of different IoMT alternatives. A description of the included articles was prepared from the selected security perspectives. Conclusion The review shows the need to create comprehensive or holistic frameworks for operational security and privacy risk management at all layers of the IoMT architecture. It includes the design of specific technological solutions and frameworks for continuously assessing the overall level of information security and privacy of the IoMT environment. Unfortunately, none of the found frameworks offer an assessment of organizational measures even though the importance of the organization measures was highlighted in articles. Another area of interest for researchers could be the design of a general risk management database for IoMT, which would include potential IoMT-related risks connected to a particular device.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Figure 2 Publication year and focus of articles according to threat type (n = 32).…”

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Internet of Medical Things Security Frameworks for Risk Assessment and Management: A Scoping Review

Svandova,

Smutny

2024

JMDH

View full text Add to dashboard Cite

show abstract

“…Regardless of the size of the organizations or the complexity of the infrastructure used from a local building contractor to a massive, multinational company that manages everything, there is a procedure contained within the security policies. ISP comes into play during Intellectual Property (IP) or patent infringement cases, corporate espionage, and even intrusion events like a data breach or an instigated virus infection (Ksibi et al, 2022). For this purpose, the developed IISPM is a novel platform and can solve the heterogeneity, interoperability, and ambiguity of the ISP domain.…”

Section: Introductionmentioning

confidence: 99%

Integrated Information Security Policy Model for Saudi Arabia Organizations

Ghaban¹

2023

Journal of Computer Science

View full text Add to dashboard Cite

Information Security Policy (ISP) is an important domain used to preserve the confidentiality, integrity, and availability of sensitive data. However, it is an ambiguous and diverse domain due to the diversity of security policies and the multiplicity nature of organization systems. Numerous specific and generic ISP models have been offered for several purposes. The offered models have numerous redundant procedures, concepts, activities, processes, and tasks that make the ASP domain unorganized, unstructured, and ambiguous among domain experts and users. Thus, the structured and integrated model to simplify sharing, managing, and reusing ISP activities and tasks is still missing. This study applied the design science method to develop a unified model for the ISP domain called the Integrated Information Security Policy Model (IISPM). This aims to identify, recognize, extract, and match different ISP processes, concepts, activities, and tasks from different ISP models in a developed IISPM, thus, allowing domain experts and users to derive/instantiate solution models easily. The developed IISPM consists of six main abstract processes: Information security policy process, information security awareness process, access control process, observing the process, agreement process, and plan process. Each introduced process has specific security practices. The output showed that IISPM assists domain experts and users to create their solution models based on their requirements.

show abstract