Advanced Techniques for Deploying Reliable and Efficient Access Control: Application to E-healthcare

Jaidi, Faouzi; Labbene-Ayachi, Faten; Bouhoula, Adel

doi:10.1007/s10916-016-0630-2

Cited by 9 publications

(12 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Also, the use of the Internet enhances information communication of these systems, but increases risk due to multiple networks and heterogonous users involved 24. This contributes to the challenge of integrating secure and privacy-preserving systems 25. Hence, a system with high security and excellent protection strategies is required to protect against potential breaches, which benefits the patients and improves overall quality 24…”

Section: Resultsmentioning

confidence: 99%

“…The access control features should include elements of robustness, flexibility, and conformity. First, the system has to be robust enough to prevent the exploitation of sensitive and private data by maintaining inappropriate and unauthorized access 25. Second, related to emergency cases, access to the control system has to be flexible to allow overriding and delegation access privileges 25.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization

Arain¹,

Tarraf²,

Ahmad³

2019

JMDH

View full text Add to dashboard Cite

BackgroundThe increased use of health information systems and information technology (IT) in healthcare heightens the risk of security and privacy breaches. Necessary measures such as effective IT training and education are required to meet the challenges of protecting patient information.PurposeThe objective of the study was to determine the effectiveness of existing educational and awareness modules in delivering the key messages around IT security and privacy.MethodsThe study was conducted in a large healthcare organization in Western Canada from September 2016 to March 2017. Using proportionate stratified random sampling, an online survey was distributed to all professional groups including clinical and non-clinical staff. In total, 586 participants responded to questions pertaining to whether or not they were aware of the IT education material, common potential breaches, and knowledge in preventing IT security and privacy breaches. Data were analyzed in SPSS version 19.ResultsThe study found that most of the participants (80.9%) completed the online IT training. Staff perceived the online training as effective (57.5%). There was a significant positive correlation between staff perception about the effectiveness of IT security educational material and satisfaction with IT security in the organization (r=0.34, P<0.01). Those who completed the training were 4.2-times (CI=2.0–8.8) more likely to correctly report the action upon receiving spam emails than those who had not completed the training. The most common type of breach stated was not knowing how to encrypt emails when sending emails outside the organization. Only a small proportion of clinical (25.5%) and non-clinical staff (30.4%) reported knowing how to encrypt emails. Also, participants identified various strategies for improving the module content and compliance.ConclusionOnline training provides a basic understanding of IT security and privacy concepts to prevent potential breaches. The training should be an integral part of healthcare staff continuing education to protect patient information.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization

Arain¹,

Tarraf²,

Ahmad³

2019

JMDH

View full text Add to dashboard Cite

show abstract

“…Moreover, in the context of healthcare and e-healthcare systems (as a typical critical infrastructures), access control solutions should be rigorous to ensure a higher protection and flexible to treat emergency cases. We check that the simultaneous coupling of two necessary but contradictory objectives (robustness and flexibility) has a direct influence and a wide impact on the compliance of the deployed access control policy [17].…”

Section: Compliance Managementmentioning

confidence: 99%

Advanced Access Control to Information Systems: Requirements, Compliance and Future Directives

Jaidi¹

2017

Advances in Security in Computing and Communications

View full text Add to dashboard Cite

The swift cadence of Information and Communication Technologies (ICT) is at the origin of a new generation of open, ubiquitous, large-scale, complex, and heterogeneous information systems (IS). Inextricably linked with this evolution, a number of technical, administrative, and social challenges should be urgently addressed. Security and privacy in critical IS are recognized as crucial issues. The access control is well adopted as a typical solution for securing sensitive resources and ensuring authorized interactions within IS. The chapter deals mainly with the thematic of advanced access control to IS and particularly to relational databases. We present a synthesis of the state of the art of access control that encloses a study of research advancements and challenges. We introduce and discuss requirements and main characteristics for deploying advanced access control infrastructures. Then, we discuss the problem of the conformity of concrete access control infrastructures, and we propose a conformity management scheme for monitoring the compliance between low-level and high-level policies. Finally, we provide and discuss proposals and directives to enhance provably secure and compliant access control schemes as a main characteristic of future IS.

show abstract

“…Moreover, in particular applications such as ubiquitous healthcare and e-healthcare systems, the access control process has to be (at the same time) rigorous to ensure a high level of protection and flexible to treat emergency situations. We verify that coupling two requisite but contradictory objectives (robustness and flexibility) has a direct influence and a wide impact on the compliance of the access control infrastructure [7]. In the context of private databases (used to structure and store collected sensitive and private data about critical and classified environments in cyberphysical infrastructures), typical scenarios of noncompliance between a concrete policy and its specification [8] are defined as follows:…”

Section: Introductionmentioning

confidence: 99%

A Methodology and Toolkit for Deploying Reliable Security Policies in Critical Infrastructures

Jaidi

Ayachi

Bouhoula

2018

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Substantial advances in Information and Communication Technologies (ICT) bring out novel concepts, solutions, trends, and challenges to integrate intelligent and autonomous systems in critical infrastructures. A new generation of ICT environments (such as smart cities, Internet of Things,edge-fog-social-cloudcomputing, and big data analytics) is emerging; it has different applications to critical domains (such as transportation, communication, finance, commerce, and healthcare) and different interconnections via multiple layers of public and private networks, forming a grid of critical cyberphysical infrastructures. Protecting sensitive and private data and services in critical infrastructures is, at the same time, a main objective and a great challenge for deploying secure systems. It essentially requires setting up trusted security policies. Unfortunately, security solutions should remain compliant and regularly updated to follow and track the evolution of security threats. To address this issue, we propose an advanced methodology for deploying and monitoring the compliance of trusted access control policies. Our proposal extends the traditional life cycle of access control policies with pertinent activities. It integrates formal and semiformal techniques allowing the specification, the verification, the implementation, the reverse-engineering, the validation, the risk assessment, and the optimization of access control policies. To automate and facilitate the practice of our methodology, we introduce our systemSVIRVROthat allows managing the extended life cycle of access control policies. We refer to an illustrative example to highlight the relevance of our contributions.

show abstract

Advanced Techniques for Deploying Reliable and Efficient Access Control: Application to E-healthcare

Cited by 9 publications

References 31 publications

Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization

Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization

Advanced Access Control to Information Systems: Requirements, Compliance and Future Directives

A Methodology and Toolkit for Deploying Reliable Security Policies in Critical Infrastructures

Contact Info

Product

Resources

About